This bug was fixed in the package linux-xilinx-zynqmp - 5.15.0-1052.56
---------------
linux-xilinx-zynqmp (5.15.0-1052.56) jammy; urgency=medium
* jammy/linux-xilinx-zynqmp: 5.15.0-1052.56 -proposed tracker (LP:
#2114578)
* Fix kernel error logs on sda (LP: #2115853)
- scsi: sd: Print write through due to no caching mode page as warning
* Fix kernel crash in V4L module on exit of realsense application
(LP: #2115849)
- SAUCE: Revert "uvcvideo: Prevent new URBs being processed at stream
stop"
* Fix DP not working on Kria boards with 1.04 firmware (Jammy)
(LP: #2114250)
- drm: xlnx: dp: Reset DisplayPort IP
[ Ubuntu: 5.15.0-144.157 ]
* jammy/linux: 5.15.0-144.157 -proposed tracker (LP: #2114581)
* cifs: NULL pointer dereference in refresh_cache_worker (LP: #2112440)
- cifs: fix NULL ptr dereference in refresh_mounts()
* Jammy update: v5.15.184 upstream stable release (LP: #2112581)
- platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection
- tracing: probes: Fix a possible race in trace_probe_log APIs
- iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
- iio: chemical: sps30: use aligned_s64 for timestamp
- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
- nfs: handle failure of nfs_get_lock_context in unlock path
- spi: loopback-test: Do not split 1024-byte hexdumps
- net: cadence: macb: Fix a possible deadlock in macb_halt_tx.
- net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING
- ALSA: sh: SND_AICA should depend on SH_DMA_API
- qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
- NFSv4/pnfs: Reset the layout state after a layoutreturn
- x86,nospec: Simplify {JMP,CALL}_NOSPEC
- x86/speculation: Simplify and make CALL_NOSPEC consistent
- x86/speculation: Add a conditional CS prefix to CALL_NOSPEC
- x86/speculation: Remove the extra #ifdef around CALL_NOSPEC
- Documentation: x86/bugs/its: Add ITS documentation
- x86/its: Enumerate Indirect Target Selection (ITS) bug
- x86/its: Add support for ITS-safe indirect thunk
- [Config] enable ITS mitigation
- x86/alternative: Optimize returns patching
- x86/alternatives: Remove faulty optimization
- x86/its: Add support for ITS-safe return thunk
- x86/its: Enable Indirect Target Selection mitigation
- x86/its: Add "vmexit" option to skip mitigation on some CPUs
- x86/its: Align RETs in BHB clear sequence to avoid thunking
- x86/its: Use dynamic thunks for indirect branches
- x86/its: Fix build errors when CONFIG_MODULES=n
- x86/its: FineIBT-paranoid vs ITS
- dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when
interrupted"
- btrfs: fix discard worker infinite loop after disabling discard
- ACPI: PPTT: Fix processor subtable walk
- ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2()
- ALSA: usb-audio: Add sample rate quirk for Audioengine D1
- ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera
- ftrace: Fix preemption accounting for stacktrace trigger command
- ftrace: Fix preemption accounting for stacktrace filter command
- tracing: samples: Initialize trace_array_printk() with the correct
function
- phy: Fix error handling in tegra_xusb_port_init
- phy: renesas: rcar-gen3-usb2: Set timing registers only once
- wifi: mt76: disable napi on driver removal
- dmaengine: ti: k3-udma: Add missing locking
- dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure
instead of a local copy
- dmaengine: idxd: fix memory leak in error handling path of
idxd_setup_engines
- dmaengine: idxd: fix memory leak in error handling path of
idxd_setup_groups
- block: fix direct io NOWAIT flag not work
- clocksource/i8253: Use raw_spinlock_irqsave() in
clockevent_i8253_disable()
- usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control()
- selftests/mm: compaction_test: support platform with huge mount of
memory
- netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx
- netfilter: nf_tables: wait for rcu grace period on net_device removal
- netfilter: nf_tables: do not defer rule destruction via call_rcu
- x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc()
- Linux 5.15.184
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2022-49063
- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2022-49168
- btrfs: do not clean up repair bio if submit fails
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2024-46751
- btrfs: don't BUG_ON() when 0 reference count at
btrfs_lookup_extent_info()
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2025-22062
- sctp: add mutual exclusion in proc_sctp_do_udp_port()
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2024-53203
- usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2024-35790
- usb: typec: altmodes/displayport: create sysfs nodes as driver's default
device attribute group
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2025-37967
- usb: typec: ucsi: displayport: Fix deadlock
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2025-37992
- net_sched: Flush gso_skb list too during ->change()
* Mounting btrfs LVM volumes changes mountpoint location and breaks lsblk
output (LP: #2107516)
- SAUCE: Revert "btrfs: avoid unnecessary device path update for the same
device"
* Jammy update: v5.15.183 upstream stable release (LP: #2111705)
- can: mcan: m_can_class_unregister(): fix order of unregistration calls
- can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls
- openvswitch: Fix unsafe attribute parsing in output_userspace()
- gre: Fix again IPv6 link-local address generation.
- can: gw: use call_rcu() instead of costly synchronize_rcu()
- rcu/kvfree: Add kvfree_rcu_mightsleep() and kfree_rcu_mightsleep()
- can: gw: fix RCU/BH usage in cgw_create_job()
- net: dsa: b53: allow leaky reserved multicast
- net: dsa: b53: fix clearing PVID of a port
- net: dsa: b53: fix flushing old pvid VLAN on pvid change
- net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave
- net: dsa: b53: always rejoin default untagged VLAN on bridge leave
- net: dsa: b53: fix learning on VLAN unaware bridges
- Input: synaptics - enable InterTouch on Dynabook Portege X30-D
- Input: synaptics - enable InterTouch on Dynabook Portege X30L-G
- Input: synaptics - enable InterTouch on Dell Precision M3800
- Input: synaptics - enable SMBus for HP Elitebook 850 G1
- Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5
- staging: iio: adc: ad7816: Correct conditional logic for store mode
- staging: axis-fifo: Remove hardware resets for user errors
- staging: axis-fifo: Correct handling of tx_fifo_depth for size
validation
- iio: adc: ad7606: fix serial register access
- iio: adis16201: Correct inclinometer channel resolution
- drm/amd/display: Fix wrong handling for AUX_DEFER case
- usb: uhci-platform: Make the clock really optional
- module: ensure that kobject_put() is safe for module type kobjects
- ocfs2: switch osb->disable_recovery to enum
- ocfs2: implement handshaking with ocfs2 recovery thread
- ocfs2: stop quota recovery before disabling quotas
- usb: cdnsp: Fix issue with resuming from L1
- usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version
- usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN
- usb: host: tegra: Prevent host controller crash when OTG port is used
- usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition
- usb: typec: ucsi: displayport: Fix NULL pointer access
- USB: usbtmc: use interruptible sleep in usbtmc_read
- usb: usbtmc: Fix erroneous get_stb ioctl error returns
- usb: usbtmc: Fix erroneous wait_srq ioctl return
- usb: usbtmc: Fix erroneous generic_read ioctl return
- types: Complement the aligned types with signed 64-bit one
- iio: adc: dln2: Use aligned_s64 for timestamp
- MIPS: Fix MAX_REG_OFFSET
- drm/panel: simple: Update timings for AUO G101EVN010
- nvme: unblock ctrl state transition for firmware update
- do_umount(): add missing barrier before refcount checks in sync case
- x86/bpf: Call branch history clearing sequence on exit
- x86/bpf: Add IBHF call at end of classic BPF
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode
- Linux 5.15.183
* Jammy update: v5.15.183 upstream stable release (LP: #2111705) //
CVE-2025-37949
- xenbus: Use kref to track req lifetime
* Jammy update: v5.15.183 upstream stable release (LP: #2111705) //
CVE-2025-37969
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo
* Jammy update: v5.15.183 upstream stable release (LP: #2111705) //
CVE-2025-37970
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo
* Jammy update: v5.15.183 upstream stable release (LP: #2111705) //
CVE-2025-37964
- x86/mm: Eliminate window where TLB flushes may be inadvertently skipped
* Jammy update: v5.15.182 upstream stable release (LP: #2111618)
- ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset
- EDAC/altera: Test the correct error reg offset
- EDAC/altera: Set DDR and SDMMC interrupt mask before registration
- i2c: imx-lpi2c: Fix clock count when probe defers
- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays
- amd-xgbe: Fix to ensure dependent features are toggled with RX checksum
offload
- mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe
- dm-integrity: fix a warning on invalid table line
- dm: always update the array size in realloc_argv on success
- iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57)
- net/mlx5: E-Switch, Initialize MAC Address for Default GID
- net/mlx5: E-switch, Fix error handling for enabling roce
- net: ethernet: mtk-star-emac: separate tx/rx handling with two NAPIs
- net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx
poll
- net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when
advised
- ice: Refactor promiscuous functions
- net: dlink: Correct endianness handling of led_mode
- net: ipv6: fix UDPv6 GSO segmentation with NAT
- bnxt_en: Fix coredump logic to free allocated buffer
- bnxt_en: Fix ethtool -d byte order for 32-bit values
- nvme-tcp: fix premature queue removal and I/O failover
- net: fec: ERR007885 Workaround for conventional TX
- net: hns3: store rx VLAN tag offload state for VF
- net: hns3: add support for external loopback test
- net: hns3: fix an interrupt residual problem
- net: hns3: fixed debugfs tm_qset size
- net: hns3: defer calling ptp_clock_register()
- PCI: imx6: Skip controller_id generation logic for i.MX7D
- net: hns3: fix deadlock issue when externel_lb and reset are executed
together
- ARM: dts: opos6ul: add ksz8081 phy properties
- Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates"
- irqchip/gic-v2m: Add const to of_device_id
- irqchip/gic-v2m: Mark a few functions __init
- iommu/arm-smmu-v3: Use the new rb tree helpers
- iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream
ids
- dm: fix copying after src array boundaries
- Linux 5.15.182
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2022-21546
- scsi: target: Fix WRITE_SAME No Data Buffer crash
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37819
- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37905
- firmware: arm_scmi: Balance device refcount when destroying devices
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2024-38541
- of: module: add buffer overflow check in of_modalias()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37909
- net: lan743x: Fix memleak issue when GSO enabled
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37911
- bnxt_en: Fix out-of-bound memcpy() during ethtool -w
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37912
- ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37913
- net_sched: qfq: Fix double list add in class with netem as child qdisc
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37914
- net_sched: ets: Fix double list add in class with netem as child qdisc
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37915
- net_sched: drr: Fix double list add in class with netem as child qdisc
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2024-26739
- net/sched: act_mirred: don't override retval if we already lost the skb
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-21839
- KVM: x86: Load DR6 with guest value only before entering .vcpu_run()
loop
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37923
- tracing: Fix oob write in trace_seq_to_buffer()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37927
- iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37990
- wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37991
- parisc: Fix double SIGFPE crash
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37930
- drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606)
- net: ethtool: Don't call .cleanup_data when prepare_data fails
- ata: sata_sx4: Drop pointless VPRINTK() calls and convert the remaining
ones
- ata: sata_sx4: Add error handling in pdc20621_i2c_read()
- nvmet-fcloop: swap list_add_tail arguments
- nft_set_pipapo: fix incorrect avx2 match of 5th field octet
- umount: Allow superblock owners to force umount
- x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD
when running in a virtual machine
- perf: arm_pmu: Don't disable counter in armpmu_add()
- arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD
- xen/mcelog: Add __nonstring annotations for unterminated strings
- HID: pidff: Convert infinite length from Linux API to PID standard
- HID: pidff: Do not send effect envelope if it's empty
- ALSA: hda: intel: Fix Optimus when GPU has no sound
- ASoC: fsl_audmix: register card device depends on 'dais' property
- ALSA: usb-audio: Fix CME quirk for UF series keyboards
- fs/jfs: cast inactags to s64 to prevent potential overflow
- ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode
- ahci: add PCI ID for Marvell 88SE9215 SATA Controller
- ext4: protect ext4_release_dquot against freezing
- wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table
- tracing: fix return value in __ftrace_event_enable_disable for
TRACE_REG_UNREGISTER
- Bluetooth: hci_uart: fix race during initialization
- drm: allow encoder mode_set even when connectors change for crtc
- drm/amd/display: Update Cursor request mode to the beginning prefetch
always
- drm: panel-orientation-quirks: Add support for AYANEO 2S
- drm: panel-orientation-quirks: Add new quirk for GPD Win 2
- drm/bridge: panel: forbid initializing a panel with unknown connector
type
- drivers: base: devres: Allow to release group on device release
- drm/amdkfd: clamp queue size to minimum
- drm/amdkfd: Fix pqm_destroy_queue race with GPU reset
- drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off
- ktest: Fix Test Failures Due to Missing LOG_FILE Directories
- pwm: rcar: Simplify multiplication/shift logic
- pwm: rcar: Improve register calculation
- pwm: fsl-ftm: Handle clk_get_rate() returning 0
- bpf: Add endian modifiers to fix endian warnings
- bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags
- ext4: don't treat fhandle lookup of ea_inode as FS corruption
- media: i2c: adv748x: Fix test pattern selection mask
- media: vim2m: print device name after registering device
- media: siano: Fix error handling in smsdvb_module_init()
- xenfs/xensyms: respect hypervisor's "next" indication
- arm64: cputype: Add MIDR_CORTEX_A76AE
- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list
- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe
list
- spi: cadence-qspi: Fix probe on AM62A LP SK
- media: streamzap: prevent processing IR data on URB failure
- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf()
- media: i2c: ccs: Set the device's runtime PM status correctly in remove
- media: i2c: ccs: Set the device's runtime PM status correctly in probe
- media: i2c: ov7251: Set enable GPIO low in probe
- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO
- mtd: Add check for devm_kcalloc()
- net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320
family
- mtd: Replace kcalloc() with devm_kcalloc()
- clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init
wakeup
- wifi: mt76: Add check for devm_kstrdup()
- wifi: mac80211: fix integer overflow in hwmp_route_info_get()
- ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path
- vdpa/mlx5: Fix oversized null mkey longer than 32bit
- i3c: master: svc: Use readsb helper for reading MDB
- locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class()
- lib: scatterlist: fix sg_split_phys to preserve original scatterlist
offsets
- mptcp: only inc MPJoinAckHMacFailure for HMAC failures
- mtd: rawnand: Add status chack in r852_ready()
- arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string
- sparc/mm: disable preemption in lazy mmu mode
- mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock
- mm/hwpoison: do not send SIGBUS to processes with recovered clean pages
- thermal/drivers/rockchip: Add missing rk3328 mapping entry
- crypto: ccp - Fix check for the primary ASP device
- dm-integrity: set ti->error on memory allocation failure
- gpio: zynq: Fix wakeup source leaks on device unbind
- ntb: use 64-bit arithmetic for the MSI doorbell mask
- of/irq: Fix device node refcount leakages in of_irq_count()
- of/irq: Fix device node refcount leakage in API irq_of_parse_and_map()
- of/irq: Fix device node refcount leakages in of_irq_init()
- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe()
- PCI: Fix reference leak in pci_alloc_child_bus()
- pinctrl: qcom: Clear latched interrupt status when changing IRQ type
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected()
lists
- ACPI: platform-profile: Fix CFI violation when accessing sysfs files
- x86/e820: Fix handling of subpage regions when calculating nosave ranges
in e820__register_nosave_regions()
- Bluetooth: hci_uart: Fix another race during initialization
- scsi: hisi_sas: Start delivery hisi_sas_task_exec() directly
- scsi: hisi_sas: Pass abort structure for internal abort
- scsi: hisi_sas: Factor out task prep and delivery code
- scsi: hisi_sas: Fix setting of hisi_sas_slot.is_internal
- scsi: libsas: Delete lldd_clear_aca callback
- scsi: libsas: Add struct sas_tmf_task
- scsi: hisi_sas: Enable force phy when SATA disk directly connected
- wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()
- scsi: iscsi: Fix missing scsi_host_put() in error path
- md/raid10: fix missing discard IO accounting
- RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe()
- RDMA/hns: Fix wrong maximum DMA segment size
- Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid
address
- Bluetooth: l2cap: Check encryption key size on incoming connection
- Revert "wifi: mac80211: Update skb's control block key in
ieee80211_tx_dequeue()"
- igc: move ktime snapshot into PTM retry loop
- igc: handle the IGC_PTP_ENABLED flag correctly
- igc: cleanup PTP module if probe fails
- net: b53: enable BPDU reception for management port
- net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del()
fails
- riscv: Properly export reserved regions in /proc/iomem
- riscv: KGDB: Do not inline arch_kgdb_breakpoint()
- riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break
- cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS
- writeback: fix false warning in inode_to_wb()
- Revert "PCI: Avoid reset when disabled via sysfs"
- ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate
- ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels
- asus-laptop: Fix an uninitialized variable
- nfs: move nfs_fhandle_hash to common include file
- nfs: add missing selections of CONFIG_CRC32
- btrfs: correctly escape subvol in btrfs_show_options()
- crypto: caam/qi - Fix drv_ctx refcount bug
- loop: properly send KOBJ_CHANGED uevent for disk device
- loop: LOOP_SET_FD: send uevents for partitions
- mm/gup: fix wrongly calculated returned value in
fault_in_safe_writeable()
- riscv: Avoid fortify warning in syscall_get_arguments()
- tracing: Fix filter string testing
- perf/x86/intel: Allow to update user space GPRs from PEBS records
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR
- drm/repaper: fix integer overflows in repeat functions
- drm/amdgpu/dma_buf: fix page_link check
- drm/sti: remove duplicate object names
- KVM: arm64: Get rid of host SVE tracking/saving
- KVM: arm64: Always start with clearing SVE flag on load
- KVM: arm64: Discard any SVE state when entering KVM guests
- arm64/fpsimd: Track the saved FPSIMD state type separately to TIF_SVE
- arm64/fpsimd: Have KVM explicitly say which FP registers to save
- arm64/fpsimd: Stop using TIF_SVE to manage register saving in KVM
- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state
- KVM: arm64: Remove host FPSIMD saving for non-protected KVM
- KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN
- KVM: arm64: Calculate cptr_el2 traps on activating traps
- KVM: arm64: Eagerly switch ZCR_EL{1,2}
- cpufreq: Reference count policy in cpufreq_update_limits()
- kbuild: Add '-fno-builtin-wcslen'
- mptcp: sockopt: fix getting IPV6_V6ONLY
- misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq'
error
- misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type
- x86/pvh: Call C code via the kernel virtual mapping
- landlock: Add the errata interface
- nvmet-fc: Remove unused functions
- Revert "smb: client: fix use-after-free bug in
cifs_debug_data_proc_show()"
- smb: client: fix use-after-free bug in cifs_debug_data_proc_show()
- blk-cgroup: support to track if policy is online
- net: openvswitch: fix race on port output
- openvswitch: fix lockup on tx to unregistering netdev with carrier
- MIPS: dec: Declare which_prom() as static
- MIPS: cevt-ds1287: Add missing ds1287.h include
- MIPS: ds1287: Match ds1287_set_base_clock() function types
- mm: fix apply_to_existing_page_range()
- module: sign with sha512 instead of sha1 by default
- media: streamzap: remove unnecessary ir_raw_event_reset and handle
- media: streamzap: no need for usb pid/vid in device name
- media: streamzap: less chatter
- media: streamzap: remove unused struct members
- auxdisplay: hd44780: Convert to platform remove callback returning void
- auxdisplay: hd44780: Fix an API misuse in hd44780.c
- net: dsa: mv88e6xxx: fix VTU methods for 6320 family
- soc: samsung: exynos-chipid: avoid soc_device_to_device()
- soc: samsung: exynos-chipid: Pass revision reg offsets
- iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary
return value check
- iio: adc: ad7768-1: Fix conversion result sign
- backlight: led_bl: Convert to platform remove callback returning void
- cifs: print TIDs as hex
- cifs: fix integer overflow in match_server()
- gpio: tegra186: Force one interrupt per bank
- gpio: tegra186: fix resource handling in ACPI probe path
- Revert "PCI: Coalesce host bridge contiguous apertures"
- PCI: Coalesce host bridge contiguous apertures
- PCI: Assign PCI domain IDs by ida_alloc()
- ksmbd: Prevent integer overflow in calculation of deadtime
- selftests/mm: generate a temporary mountpoint for cgroup filesystem
- kmsan: disable strscpy() optimization under KMSAN
- string: Add load_unaligned_zeropad() code path to sized_strscpy()
- drm/msm/a6xx: Improve gpu recovery sequence
- drm/msm/a6xx: Handle GMU prepare-slumber hfi failure
- drm/msm/a6xx: Avoid gx gbit halt during rpm suspend
- drm/msm/a6xx: Fix stale rpmh votes from GPU
- dma/contiguous: avoid warning about unused size_bytes
- cpufreq: cppc: Fix invalid return value in .get() callback
- iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE
- virtio_console: fix missing byte order handling for cols and rows
- net: selftests: initialize TCP header and skb payload with zero
- drm/amd/display: Fix gpu reset in multidisplay config
- KVM: SVM: Allocate IR data using atomic allocation
- USB: storage: quirk for ADATA Portable HDD CH94
- mei: me: add panther lake H DID
- serial: sifive: lock port in startup()/shutdown() callbacks
- USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe
- USB: serial: option: add Sierra Wireless EM9291
- USB: serial: simple: add OWON HDS200 series oscilloscope support
- usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines
- usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling
- USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02)
- usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive
- usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive
- USB: VLI disk crashes if LPM is used
- USB: wdm: handle IO errors in wdm_wwan_port_start
- USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context
- USB: wdm: add annotation
- MIPS: cm: Detect CM quirks from device tree
- clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec()
- parisc: PDT: Fix missing prototype warning
- s390/tty: Fix a potential memory leak bug
- usb: host: max3421-hcd: Add missing spi_device_id table
- fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size
- usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield
- dmaengine: dmatest: Fix dmatest waiting less when interrupted
- usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running
- objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in
wcd934x_slim_irq_handler()
- ntb: reduce stack usage in idt_scan_mws
- sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP
- KVM: s390: Don't use %pK through tracepoints
- selftests: ublk: fix test_stripe_04
- xen: Change xen-acpi-processor dom0 dependency
- nvme: requeue namespace scan on missed AENs
- ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls
- nvme: re-read ANA log page after ns scan completes
- objtool: Stop UNRET validation on UD2
- selftests/mincore: Allow read-ahead pages to reach the end of the file
- x86/bugs: Use SBPB in write_ibpb() if applicable
- x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline
- x86/bugs: Don't fill RSB on context switch with eIBRS
- nvmet-fc: take tgtport reference only once
- nvmet-fc: put ref when assoc->del_work is already scheduled
- ext4: make block validity check resistent to sb bh corruption
- scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes
- scsi: pm80xx: Set phy_attached to zero when device is gone
- loop: aio inherit the ioprio of original request
- ubsan: Fix panic from test_ubsan_out_of_bounds
- md/raid1: Add check for missing source disk in process_checks()
- jfs: define xtree root and page independently
- comedi: jr3_pci: Fix synchronous deletion of timer
- crypto: atmel-sha204a - Set hwrng quality to lowest possible
- net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family
- net: dsa: mv88e6xxx: enable PVT for 6321 switch
- net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family
- xdp: Reset bpf_redirect_info before running a xdp's BPF prog.
- MIPS: cm: Fix warning if MIPS_CM is disabled
- nvme: fixup scan failure for non-ANA multipath controllers
- PCI: Fix use-after-free in pci_bus_release_domain_nr()
- PCI: Fix dropping valid root bus resources with .end = zero
- PCI: Release resource invalidated by coalescing
- Linux 5.15.181
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-49989
- drm/amd/display: fix double free issue during amdgpu module unload
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37803
- udmabuf: fix a buf size overflow issue during udmabuf creation
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37983
- qibfs: fix _another_ leak
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37881
- usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37805
- sound/virtio: Fix cancel_sync warnings on uninitialized work_structs
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37883
- s390/sclp: Add check for get_zeroed_page()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37808
- crypto: null - Use spin lock instead of mutex
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37985
- USB: wdm: close race between wdm_open and wdm_wwan_port_stop
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37810
- usb: dwc3: gadget: check that event count does not exceed event buffer
length
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37811
- usb: chipidea: ci_hdrc_imx: fix usbmisc handling
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37812
- usb: cdns3: Fix deadlock when using NCM gadget
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37885
- KVM: x86: Reset IRTE to host control if *new* route isn't postable
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37817
- mcb: fix a double free bug in chameleon_parse_gdd()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37823
- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37797
- net_sched: hfsc: Fix a UAF vulnerability in class handling
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37824
- tipc: fix NULL pointer dereference in tipc_mon_reinit_self()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37989
- net: phy: leds: fix memory leak
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37829
- cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37830
- cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37836
- PCI: Fix reference leak in pci_register_host_bridge()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37844
- cifs: avoid NULL pointer dereference in dbg call
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23144
- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23148
- soc: samsung: exynos-chipid: Add NULL pointer check in
exynos_chipid_probe()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-22027
- media: streamzap: fix race between device disconnection and urb callback
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-50125
- Bluetooth: SCO: Fix UAF on sco_sock_timeout
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2022-49535
- scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI
and PLOGI
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-35943
- pmdomain: ti: Add a null pointer check to the omap_prm_domain_init
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-26686
- fs/proc: do_task_stat: use sig->stats_lock to gather the
threads/children stats
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2022-48893
- drm/i915/gt: Cleanup partial engine discovery failures
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-50280
- dm cache: fix flushing uninitialized delayed_work on cache_ctr error
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-54458
- scsi: ufs: bsg: Set bsg_queue to NULL after removal
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-42322
- ipvs: properly dereference pe in ip_vs_add_service
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-49960
- ext4: fix timer use-after-free on failed mount
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-36908
- blk-iocost: do not WARN if iocg was already offlined
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-21853
- bpf: avoid holding freeze_mutex during mmap operation
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-53128
- sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-35867
- smb: client: fix potential UAF in cifs_stats_proc_show()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2023-52757
- smb: client: fix potential deadlock when releasing mids
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-46742
- smb/server: fix potential null-ptr-deref of lease_ctx_info in
smb2_open()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2023-52572
- cifs: Fix UAF in cifs_demultiplex_thread()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-35866
- smb: client: fix potential UAF in cifs_dump_full_key()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-46816
- drm/amd/display: Stop amdgpu_dm initialize when link nums greater than
max_links
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-46774
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-38540
- bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-27402
- phonet/pep: fix racy skb_queue_empty() use
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-50272
- filemap: Fix bounds checking in filemap_read()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-50258
- net: fix crash when config small gso_max_size/gso_ipv4_max_size
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-56751
- ipv6: release nexthop on device removal
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23140
- misc: pci_endpoint_test: Avoid issue of interrupts remaining after
request_irq error
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37765
- drm/nouveau: prime: fix ttm_bo_delayed_delete oops
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37766
- drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37767
- drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37768
- drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37770
- drm/amd/pm/powerplay: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37768 // CVE-2025-37771
- drm/amd/pm: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37773
- virtiofs: add filesystem context source name check
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37780
- isofs: Prevent the use of too small fid
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37781
- i2c: cros-ec-tunnel: defer probe if parent EC is not present
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37782
- hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-0927 has been rejected. Revert this fix and apply upstream fix
- Revert "UBUNTU: SAUCE: fs: hfs/hfsplus: add key_len boundary check to
hfs_bnode_read_key"
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37871
- nfsd: decrease sc_count directly if fail to queue dl_recall
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37787
- net: dsa: mv88e6xxx: avoid unregistering devlink regions which were
never registered
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37788
- cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37789
- net: openvswitch: fix nested key length validation in the set() action
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37790
- net: mctp: Set SOCK_RCU_FREE
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37875
- igc: fix PTM cycle trigger logic
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37792
- Bluetooth: btrtl: Prevent potential NULL dereference
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37867
- RDMA/core: Silence oversized kvmalloc() warning
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37982
- wifi: wl1251: fix memory leak in wl1251_tx_work
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37794
- wifi: mac80211: Purge vif txq in ieee80211_do_stop()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37796
- wifi: at76c50x: fix use after free access in at76_disconnect
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37838
- HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol
Driver Due to Race Condition
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37940
- ftrace: Add cond_resched() to ftrace_graph_set_hash()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23142
- sctp: detect and prevent references to a freed transport in sendmsg
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37892
- mtd: inftlcore: Add error check for inftl_read_oob()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23145
- mptcp: fix NULL pointer in can_accept_new_subflow
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23146
- mfd: ene-kb3930: Fix a potential NULL pointer dereference
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37839
- jbd2: remove wrong sb->s_sequence check
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23147
- i3c: Add NULL pointer check in i3c_master_queue_ibi()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23150
- ext4: fix off-by-one error in do_split
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23151
- bus: mhi: host: Fix race between unprepare and queue_buf
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23156
- media: venus: hfi_parser: refactor hfi packet parsing logic
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23157
- media: venus: hfi_parser: add check to avoid out of bound access
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37840
- mtd: rawnand: brcmnand: fix PM resume warning
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23158
- media: venus: hfi: add check to handle incorrect queue size
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23159
- media: venus: hfi: add a check to handle OOB in sfr region
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37850
- pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37851
- fbdev: omapfb: Add 'plane' value check
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23161
- PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23163
- net: vlan: don't propagate flags on open
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37857
- scsi: st: Fix array overflow in st_setup()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37738
- ext4: ignore xattrs past end
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37739
- f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37740
- jfs: add sanity check for agwidth in dbMount
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37741
- jfs: Prevent copying of nlink with value 0 from disk inode
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37858
- fs/jfs: Prevent integer overflow in AG size calculation
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37742
- jfs: Fix uninit-value access of imap allocated in the diMount() function
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37859
- page_pool: avoid infinite loop to schedule delayed worker
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37862
- HID: pidff: Fix null pointer dereference in pidff_find_fields
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37841
- pm: cpupower: bench: Prevent NULL dereference on malloc failure
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37749
- net: ppp: Add bound checking for skb data on ppp_sync_txmung
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37756
- net: tls: explicitly disallow disconnect
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37757
- tipc: fix memory leak in tipc_link_xmit
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37758
- ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()
* CVE-2024-53051
- drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability
* CVE-2024-46787
- userfaultfd: fix checks for huge PMDs
* CVE-2025-37890
- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child
qdisc
- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice
* CVE-2025-37997
- netfilter: ipset: fix region locking in hash types
* CVE-2025-37798
- sch_htb: make htb_qlen_notify() idempotent
- sch_htb: make htb_deactivate() idempotent
- sch_drr: make drr_qlen_notify() idempotent
- sch_hfsc: make hfsc_qlen_notify() idempotent
- sch_qfq: make qfq_qlen_notify() idempotent
- sch_ets: make est_qlen_notify() idempotent
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
* CVE-2025-37750
- smb: client: fix UAF in decryption with multichannel
* CVE-2024-53185
- smb: client: fix NULL ptr deref in crypto_aead_setkey()
* CVE-2024-50047
- smb: client: fix UAF in async decryption
* Packaging resync (LP: #1786013)
- [Packaging] update variants
- [Packaging] update annotations scripts
-- Wei-Lin Chang <weilin.ch...@canonical.com> Tue, 08 Jul 2025
11:38:19 +0800
** Changed in: linux-xilinx-zynqmp (Ubuntu Jammy)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-21546
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-48893
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-49063
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-49168
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-49535
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-52572
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-52757
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-26686
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-26739
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-27402
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-35790
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-35866
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-35867
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-35943
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-36908
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-38540
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-38541
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-42322
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-46742
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-46751
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-46774
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-46787
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-46816
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-49960
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-49989
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-50047
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-50125
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-50258
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-50272
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-50280
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-53051
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-53128
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-53185
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-53203
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-54458
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-56751
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-0927
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21839
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21853
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22027
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22062
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23140
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23142
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23144
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23145
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23146
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23147
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23148
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23150
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23151
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23156
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23157
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23158
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23159
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23161
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23163
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37738
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37739
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37740
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37741
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37742
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37749
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37750
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37756
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37757
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37758
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37765
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37766
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37767
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37768
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37770
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37771
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37773
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37780
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37781
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37782
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37787
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37788
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37789
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37790
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37792
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37794
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37796
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37797
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37798
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37803
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37805
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37808
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37810
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37811
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37812
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37817
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37819
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37823
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37824
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37829
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37830
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37836
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37838
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37839
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37840
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37841
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37844
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37850
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37851
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37857
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37858
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37859
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37862
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37867
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37871
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37875
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37881
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37883
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37885
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37890
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37892
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37905
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37909
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37911
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37912
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37913
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37914
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37915
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37923
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37927
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37930
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37940
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37949
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37964
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37967
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37969
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37970
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37982
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37983
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37985
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37989
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37990
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37991
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37992
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37997
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2115849
Title:
Fix kernel crash in V4L module on exit of realsense application
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/+bug/2115849/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
