Bug #2097455 “Incorrect LAPIC/x2APIC parsing order” : Bugs : linux package : Ubuntu

Revision history for this message

Robert Malz (rmalz) wrote on 2025-02-05:

#1

clean_apic.dsl Edit (129.9 KiB, text/plain)

attaching apic.dsl files

Revision history for this message

Robert Malz (rmalz) wrote on 2025-02-05:

#2

modified_apic.dsl Edit (129.9 KiB, text/plain)

modified apic.dsl

summary:

- Fix LAPIC/x2APIC parsing order
+ Incorrect LAPIC/x2APIC parsing order

Revision history for this message

Masahiro Yamada (myamada) wrote on 2025-02-06:

#3

Thank you for the report.

The commit has these tags:
Cc: All applicable <email address hidden>
Fixes: ec9aedb2aa1a ("x86/acpi: Ignore invalid x2APIC entries")

(https://github.com/torvalds/linux/commit/0141978ae75bd48bac13fca6de131a5071c32011)

So, I am pretty sure it will be back-ported to stable kernels.

Then, in Ubuntu kernels, we back-port fixes from stable kernels during regular release cycles called SRU.

This will be back-ported eventually.

Changed in linux (Ubuntu Noble):
status:	New → Confirmed
Changed in linux (Ubuntu Oracular):
status:	New → Confirmed
Changed in linux (Ubuntu):
status:	New → Confirmed

Koichiro Den (koichiroden) on 2025-02-14

Changed in linux (Ubuntu Noble):
status:	Confirmed → Fix Committed
Changed in linux (Ubuntu Oracular):
status:	Confirmed → Fix Committed
Changed in linux (Ubuntu Noble):
importance:	Undecided → Medium
Changed in linux (Ubuntu Oracular):
importance:	Undecided → Medium

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-02-19:

#4

This bug is awaiting verification that the linux/6.8.0-56.58 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux' to 'verification-done-noble-linux'. If the problem still exists, change the tag 'verification-needed-noble-linux' to 'verification-failed-noble-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-v2 verification-needed-noble-linux

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-02-25:

#5

This bug is awaiting verification that the linux/6.11.0-21.21 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-oracular-linux' to 'verification-done-oracular-linux'. If the problem still exists, change the tag 'verification-needed-oracular-linux' to 'verification-failed-oracular-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-oracular-linux-v2 verification-needed-oracular-linux

Revision history for this message

Robert Malz (rmalz) wrote on 2025-03-13:

#6

Tested CPU ordering on both 6.11.0-21-generic 6.8.0-56-generic with modified ACPI tables.
Everything looks correct:

Linux rmalz 6.11.0-19-generic #19~24.04.1-Ubuntu SMP PREEMPT_DYNAMIC Mon Feb 17 11:51:52 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
NUMA node(s): 2
NUMA node0 CPU(s): 0-143
NUMA node1 CPU(s): 144-287

Linux rmalz 6.11.0-21-generic #21-Ubuntu SMP PREEMPT_DYNAMIC Wed Feb 19 16:50:40 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
NUMA node(s): 2
NUMA node0 CPU(s): 0,2-144
NUMA node1 CPU(s): 1,145-287

Linux rmalz 6.8.0-55-generic #57-Ubuntu SMP PREEMPT_DYNAMIC Wed Feb 12 23:42:21 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
NUMA node(s): 2
NUMA node0 CPU(s): 0-143
NUMA node1 CPU(s): 144-287

Linux rmalz 6.8.0-56-generic #58-Ubuntu SMP PREEMPT_DYNAMIC Fri Feb 14 15:33:28 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
NUMA node(s): 2
NUMA node0 CPU(s): 0,2-144
NUMA node1 CPU(s): 1,145-287

tags:

added: verification-done-noble-linux verification-done-oracular-linux
removed: verification-needed-noble-linux verification-needed-oracular-linux

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-03-17:

#7

This bug is awaiting verification that the linux-intel/6.11.0-1008.8 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-oracular-linux-intel' to 'verification-done-oracular-linux-intel'. If the problem still exists, change the tag 'verification-needed-oracular-linux-intel' to 'verification-failed-oracular-linux-intel'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-oracular-linux-intel-v2 verification-needed-oracular-linux-intel

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-03-21:

#8

This bug is awaiting verification that the linux-nvidia-tegra/6.8.0-1004.4 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-nvidia-tegra' to 'verification-done-noble-linux-nvidia-tegra'. If the problem still exists, change the tag 'verification-needed-noble-linux-nvidia-tegra' to 'verification-failed-noble-linux-nvidia-tegra'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-nvidia-tegra-v2 verification-needed-noble-linux-nvidia-tegra

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-03-22:

#9

This bug is awaiting verification that the linux-nvidia-tegra-pvw/6.8.0-1005.5 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-nvidia-tegra-pvw' to 'verification-done-noble-linux-nvidia-tegra-pvw'. If the problem still exists, change the tag 'verification-needed-noble-linux-nvidia-tegra-pvw' to 'verification-failed-noble-linux-nvidia-tegra-pvw'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-nvidia-tegra-pvw-v2 verification-needed-noble-linux-nvidia-tegra-pvw

Revision history for this message

Launchpad Janitor (janitor) wrote on 2025-03-24:

#10

Download full text (33.4 KiB)

This bug was fixed in the package linux - 6.8.0-56.58

---------------
linux (6.8.0-56.58) noble; urgency=medium

* noble/linux: 6.8.0-56.58 -proposed tracker (LP: #2098244)

  * Noble update: upstream stable patchset 2024-07-19 (LP: #2073603)
    - Revert "drm: Make drivers depends on DRM_DW_HDMI"
    - Revert "UBUNTU: [Config] Drivers now depend on DRM_DW_HDMI"

  * drm/amd/display: Add check for granularity in dml ceil/floor helpers
    (LP: #2098080)
    - drm/amd/display: Add check for granularity in dml ceil/floor helpers

* optimized default EPP for GNR family (LP: #2097554)
- cpufreq: intel_pstate: Update Balance-performance EPP for Granite Rapids

* Incorrect LAPIC/x2APIC parsing order (LP: #2097455)
- x86/acpi: Fix LAPIC/x2APIC parsing order

* MGLRU: page allocation failure on NUMA-enabled systems (LP: #2097214)
- mm/vmscan: wake up flushers conditionally to avoid cgroup OOM

  * Upstream commit 65357e2c164a: "RDMA/mana_ib: set node_guid" applied
    incorrectly (LP: #2096885)
    - Revert "RDMA/mana_ib: set node_guid"

  * AppArmor early policy load not funcitoning (LP: #2095370)
    - SAUCE: Revert "UBUNTU: SAUCE: apparmor4.0.0 [67/90]: userns - add the
      ability to reference a global variable for a feature value"

  * apparmor unconfined profile blocks pivot_root (LP: #2067900)
    - SAUCE: Revert "UBUNTU: SAUCE: apparmor4.0.0 [81/90]: apparmor: convert easy
      uses of unconfined() to label_mediates()"

* CVE-2024-50117
- drm/amd: Guard against bad data for ATIF ACPI method

* CVE-2024-56582
- btrfs: fix use-after-free in btrfs_encoded_read_endio()

* CVE-2024-53165
- sh: intc: Fix use-after-free bug in register_intc_controller()

* CVE-2024-53156
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()

* CVE-2024-56663
- wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one

* CVE-2024-56614
- xsk: fix OOB map writes when deleting elements

  * VM boots slowly with large-BAR GPU Passthrough due to pci/probe.c redundancy
    (LP: #2097389)
    - PCI: Batch BAR sizing operations

  * Noble update: upstream stable patchset 2025-02-04 (LP: #2097393)
    - Revert "PCI/MSI: Provide stubs for IMS functions"
    - gfs2: Revert "introduce qd_bh_get_or_undo"
    - gfs2: qd_check_sync cleanups
    - gfs2: Revert "ignore negated quota changes"
    - Revert "powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2"
    - tracing: Have saved_cmdlines arrays all in one allocation
    - spi: spi-fsl-lpspi: remove redundant spi_controller_put call
    - ata: ahci: Add mask_port_map module parameter
    - ASoC: tas2781: mark dvc_tlv with __maybe_unused
    - scsi: sd: Do not repeat the starting disk message
    - bootconfig: Fix the kerneldoc of _xbc_exit()
    - perf sched: Move start_work_mutex and work_done_wait_mutex initialization to
      perf_sched__replay()
    - perf sched: Fix memory leak in perf_sched__map()
    - perf sched: Move curr_thread initialization to perf_sched__map()
    - perf sched: Move curr_pid and cpu_last_switched initialization to
      perf_sched__{lat|map|replay}()
    - libsubcmd: Don't free the usage string
    - selftests: Introd...

This bug was fixed in the package linux - 6.8.0-56.58

---------------
linux (6.8.0-56.58) noble; urgency=medium

* noble/linux: 6.8.0-56.58 -proposed tracker (LP: #2098244)

* Noble update: upstream stable patchset 2024-07-19 (LP: #2073603)
    - Revert "drm: Make drivers depends on DRM_DW_HDMI"
    - Revert "UBUNTU: [Config] Drivers now depend on DRM_DW_HDMI"

* drm/amd/display: Add check for granularity in dml ceil/floor helpers
    (LP: #2098080)
    - drm/amd/display: Add check for granularity in dml ceil/floor helpers

* optimized default EPP for GNR family (LP: #2097554)
    - cpufreq: intel_pstate: Update Balance-performance EPP for Granite Rapids

* Incorrect LAPIC/x2APIC parsing order (LP: #2097455)
    - x86/acpi: Fix LAPIC/x2APIC parsing order

* MGLRU: page allocation failure on NUMA-enabled systems (LP: #2097214)
    - mm/vmscan: wake up flushers conditionally to avoid cgroup OOM

* Upstream commit 65357e2c164a: "RDMA/mana_ib: set node_guid" applied
    incorrectly (LP: #2096885)
    - Revert "RDMA/mana_ib: set node_guid"

* AppArmor early policy load not funcitoning (LP: #2095370)
    - SAUCE: Revert "UBUNTU: SAUCE: apparmor4.0.0 [67/90]: userns - add the
      ability to reference a global variable for a feature value"

* apparmor unconfined profile blocks pivot_root (LP: #2067900)
    - SAUCE: Revert "UBUNTU: SAUCE: apparmor4.0.0 [81/90]: apparmor: convert easy
      uses of unconfined() to label_mediates()"

* CVE-2024-50117
    - drm/amd: Guard against bad data for ATIF ACPI method

* CVE-2024-56582
    - btrfs: fix use-after-free in btrfs_encoded_read_endio()

* CVE-2024-53165
    - sh: intc: Fix use-after-free bug in register_intc_controller()

* CVE-2024-53156
    - wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()

* CVE-2024-56663
    - wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one

* CVE-2024-56614
    - xsk: fix OOB map writes when deleting elements

* VM boots slowly with large-BAR GPU Passthrough due to pci/probe.c redundancy
    (LP: #2097389)
    - PCI: Batch BAR sizing operations

* Noble update: upstream stable patchset 2025-02-04 (LP: #2097393)
    - Revert "PCI/MSI: Provide stubs for IMS functions"
    - gfs2: Revert "introduce qd_bh_get_or_undo"
    - gfs2: qd_check_sync cleanups
    - gfs2: Revert "ignore negated quota changes"
    - Revert "powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2"
    - tracing: Have saved_cmdlines arrays all in one allocation
    - spi: spi-fsl-lpspi: remove redundant spi_controller_put call
    - ata: ahci: Add mask_port_map module parameter
    - ASoC: tas2781: mark dvc_tlv with __maybe_unused
    - scsi: sd: Do not repeat the starting disk message
    - bootconfig: Fix the kerneldoc of _xbc_exit()
    - perf sched: Move start_work_mutex and work_done_wait_mutex initialization to
      perf_sched__replay()
    - perf sched: Fix memory leak in perf_sched__map()
    - perf sched: Move curr_thread initialization to perf_sched__map()
    - perf sched: Move curr_pid and cpu_last_switched initialization to
      perf_sched__{lat|map|replay}()
    - libsubcmd: Don't free the usage string
    - selftests: Introduce Makefile variable to list shared bash scripts
    - jbd2: fix kernel-doc for j_transaction_overhead_buffers
    - lib/build_OID_registry: avoid non-destructive substitution for Perl < 5.13.2
      compat
    - drm/amd/display: Remove a redundant check in authenticated_dp
    - drm/amd/display: Revert "Check HDCP returned status"
    - zram: don't free statically defined names
    - x86/amd_nb: Add new PCI IDs for AMD family 0x1a
    - rtnetlink: change nlk->cb_mutex role
    - rtnetlink: add RTNL_FLAG_DUMP_UNLOCKED flag
    - mpls: no longer hold RTNL in mpls_netconf_dump_devconf()
    - phonet: no longer hold RTNL in route_dumpit()
    - rcu/nocb: Make IRQs disablement symmetric
    - HID: asus: add ROG Ally N-Key ID and keycodes
    - HID: asus: add ROG Z13 lightbar
    - hid-asus: add ROG Ally X prod ID to quirk list
    - scsi: Revert "scsi: sd: Do not repeat the starting disk message"
    - btrfs: fix uninitialized pointer free in add_inode_ref()
    - btrfs: fix uninitialized pointer free on read_alloc_one_name() error
    - ksmbd: fix user-after-free from session log off
    - ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2
    - mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow
    - net: enetc: remove xdp_drops statistic from enetc_xdp_drop()
    - net: enetc: block concurrent XDP transmissions during ring reconfiguration
    - net: enetc: disable Tx BD rings after they are empty
    - net: enetc: disable NAPI after all rings are disabled
    - net: enetc: add missing static descriptor and inline keyword
    - posix-clock: Fix missing timespec64 check in pc_clock_settime()
    - udp: Compute L4 checksum as usual when not segmenting the skb
    - arm64: probes: Remove broken LDR (literal) uprobe support
    - arm64: probes: Fix simulate_ldr*_literal()
    - arm64: probes: Fix uprobes for big-endian kernels
    - net: macb: Avoid 20s boot delay by skipping MDIO bus registration for fixed-
      link PHY
    - net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()
    - maple_tree: correct tree corruption on spanning store
    - nilfs2: propagate directory read errors from nilfs_find_entry()
    - fat: fix uninitialized variable
    - mm/mremap: fix move_normal_pmd/retract_page_tables race
    - mm/swapfile: skip HugeTLB pages for unuse_vma
    - mm/damon/tests/sysfs-kunit.h: fix memory leak in
      damon_sysfs_test_add_targets()
    - tcp: fix mptcp DSS corruption due to large pmtu xmit
    - net: fec: Move `fec_ptp_read()` to the top of the file
    - net: fec: Remove duplicated code
    - mptcp: prevent MPC handshake on port-based signal endpoints
    - iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices
    - s390/sclp: Deactivate sclp after all its users
    - s390/sclp_vt220: Convert newlines to CRLF instead of LFCR
    - KVM: s390: gaccess: Check if guest address is in memslot
    - KVM: s390: Change virtual to physical address access in diag 0x258 handler
    - x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET
    - x86/cpufeatures: Add a IBPB_NO_RET BUG flag
    - x86/entry: Have entry_ibpb() invalidate return predictions
    - x86/bugs: Skip RSB fill at VMEXIT
    - x86/bugs: Do not use UNTRAIN_RET with IBPB on entry
    - fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks
    - blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
    - io_uring/sqpoll: close race on waiting for sqring entries
    - blk-mq: setup queue ->tag_set before initializing hctx
    - ublk: don't allow user copy for unprivileged device
    - selftest: hid: add the missing tests directory
    - Input: xpad - add support for MSI Claw A1M
    - scsi: mpi3mr: Correct a test in mpi3mr_sas_port_add()
    - scsi: mpi3mr: Validate SAS port assignments
    - scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down
    - scsi: ufs: core: Fix the issue of ICU failure
    - scsi: ufs: core: Requeue aborted request
    - drm/radeon: Fix encoder->possible_clones
    - drm/i915/dp_mst: Handle error during DSC BW overhead/slice calculation
    - drm/i915/dp_mst: Don't require DSC hblank quirk for a non-DSC compatible
      mode
    - drm/xe/xe_sync: initialise ufence.signalled
    - drm/xe/ufence: ufence can be signaled right after wait_woken
    - drm/vmwgfx: Cleanup kms setup without 3d
    - drm/vmwgfx: Handle surface check failure correctly
    - drm/amdgpu/pm: Fix code alignment issue
    - drm/amdgpu/smu13: always apply the powersave optimization
    - drm/amdgpu/swsmu: Only force workload setup on init
    - iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig
    - iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig
    - iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig
    - iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
    - iio: hid-sensors: Fix an error handling path in
      _hid_sensor_set_report_latency()
    - iio: light: veml6030: fix ALS sensor resolution
    - iio: light: veml6030: fix IIO device retrieval from embedded device
    - iio: light: opt3001: add missing full-scale range value
    - iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig
    - iio: frequency: adf4377: add missing select REMAP_SPI in Kconfig
    - iio: light: bu27008: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
    - iio: resolver: ad2s1210 add missing select REGMAP in Kconfig
    - iio: pressure: bm1390: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
    - iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
    - iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
    - iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
    - iio: adc: ti-lmp92064: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
    - iio: adc: ti-lmp92064: add missing select REGMAP_SPI in Kconfig
    - iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
    - iio: resolver: ad2s1210: add missing select (TRIGGERED_)BUFFER in Kconfig
    - iio: accel: kx022a: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
    - Bluetooth: Call iso_exit() on module unload
    - Bluetooth: Remove debugfs directory on module init failure
    - Bluetooth: ISO: Fix multiple init when debugfs is disabled
    - Bluetooth: btusb: Fix not being able to reconnect after suspend
    - Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001
    - vt: prevent kernel-infoleak in con_font_get()
    - xhci: tegra: fix checked USB2 port number
    - xhci: Fix incorrect stream context type macro
    - xhci: Mitigate failed set dequeue pointer commands
    - USB: serial: option: add support for Quectel EG916Q-GL
    - USB: serial: option: add Telit FN920C04 MBIM compositions
    - usb: typec: qcom-pmic-typec: fix sink status being overwritten with RP_DEF
    - usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG
    - misc: microchip: pci1xxxx: add support for NVMEM_DEVID_AUTO for EEPROM
      device
    - misc: microchip: pci1xxxx: add support for NVMEM_DEVID_AUTO for OTP device
    - serial: imx: Update mctrl old_status on RTSD interrupt
    - parport: Proper fix for array out-of-bounds access
    - x86/resctrl: Annotate get_mem_config() functions as __init
    - x86/apic: Always explicitly disarm TSC-deadline timer
    - x86/CPU/AMD: Only apply Zenbleed fix for Zen2 during late microcode load
    - x86/entry_32: Do not clobber user EFLAGS.ZF
    - x86/entry_32: Clear CPU buffers after register restore in NMI return
    - tty: n_gsm: Fix use-after-free in gsm_cleanup_mux
    - x86/bugs: Use code segment selector for VERW operand
    - pinctrl: intel: platform: fix error path in device_for_each_child_node()
    - pinctrl: ocelot: fix system hang on level based interrupts
    - pinctrl: stm32: check devm_kasprintf() returned value
    - pinctrl: apple: check devm_kasprintf() returned value
    - irqchip/gic-v4: Don't allow a VMOVP on a dying VPE
    - irqchip/sifive-plic: Unmask interrupt in plic_irq_enable()
    - serial: qcom-geni: fix polled console initialisation
    - serial: qcom-geni: revert broken hibernation support
    - serial: qcom-geni: fix shutdown race
    - serial: qcom-geni: fix dma rx cancellation
    - serial: qcom-geni: fix receiver enable
    - mm: vmscan.c: fix OOM on swap stress test
    - ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne
      1000 G2
    - Upstream stable to v6.6.57, v6.11.5

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301)
    - Revert "perf callchain: Fix stitch LBR memory leaks"
    - ASoC: amd: acp: add ZSC control register programming sequence
    - virtio: rename virtio_config_enabled to virtio_config_core_enabled
    - virtio: allow driver to disable the configure change notification
    - virtio-net: synchronize operstate with admin state on up/down
    - virtio-net: synchronize probe with ndo_set_features
    - wifi: rtw89: limit the PPDU length for VHT rate to 0x40000
    - af_unix: Don't call skb_get() for OOB skb.
    - af_unix: Remove single nest in manage_oob().
    - af_unix: Rename unlinked_skb in manage_oob().
    - af_unix: Move spin_lock() in manage_oob().
    - iommu/amd: Move allocation of the top table into v1_alloc_pgtable
    - iommu/amd: Set the pgsize_bitmap correctly
    - drm/xe: Move and export xe_hw_engine lookup.
    - drm/msm/dp: rename wide_bus_en to wide_bus_supported
    - drm/msm/dp: enable widebus on all relevant chipsets
    - bpf, arm64: Fix tailcall hierarchy
    - libbpf: Don't take direct pointers into BTF data from st_ops
    - s390/entry: Move early program check handler to entry.S
    - selftests/bpf: fix to avoid __msg tag de-duplication by clang
    - libbpf: Ensure new BTF objects inherit input endianness
    - PCI: dwc: ep: Rename dw_pcie_ep_exit() to dw_pcie_ep_deinit()
    - PCI: qcom-ep: Enable controller resources like PHY only after refclk is
      available
    - net: ravb: Fix maximum TX frame size for GbEth devices
    - ravb: Make it clear the information relates to maximum frame size
    - net: ravb: Fix R-Car RX frame size limit
    - netfilter: nf_tables: missing objects with no memcg accounting
    - PCI: dra7xx: Fix error handling when IRQ request fails in probe
    - KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC)
    - intel_idle: fix ACPI _CST matching for newer Xeon platforms
    - wifi: mt76: mt7925: fix a potential association failure upon resuming
    - cifs: Remove intermediate object of failed create reparse call
    - drm/amd/display: Disable replay if VRR capability is false
    - drm/amd/display: Fix VRR cannot enable
    - l2tp: free sessions using rcu
    - net: skbuff: sprinkle more __GFP_NOWARN on ingress allocs
    - nvme: fix metadata handling in nvme-passthrough
    - wifi: wilc1000: Do not operate uninitialized hardware during suspend/resume
    - x86/apic: Remove logical destination mode for 64-bit
    - pmdomain: core: Use dev_name() instead of kobject_get_path() in debugfs
    - drm/xe: Name and document Wa_14019789679
    - drm/xe: Add timeout to preempt fences
    - drm/amd/display: Fix possible overflow in integer multiplication
    - ext4: fix error message when rejecting the default hash
    - power: supply: Drop use_cnt check from power_supply_property_is_writeable()
    - ALSA: hda/realtek: fix mute/micmute LED for HP mt645 G8
    - drm/xe: Generate oob before compiling anything
    - clk: qcom: gcc-sc8180x: Register QUPv3 RCGs for DFS on sc8180x
    - drm/amd/display: Restore Optimized pbn Value if Failed to Disable DSC
    - Revert "drm/amd/display: Skip Recompute DSC Params if no Stream on Link"
    - pmdomain: core: Reduce debug summary table width
    - fs/ntfs3: Do not call file_modified if collapse range failed
    - fs/ntfs3: Optimize large writes into sparse file
    - fs/ntfs3: Fix sparse warning in ni_fiemap
    - fs/ntfs3: Refactor enum_rstbl to suppress static checker
    - virtio_console: fix misc probe bugs
    - ntfs3: Change to non-blocking allocation in ntfs_d_hash
    - bpf: Call the missed btf_record_free() when map creation fails
    - selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test
    - bpf: Check percpu map value size first
    - s390/facility: Disable compile time optimization for decompressor code
    - s390/mm: Add cond_resched() to cmm_alloc/free_pages()
    - bpf, x64: Fix a jit convergence issue
    - ext4: nested locking for xattr inode
    - s390/cpum_sf: Remove WARN_ON_ONCE statements
    - ktest.pl: Avoid false positives with grub2 skip regex
    - soundwire: intel_bus_common: enable interrupts before exiting reset
    - PCI: Add function 0 DMA alias quirk for Glenfly Arise chip
    - clk: bcm: bcm53573: fix OF node leak in init
    - PCI: Add ACS quirk for Qualcomm SA8775P
    - i2c: i801: Use a different adapter-name for IDF adapters
    - PCI: Mark Creative Labs EMU20k2 INTx masking as broken
    - RISC-V: Don't have MAX_PHYSMEM_BITS exceed phys_addr_t
    - mfd: intel_soc_pmic_chtwc: Make Lenovo Yoga Tab 3 X90F DMI match less strict
    - mfd: intel-lpss: Add Intel Arrow Lake-H LPSS PCI IDs
    - mfd: intel-lpss: Rename SPI intel_lpss_platform_info structs
    - mfd: intel-lpss: Add Intel Panther Lake LPSS PCI IDs
    - riscv: Omit optimized string routines when using KASAN
    - riscv: avoid Imbalance in RAS
    - RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults
    - PCI: qcom: Disable mirroring of DBI and iATU register space in BAR region
    - PCI: endpoint: Assign PCI domain number for endpoint controllers
    - soundwire: cadence: re-check Peripheral status with delayed_work
    - riscv/kexec_file: Fix relocation type R_RISCV_ADD16 and R_RISCV_SUB16
      unknown
    - media: videobuf2-core: clear memory related fields in
      __vb2_plane_dmabuf_put()
    - remoteproc: imx_rproc: Use imx specific hook for find_loaded_rsc_table
    - usb: chipidea: udc: enable suspend interrupt after usb reset
    - usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the
      Crashkernel Scenario
    - xhci: dbc: Fix STALL transfer event handling
    - usb: host: xhci-plat: Parse xhci-missing_cas_quirk and apply quirk
    - comedi: ni_routing: tools: Check when the file could not be opened
    - LoongArch: Fix memleak in pci_acpi_scan_root()
    - netfilter: nf_nat: don't try nat source port reallocation for reverse dir
      clash
    - netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n
    - tools/iio: Add memory allocation failure check for trigger_name
    - staging: vme_user: added bound check to geoid
    - driver core: bus: Return -EIO instead of 0 when show/store invalid bus
      attribute
    - scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in
      lpfc_els_flush_cmd()
    - scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to
      KERN_WARNING
    - NFSD: Mark filecache "down" if init fails
    - nfsd: nfsd_destroy_serv() must call svc_destroy() even if nfsd_startup_net()
      failed
    - ice: set correct dst VSI in only LAN filters
    - ice: clear port vlan config during reset
    - ice: disallow DPLL_PIN_STATE_SELECTABLE for dpll output pins
    - ice: fix VLAN replay after reset
    - SUNRPC: Fix integer overflow in decode_rc_list()
    - tcp: fix to allow timestamp undo if no retransmits were sent
    - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe
    - tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out
    - rxrpc: Fix uninitialised variable in rxrpc_send_data()
    - selftests: net: no_forwarding: fix VID for $swp2 in one_bridge_two_pvids()
      test
    - Bluetooth: btusb: Don't fail external suspend requests
    - net: phy: bcm84881: Fix some error handling paths
    - Revert "net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled"
    - net: ethernet: adi: adin1110: Fix some error handling path in
      adin1110_read_fifo()
    - net: dsa: b53: fix jumbo frame mtu check
    - net: dsa: b53: fix max MTU for 1g switches
    - net: dsa: b53: fix max MTU for BCM5325/BCM5365
    - net: dsa: b53: allow lower MTUs on BCM5325/5365
    - net: dsa: b53: fix jumbo frames on 10/100 ports
    - drm/nouveau: pass cli to nouveau_channel_new() instead of drm+device
    - nouveau/dmem: Fix privileged error in copy engine channel
    - gpio: aspeed: Add the flush write to ensure the write complete.
    - gpio: aspeed: Use devm_clk api to manage clock source
    - powercap: intel_rapl_tpmi: Ignore minor version change
    - ice: Fix netif_is_ice() in Safe Mode
    - ice: Flush FDB entries before reset
    - e1000e: change I219 (19) devices to ADP
    - net: ibm: emac: mal: fix wrong goto
    - btrfs: zoned: fix missing RCU locking in error message when loading zone
      info
    - sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start
    - netfilter: fib: check correct rtable in vrf setups
    - net: ibm: emac: mal: add dcr_unmap to _remove
    - net: dsa: refuse cross-chip mirroring operations
    - rtnetlink: Add bulk registration helpers for rtnetlink message handlers.
    - vxlan: Handle error of rtnl_register_module().
    - bridge: Handle error of rtnl_register_module().
    - mctp: Handle error of rtnl_register_module().
    - mpls: Handle error of rtnl_register_module().
    - phonet: Handle error of rtnl_register_module().
    - rcu/nocb: Fix rcuog wake-up from offline softirq
    - x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h
    - HID: multitouch: Add support for lenovo Y9000P Touchpad
    - hwmon: intel-m10-bmc-hwmon: relabel Columbiaville to CVL Die Temperature
    - hwmon: (tmp513) Add missing dependency on REGMAP_I2C
    - hwmon: (mc34vr500) Add missing dependency on REGMAP_I2C
    - hwmon: (adm9240) Add missing dependency on REGMAP_I2C
    - hwmon: (adt7470) Add missing dependency on REGMAP_I2C
    - hwmon: (ltc2991) Add missing dependency on REGMAP_I2C
    - HID: plantronics: Workaround for an unexcepted opposite volume key
    - Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant"
    - usb: dwc3: core: Stop processing of pending events if controller is halted
    - usb: xhci: Fix problem with xhci resume from suspend
    - usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip
    - usb: dwc3: re-enable runtime PM after failed resume
    - usb: gadget: core: force synchronous registration
    - hid: intel-ish-hid: Fix uninitialized variable 'rv' in
      ish_fw_xfer_direct_dma
    - ACPI: resource: Make Asus ExpertBook B2402 matches cover more models
    - ACPI: resource: Make Asus ExpertBook B2502 matches cover more models
    - drm/amdkfd: Fix an eviction fence leak
    - drm/amd/display: fix hibernate entry for DCN35+
    - drm/xe/guc_submit: fix xa_store() error checking
    - drm/i915/hdcp: fix connector refcounting
    - drm/xe/ct: fix xa_store() error checking
    - scsi: ufs: Use pre-calculated offsets in ufshcd_init_lrb()
    - mmc: sdhci-of-dwcmshc: Prevent stale command interrupt handling
    - mptcp: fallback when MPTCP opts are dropped after 1st data
    - ata: libata: avoid superfluous disk spin down + spin up during hibernation
    - OPP: fix error code in dev_pm_opp_set_config()
    - net: dsa: lan9303: ensure chip reset and wait for READY status
    - mptcp: pm: do not remove closing subflows
    - powercap: intel_rapl_tpmi: Fix bogus register reading
    - selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test
    - selftests/rseq: Fix mm_cid test failure
    - btrfs: split remaining space to discard in chunks
    - btrfs: add cancellation points to trim loops
    - fs/proc/kcore.c: allow translation of physical memory addresses
    - io_uring/rw: fix cflags posting for single issue multishot read
    - Upstream stable to v6.6.56, v6.11.1, v6.11.2, v6.11.3, v6.11.4

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50182
    - secretmem: disable memfd_secret() if arch cannot set direct map

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50019
    - kthread: unpark only parked kthread

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50096
    - nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50020
    - ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count()

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50021
    - ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins()

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50022
    - device-dax: correct pgoff align in dax_set_mapping()

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50185
    - mptcp: handle consistently DSS corruption

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50023
    - net: phy: Remove LED entry from LEDs list on unregister

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50024
    - net: Fix an unsafe loop on the list

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50186
    - net: explicitly clear the sk pointer, when pf->create fails

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50025
    - scsi: fnic: Move flush_work initialization out of if block

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50026
    - scsi: wd33c93: Don't use stale scsi_pointer value

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50027
    - thermal: core: Free tzp copy along with the thermal zone

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50028
    - thermal: core: Reference count the zone in thermal_zone_get_by_id()

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50029
    - Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50030
    - drm/xe/ct: prevent UAF in send_recv()

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50187
    - drm/vc4: Stop the active perfmon before being destroyed

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50031
    - drm/v3d: Stop the active perfmon before being destroyed

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50189
    - HID: amd_sfh: Switch to device-managed dmam_alloc_coherent()

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50033
    - slip: make slhc_remember() more robust against malicious packets

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50035
    - ppp: fix ppp_async_encode() illegal access

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50036
    - net: do not delay dst_entries_add() in dst_release()

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50038
    - netfilter: xtables: avoid NFPROTO_UNSPEC where needed

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50039
    - net/sched: accept TCA_STAB only for root qdisc

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50040
    - igb: Do not bring the device up after non-fatal error

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50041
    - i40e: Fix macvlan leak by synchronizing access to mac_filter_hash

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50042
    - ice: Fix increasing MSI-X on VF

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50093
    - thermal: intel: int340x: processor: Fix warning during module unload

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50044
    - Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50045
    - netfilter: br_netfilter: fix panic with metadata_dst skb

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50188
    - net: phy: dp83869: fix memory corruption when enabling fiber

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50046
    - NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50180
    - fbdev: sisfb: Fix strbuf array overflow

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50047
    - smb: client: fix UAF in async decryption

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50048
    - fbcon: Fix a NULL pointer dereference issue in fbcon_putcs

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50049
    - drm/amd/display: Check null pointer before dereferencing se

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50090
    - drm/xe/oa: Fix overflow in oa batch buffer

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50183
    - scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV
      instance

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50055
    - driver core: bus: Fix double free in driver API bus_register()

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50056
    - usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50184
    - virtio_pmem: Check device status before requesting flush

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50057
    - usb: typec: tipd: Free IRQ only if it was requested before

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50058
    - serial: protect uart_port_dtr_rts() in uart_shutdown() too

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50181
    - clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50059
    - ntb: ntb_hw_switchtec: Fix use after free vulnerability in
      switchtec_ntb_remove due to race condition

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50060
    - io_uring: check if we need to reschedule during overflow flush

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50061
    - i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master
      Driver Due to Race Condition

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50062
    - RDMA/rtrs-srv: Avoid null pointer deref during path establishment

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50095
    - RDMA/mad: Improve handling of timed out WRs of mad agent

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50063
    - bpf: Prevent tail call between progs attached to different hooks

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50191
    - ext4: don't set SB_RDONLY after filesystem errors

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50064
    - zram: free secondary algorithms names

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50089
    - unicode: Don't special case ignorable code points

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-49865
    - drm/xe/vm: move xa_alloc to prevent UAF

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-49968
    - ext4: filesystems without casefold feature cannot be mounted with siphash

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-49893
    - drm/amd/display: Check stream_status before it is used

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-49972
    - drm/amd/display: Deallocate DML memory if allocation fails

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-49914
    - drm/amd/display: Add null check for pipe_ctx->plane_state in
      dcn20_program_pipe

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-49920
    - drm/amd/display: Check null pointers before multiple uses

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-49921
    - drm/amd/display: Check null pointers before used

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-50009
    - cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-47726
    - f2fs: fix to wait dio completion

* Noble update: upstream stable patchset 2025-02-03 (LP: #2097301) //
    CVE-2024-47711
    - af_unix: Don't return OOB skb in manage_oob().

* CVE-2024-53170
    - block: fix uaf for flush rq while iterating tags

* CVE-2024-50148
    - Bluetooth: bnep: fix wild-memory-access in proto_unregister

* CVE-2024-50134
    - drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real
      VLA

* CVE-2024-50171
    - net: systemport: fix potential memory leak in bcm_sysport_xmit()

* CVE-2024-50229
    - nilfs2: fix potential deadlock with newly created symlinks

* CVE-2024-50233
    - staging: iio: frequency: ad9832: fix division by zero in
      ad9832_calc_freqreg()

* [Lenovo Ubuntu 24.04 Bug] dmesg show "spi-nor: probe of spi0.0 failed with
    error -95" (LP: #2070339)
    - mtd: core: Don't fail mtd_otp_nvmem_add() if OTP is unsupported
    - mtd: core: Align comment with an action in mtd_otp_nvmem_add()

* python perf module missing in realtime kernel (LP: #2089411)
    - [Packaging] linux-tools: Add missing python perf symlink
    - [Packaging] linux-tools: Fix python perf library packaging
    - [Packaging] linux-tools: Fall back to old python perf path

* CVE-2024-53104
    - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in
      uvc_parse_format

-- Mehmet Basaran <mehmet.basaran@canonical.com>  Fri, 14 Feb 2025 16:04:25 +0300

Changed in linux (Ubuntu Noble):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2025-03-24:

#11

Download full text (117.5 KiB)

This bug was fixed in the package linux - 6.11.0-21.21

---------------
linux (6.11.0-21.21) oracular; urgency=medium

* oracular/linux: 6.11.0-21.21 -proposed tracker (LP: #2098763)

  * Processes crash when attaching uretprobes to processes running in Docker
    (LP: #2098759)
    - seccomp: passthrough uretprobe systemcall without filtering

linux (6.11.0-20.20) oracular; urgency=medium

* oracular/linux: 6.11.0-20.20 -proposed tracker (LP: #2098205)

  * drm/amd/display: Add check for granularity in dml ceil/floor helpers
    (LP: #2098080)
    - drm/amd/display: Add check for granularity in dml ceil/floor helpers

* optimized default EPP for GNR family (LP: #2097554)
- cpufreq: intel_pstate: Update Balance-performance EPP for Granite Rapids

* Incorrect LAPIC/x2APIC parsing order (LP: #2097455)
- x86/acpi: Fix LAPIC/x2APIC parsing order

* MGLRU: page allocation failure on NUMA-enabled systems (LP: #2097214)
- mm/vmscan: wake up flushers conditionally to avoid cgroup OOM

  * AppArmor early policy load not funcitoning (LP: #2095370)
    - SAUCE: Revert "UBUNTU: SAUCE: apparmor4.0.0 [66/99]: userns - add the
      ability to reference a global variable for a feature value"

  * apparmor unconfined profile blocks pivot_root (LP: #2067900)
    - SAUCE: Revert "UBUNTU: SAUCE: apparmor4.0.0 [80/99]: apparmor: convert easy
      uses of unconfined() to label_mediates()"

  * Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165)
    - memblock: make memblock_set_node() also warn about use of MAX_NUMNODES
    - jbd2: increase IO priority for writing revoke records
    - jbd2: flush filesystem device before updating tail sequence
    - dm array: fix unreleased btree blocks on closing a faulty array cursor
    - dm array: fix cursor index when skipping across block boundaries
    - exfat: fix the infinite loop in __exfat_free_cluster()
    - ASoC: rt722: add delay time to wait for the calibration procedure
    - ASoC: mediatek: disable buffer pre-allocation
    - selftests/alsa: Fix circular dependency involving global-timer
    - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe()
    - net: 802: LLC+SNAP OID:PID lookup on start of skb data
    - tcp/dccp: allow a connection when sk_max_ack_backlog is zero
    - net: libwx: fix firmware mailbox abnormal return
    - pds_core: limit loop over fw name list
    - bnxt_en: Fix possible memory leak when hwrm_req_replace fails
    - cxgb4: Avoid removal of uninserted tid
    - ice: fix incorrect PHY settings for 100 GB/s
    - igc: return early when failing to read EECD register
    - tls: Fix tls_sw_sendmsg error handling
    - eth: gve: use appropriate helper to set xdp_features
    - Bluetooth: hci_sync: Fix not setting Random Address when required
    - Bluetooth: MGMT: Fix Add Device to responding before completing
    - Bluetooth: btnxpuart: Fix driver sending truncated data
    - Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming
    - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset
    - netfilter: nf_tables: imbalance in flowtable binding
    - drm/mediatek: stop selecting foreign drivers
    - [Config] updat...

This bug was fixed in the package linux - 6.11.0-21.21

---------------
linux (6.11.0-21.21) oracular; urgency=medium

* oracular/linux: 6.11.0-21.21 -proposed tracker (LP: #2098763)

* Processes crash when attaching uretprobes to processes running in Docker
    (LP: #2098759)
    - seccomp: passthrough uretprobe systemcall without filtering

linux (6.11.0-20.20) oracular; urgency=medium

* oracular/linux: 6.11.0-20.20 -proposed tracker (LP: #2098205)

* drm/amd/display: Add check for granularity in dml ceil/floor helpers
    (LP: #2098080)
    - drm/amd/display: Add check for granularity in dml ceil/floor helpers

* optimized default EPP for GNR family (LP: #2097554)
    - cpufreq: intel_pstate: Update Balance-performance EPP for Granite Rapids

* Incorrect LAPIC/x2APIC parsing order (LP: #2097455)
    - x86/acpi: Fix LAPIC/x2APIC parsing order

* MGLRU: page allocation failure on NUMA-enabled systems (LP: #2097214)
    - mm/vmscan: wake up flushers conditionally to avoid cgroup OOM

* AppArmor early policy load not funcitoning (LP: #2095370)
    - SAUCE: Revert "UBUNTU: SAUCE: apparmor4.0.0 [66/99]: userns - add the
      ability to reference a global variable for a feature value"

* apparmor unconfined profile blocks pivot_root (LP: #2067900)
    - SAUCE: Revert "UBUNTU: SAUCE: apparmor4.0.0 [80/99]: apparmor: convert easy
      uses of unconfined() to label_mediates()"

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165)
    - memblock: make memblock_set_node() also warn about use of MAX_NUMNODES
    - jbd2: increase IO priority for writing revoke records
    - jbd2: flush filesystem device before updating tail sequence
    - dm array: fix unreleased btree blocks on closing a faulty array cursor
    - dm array: fix cursor index when skipping across block boundaries
    - exfat: fix the infinite loop in __exfat_free_cluster()
    - ASoC: rt722: add delay time to wait for the calibration procedure
    - ASoC: mediatek: disable buffer pre-allocation
    - selftests/alsa: Fix circular dependency involving global-timer
    - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe()
    - net: 802: LLC+SNAP OID:PID lookup on start of skb data
    - tcp/dccp: allow a connection when sk_max_ack_backlog is zero
    - net: libwx: fix firmware mailbox abnormal return
    - pds_core: limit loop over fw name list
    - bnxt_en: Fix possible memory leak when hwrm_req_replace fails
    - cxgb4: Avoid removal of uninserted tid
    - ice: fix incorrect PHY settings for 100 GB/s
    - igc: return early when failing to read EECD register
    - tls: Fix tls_sw_sendmsg error handling
    - eth: gve: use appropriate helper to set xdp_features
    - Bluetooth: hci_sync: Fix not setting Random Address when required
    - Bluetooth: MGMT: Fix Add Device to responding before completing
    - Bluetooth: btnxpuart: Fix driver sending truncated data
    - Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming
    - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset
    - netfilter: nf_tables: imbalance in flowtable binding
    - drm/mediatek: stop selecting foreign drivers
    - [Config] updateconfigs for MTK_SMI
    - drm/mediatek: Fix YCbCr422 color format issue for DP
    - drm/mediatek: Fix mode valid issue for dp
    - drm/mediatek: Add return value check when reading DPCD
    - cpuidle: riscv-sbi: fix device node release in early exit of
      for_each_possible_cpu
    - scsi: ufs: qcom: Power off the PHY if it was already powered on in
      ufs_qcom_power_up_sequence()
    - dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
    - ksmbd: Implement new SMB3 POSIX type
    - thermal: of: fix OF node leak in of_thermal_zone_find()
    - smb: client: sync the root session and superblock context passwords before
      automounting
    - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
    - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[]
    - drm/amd/display: increase MAX_SURFACES to the value supported by hw
    - io_uring/timeout: fix multishot updates
    - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2)
    - USB: serial: option: add MeiG Smart SRM815
    - USB: serial: option: add Neoway N723-EA support
    - staging: iio: ad9834: Correct phase range check
    - staging: iio: ad9832: Correct phase range check
    - usb-storage: Add max sectors quirk for Nokia 208
    - USB: serial: cp210x: add Phoenix Contact UPS Device
    - usb: dwc3: gadget: fix writing NYET threshold
    - misc: microchip: pci1xxxx: Resolve return code mismatch during GPIO set
      config
    - tty: serial: 8250: Fix another runtime PM usage counter underflow
    - usb: dwc3-am62: Disable autosuspend during remove
    - USB: usblp: return error when setting unsupported protocol
    - USB: core: Disable LPM only for non-suspended ports
    - usb: fix reference leak in usb_new_device()
    - usb: gadget: midi2: Reverse-select at the right place
    - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in
      the error path of .probe()
    - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
    - usb: typec: tcpm/tcpci_maxim: fix error code in
      max_contaminant_read_resistance_kohm()
    - usb: gadget: configfs: Ignore trailing LF for user strings to cdev
    - iio: gyro: fxas21002c: Fix missing data update in trigger handler
    - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
    - iio: inkern: call iio_device_put() only on mapped devices
    - iio: adc: ad7124: Disable all channels at probe time
    - ARM: dts: imxrt1050: Fix clocks for mmc
    - arm64: dts: rockchip: add hevc power domain clock to rk3328
    - drm/mediatek: Only touch DISP_REG_OVL_PITCH_MSB if AFBC is supported
    - iomap: pass byte granular end position to iomap_add_to_ioend
    - iomap: fix zero padding data issue in concurrent append writes
    - netfs: Fix missing barriers by using clear_and_wake_up_bit()
    - fuse: respect FOPEN_KEEP_CACHE on opendir
    - ovl: pass realinode to ovl_encode_real_fh() instead of realdentry
    - net: don't dump Tx and uninitialized NAPIs
    - ice: fix max values for dpll pin phase adjust
    - Bluetooth: btmtk: Fix failed to send func ctrl for MediaTek devices.
    - net: hns3: fixed reset failure issues caused by the incorrect reset type
    - net: hns3: fix missing features due to dev->features configuration too early
    - net: hns3: Resolved the issue that the debugfs query result is inconsistent.
    - net: hns3: initialize reset_timer before hclgevf_misc_irq_init()
    - mctp i3c: fix MCTP I3C driver multi-thread issue
    - drm/mediatek: Move mtk_crtc_finish_page_flip() to ddp_cmdq_cb()
    - drm/mediatek: Add support for 180-degree rotation in the display driver
    - drm/mediatek: mtk_dsi: Add registers to pdata to fix MT8186/MT8188
    - gpio: virtuser: Use GPIO_LOOKUP_IDX() macro
    - gpio: virtuser: fix handling of multiple conn_ids in lookup table
    - platform/x86: intel/pmc: Fix ioremap() of bad address
    - riscv: module: remove relocation_head rel_entry member allocation
    - riscv: stacktrace: fix backtracing through exceptions
    - fs: fix is_mnt_ns_file()
    - mptcp: sysctl: avail sched: remove write access
    - Revert "drm/mediatek: dsi: Correct calculation formula of PHY Timing"
    - cgroup/cpuset: Prevent leakage of isolated CPUs into sched domains
    - arm64: dts: qcom: x1e80100: Fix up BAR space size for PCIe6a
    - arm64: dts: qcom: sa8775p: Fix the size of 'addr_space' regions
    - fs: kill MNT_ONRB
    - riscv: kprobes: Fix incorrect address calculation
    - gpio: loongson: Fix Loongson-2K2000 ACPI GPIO register offset
    - drm/amd/pm: fix BUG: scheduling while atomic
    - drm/amdkfd: wq_release signals dma_fence only when available
    - serial: stm32: use port lock wrappers for break control
    - usb: host: xhci-plat: set skip_phy_initialization if software node has
      XHCI_SKIP_PHY_INIT property
    - usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control()
    - iio: adc: ti-ads1119: fix sample size in scan struct for triggered buffer
    - iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on
    - iio: adc: ad7173: fix using shared static info struct
    - arm64: dts: qcom: sa8775p: fix the secure device bootup issue
    - firewall: remove misplaced semicolon from stm32_firewall_get_firewall
    - io_uring: don't touch sqd->thread off tw add
    - iio: imu: inv_icm42600: fix spi burst write not supported
    - Upstream stable to v6.6.71, v6.6.72, v6.12.10

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21659
    - netdev: prevent accessing NAPI instances from another namespace

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21655
    - io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2024-57944
    - iio: adc: ti-ads1298: Add NULL check in ads1298_init

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2024-57905
    - iio: adc: ti-ads1119: fix information leak in triggered buffer

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21633
    - io_uring/sqpoll: zero sqd->thread on tctx errors

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2024-57918
    - drm/amd/display: fix page fault due to max surface definition mismatch

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2024-57919
    - drm/amd/display: fix divide error in DM plane scale calcs

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2024-57921
    - drm/amdgpu: Add a lock when accessing the buddy trim function

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21634
    - cgroup/cpuset: remove kernfs active break

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21635
    - rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2024-57924
    - fs: relax assertions on failure to encode file handles

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21643
    - netfs: Fix kernel async DIO

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21644
    - drm/xe: Fix tlb invalidation when wedging

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21661
    - gpio: virtuser: fix missing lookup table cleanups

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21649
    - net: hns3: fix kernel crash when 1588 is sent on HIP08 devices

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21650
    - net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21651
    - net: hns3: don't auto enable misc vector

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21654
    - ovl: support encoding fid from inode with no alias

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21631
    - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21656
    - hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2024-57904
    - iio: adc: at91: call input_free_device() on allocated iio_dev

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2024-57906
    - iio: adc: ti-ads8688: fix information leak in triggered buffer

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2024-57907
    - iio: adc: rockchip_saradc: fix information leak in triggered buffer

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2024-57908
    - iio: imu: kmx61: fix information leak in triggered buffer

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2024-57910
    - iio: light: vcnl4035: fix information leak in triggered buffer

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2024-57911
    - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered
      buffer

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2024-57912
    - iio: pressure: zpa2326: fix information leak in triggered buffer

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2024-57913
    - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21632
    - x86/fpu: Ensure shadow stack is active before "getting" registers

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2024-57916
    - misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2024-57917
    - topology: Keep the cpumask unchanged when printing cpumap

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2024-57939
    - riscv: Fix sleeping in invalid context in die()

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21636
    - sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21637
    - sctp: sysctl: udp_port: avoid using current->nsproxy

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21638
    - sctp: sysctl: auth_enable: avoid using current->nsproxy

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21639
    - sctp: sysctl: rto_min/max: avoid using current->nsproxy

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21640
    - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21642
    - mptcp: sysctl: sched: avoid using current->nsproxy

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21664
    - dm thin: make get_first_thin use rcu-safe list first function

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2024-57945
    - riscv: mm: Fix the out of bound issue of vmemmap address

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21660
    - ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21645
    - platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled
      it

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21646
    - afs: Fix the maximum cell name length

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2024-57925
    - ksmbd: fix a missing return value check bug

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2024-57926
    - drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind
      returns err

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21662
    - net/mlx5: Fix variable not being completed when function returns

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21663
    - net: stmmac: dwmac-tegra: Read iommu stream id from device tree

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21647
    - sched: sch_cake: add bounds checks to host bulk flow fairness counts

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21648
    - netfilter: conntrack: clamp maximum hashtable size to INT_MAX

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21652
    - ipvlan: Fix use-after-free in ipvlan_get_iflink().

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21658
    - btrfs: avoid NULL pointer dereference if no valid extent tree

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2025-21653
    - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2024-57940
    - exfat: fix the infinite loop in exfat_readdir()

* Oracular update: upstream stable patchset 2025-02-13 (LP: #2098165) //
    CVE-2024-57929
    - dm array: fix releasing a faulty array block twice in dm_array_cursor_end

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738)
    - docs: media: update location of the media patches
    - x86/mm: Carve out INVLPG inline asm for use by others
    - smb/client: rename cifs_ntsd to smb_ntsd
    - smb/client: rename cifs_sid to smb_sid
    - smb/client: rename cifs_acl to smb_acl
    - smb/client: rename cifs_ace to smb_ace
    - fs/smb/client: implement chmod() for SMB3 POSIX Extensions
    - smb/client: Prevent error pointer dereference
    - smb: client: stop flooding dmesg in smb2_calc_signature()
    - usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing
      logic
    - remoteproc: qcom: pas: Add support for SA8775p ADSP, CDSP and GPDSP
    - platform/x86: mlx-platform: call pci_dev_put() to balance the refcount
    - mmc: sdhci-msm: fix crypto key eviction
    - tracing: Handle old buffer mappings for event strings and functions
    - tracing: Fix trace_check_vprintf() when tp_printk is used
    - tracing: Check "%s" dereference via the field and not the TP_printk format
    - RDMA/bnxt_re: Remove always true dattr validity check
    - RDMA/mlx5: Enforce same type port association for multiport RoCE
    - RDMA/bnxt_re: Avoid initializing the software queue for user queues
    - RDMA/bnxt_re: Avoid sending the modify QP workaround for latest adapters
    - nvme-pci: 512 byte aligned dma pool segment quirk
    - RDMA/bnxt_re: Fix the check for 9060 condition
    - RDMA/bnxt_re: Add check for path mtu in modify_qp
    - RDMA/bnxt_re: Fix reporting hw_ver in query_device
    - RDMA/bnxt_re: Fix max_qp_wrs reported
    - RDMA/bnxt_re: Add support for Variable WQE in Genp7 adapters
    - RDMA/bnxt_re: Disable use of reserved wqes
    - RDMA/bnxt_re: Add send queue size check for variable wqe
    - RDMA/bnxt_re: Fix MSN table size for variable wqe mode
    - RDMA/bnxt_re: Fix the locking while accessing the QP table
    - drm/bridge: adv7511_audio: Update Audio InfoFrame properly
    - net: dsa: microchip: Fix KSZ9477 set_ageing_time function
    - net: dsa: microchip: Fix LAN937X set_ageing_time function
    - RDMA/hns: Fix mapping error of zero-hop WQE buffer
    - RDMA/hns: Fix warning storm caused by invalid input in IO path
    - RDMA/hns: Fix missing flush CQE for DWQE
    - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev()
    - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit()
    - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit()
    - net: Fix netns for ip_tunnel_init_flow()
    - net/mlx5: DR, select MSIX vector 0 for completion queue creation
    - net/mlx5e: macsec: Maintain TX SA from encoding_sa
    - drm/i915/dg1: Fix power gate sequence.
    - net: llc: reset skb->transport_header
    - ALSA: usb-audio: US16x08: Initialize array before use
    - eth: bcmsysport: fix call balance of priv->clk handling routines
    - net: mv643xx_eth: fix an OF node reference leak
    - net: sfc: Correct key_len for efx_tc_ct_zone_ht_params
    - net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init()
    - net: ti: icssg-prueth: Fix clearing of IEP_CMP_CFG registers during iep_init
    - wifi: mac80211: wake the queues in case of failure in resume
    - ALSA: hda/ca0132: Use standard HD-audio quirk matching helpers
    - ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model
    - sound: usb: enable DSD output for ddHiFi TC44C
    - sound: usb: format: don't warn that raw DSD is unsupported
    - bpf: fix potential error return
    - ksmbd: retry iterate_dir in smb2_query_dir
    - smb: client: destroy cfid_put_wq on module exit
    - net: usb: qmi_wwan: add Telit FE910C04 compositions
    - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base
    - ARC: build: Try to guess GCC variant of cross compiler
    - RDMA/bnxt_re: Fix the max WQE size for static WQE support
    - modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host
    - modpost: fix the missed iteration for the max bit in do_input()
    - ALSA: seq: Check UMP support for midi_version change
    - ALSA hda/realtek: Add quirk for Framework F111:000C
    - kcov: mark in_softirq_really() as __always_inline
    - scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and transitivity
    - sky2: Add device ID 11ab:4373 for Marvell 88E8075
    - drm: adv7511: Drop dsi single lane support
    - dt-bindings: display: adi,adv7533: Drop single lane support
    - mptcp: fix recvbuffer adjust on sleeping rcvmsg
    - mptcp: don't always assume copied data in mptcp_cleanup_rbuf()
    - RDMA/bnxt_re: Fix max SGEs for the Work Request
    - drm/amdgpu: fix backport of commit 73dae652dcac
    - platform/x86: thinkpad-acpi: Add support for hotkey 0x1401
    - platform/x86: hp-wmi: mark 8A15 board for timed OMEN thermal profile
    - pmdomain: imx: gpcv2: Simplify with scoped for each OF child loop
    - pmdomain: imx: gpcv2: fix an OF node reference leak in imx_gpcv2_probe()
    - block: lift bio_is_zone_append to bio.h
    - btrfs: use bio_is_zone_append() in the completion handler
    - RDMA/core: Fix ENODEV error for iWARP test over vlan
    - wifi: iwlwifi: fix CRF name for Bz
    - net: phy: micrel: Dynamically control external clock of KSZ PHY
    - selftests: net: local_termination: require mausezahn
    - netdev-genl: avoid empty messages in napi get
    - drm/xe/devcoredump: Use drm_puts and already cached local variables
    - drm/xe/devcoredump: Improve section headings and add tile info
    - drm/xe/devcoredump: Add ASCII85 dump helper function
    - drm/xe/guc: Copy GuC log prior to dumping
    - drm/xe: Take PM ref in delayed snapshot capture worker
    - drm/xe: Move the coredump registration to the worker thread
    - drm/xe: Revert some changes that break a mesa debug tool
    - drm/xe: Fix and re-enable xe_print_blob_ascii85()
    - drm/xe/pf: Use correct function to check LMEM provisioning
    - net: stmmac: restructure the error path of stmmac_probe_config_dt()
    - net: pse-pd: tps23881: Fix power on/off issue
    - net/mlx5e: Keep netdev when leave switchdev for devlink set legacy only
    - drm/i915/cx0_phy: Fix C10 pll programming sequence
    - perf/x86/intel: Add Arrow Lake U support
    - drm/amdgpu: use sjt mec fw on gfx943 for sriov
    - ALSA: hda: cs35l56: Remove calls to
      cs35l56_force_sync_asp1_registers_from_cache()
    - ALSA: hda/realtek - Add support for ASUS Zen AIO 27 Z272SD_A272SD audio
    - btrfs: handle bio_split() errors
    - spi: spi-cadence-qspi: Disable STIG mode for Altera SoCFPGA.
    - ASoC: audio-graph-card: Call of_node_put() on correct node
    - ARC: build: disallow invalid PAE40 + 4K page config
    - ARC: fix reference of dependency for PAE40 config
    - ARC: bpf: Correct conditional check in 'check_jmp_32'
    - bpf: refactor bpf_helper_changes_pkt_data to use helper number
    - bpf: consider that tail calls invalidate packet pointers
    - clk: thead: Fix TH1520 emmc and shdci clock rate
    - scripts/mksysmap: Fix escape chars '$'
    - kbuild: pacman-pkg: provide versioned linux-api-headers package
    - RDMA/mlx5: Enable multiplane mode only when it is supported
    - ftrace: Fix function profiler's filtering functionality
    - drm/xe: Use non-interruptible wait when moving BO to system
    - drm/xe: Wait for migration job before unmapping pages
    - maple_tree: reload mas before the second call for mas_empty_area
    - io_uring/rw: fix downgraded mshot read
    - wifi: iwlwifi: mvm: Fix __counted_by usage in cfg80211_wowlan_nd_*
    - net: ethernet: ti: am65-cpsw: default to round-robin for host port receive
    - mm/damon/core: fix ignored quota goals and filters of newly committed
      schemes
    - mm: shmem: fix incorrect index alignment for within_size policy
    - fs/proc/task_mmu: fix pagemap flags with PMD THP entries on 32bit
    - gve: process XSK TX descriptors as part of RX NAPI
    - gve: clean XDP queues in gve_tx_stop_ring_gqi
    - gve: fix XDP allocation path in edge cases
    - gve: trigger RX NAPI instead of TX NAPI in gve_xsk_wakeup
    - mm/readahead: fix large folio support in async readahead
    - mm/hugetlb: enforce that PMD PT sharing has split PMD PT locks
    - Upstream stable to v6.6.70, v6.12.9

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57883
    - mm: hugetlb: independent PMD page table shared count

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57886
    - mm/damon/core: fix new damon_target objects leaks on damon_commit_targets()

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57934
    - fgraph: Add READ_ONCE() when accessing fgraph_array[]

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57888
    - workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from
      !WQ_MEM_RECLAIM worker

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57894
    - Bluetooth: hci_core: Fix sleeping function called from invalid context

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57898
    - wifi: cfg80211: clear link ID from bitmap during link delete after clean up

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2025-21630
    - io_uring/net: always initialize kmsg->msg.msg_inq upfront

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-53681
    - nvmet: Don't overflow subsysnqn

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57795
    - RDMA/rxe: Remove the direct link to net_device

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57935
    - RDMA/hns: Fix accessing invalid dip_ctx during destroying QP

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57857
    - RDMA/siw: Remove direct link to net_device

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57882
    - mptcp: fix TCP options overflow.

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57884
    - mm: vmscan: account for free pages to prevent infinite Loop in
      throttle_direct_reclaim()

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57885
    - mm/kmemleak: fix sleeping function called from invalid context at print
      message

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57932
    - gve: guard XDP xmit NDO on existence of xdp queues

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57933
    - gve: guard XSK operations on the existence of queues

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57887
    - drm: adv7511: Fix use-after-free in adv7533_attach_dsi()

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57938
    - net/sctp: Prevent autoclose integer overflow in sctp_association_init()

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57889
    - pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57890
    - RDMA/uverbs: Prevent integer overflow issue

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57892
    - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57893
    - ALSA: seq: oss: Fix races at processing SysEx messages

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57895
    - ksmbd: set ATTR_CTIME flags when setting mtime

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57896
    - btrfs: flush delalloc workers queue before stopping cleaner kthread during
      unmount

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57897
    - drm/amdkfd: Correct the migration DMA map direction

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57899
    - wifi: mac80211: fix mbss changed flags corruption on 32 bit systems

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57900
    - ila: serialize calls to nf_register_net_hooks()

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57901
    - af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57902
    - af_packet: fix vlan_get_tci() vs MSG_PEEK

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57903
    - net: restrict SO_REUSEPORT to inet sockets

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2025-21629
    - net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-36476
    - RDMA/rtrs: Ensure 'ib_sge list' is accessible

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-39282
    - net: wwan: t7xx: Fix FSM command timeout issue

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57801
    - net/mlx5e: Skip restore TC rules for vport rep without loaded flag

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57802
    - netrom: check buffer length before accessing it

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57841
    - net: fix memory leak in tcp_conn_request()

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-57931
    - selinux: ignore unknown extended permissions

* Oracular update: upstream stable patchset 2025-02-10 (LP: #2097738) //
    CVE-2024-53179
    - smb: client: fix use-after-free of signing key

* VM boots slowly with large-BAR GPU Passthrough due to pci/probe.c redundancy
    (LP: #2097389)
    - PCI: Batch BAR sizing operations

* Oracular update: upstream stable patchset 2025-02-06 (LP: #2097531)
    - ceph: allocate sparse_ext map only for sparse reads
    - mm/vmstat: fix a W=1 clang compiler warning
    - tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress()
    - tcp_bpf: Add sk_rmem_alloc related logic for tcp_bpf ingress redirection
    - bpf: Check negative offsets in __bpf_skb_min_len()
    - nfsd: Revert "nfsd: release svc_expkey/svc_export with rcu_work"
    - nfsd: restore callback functionality for NFSv4.0
    - mtd: diskonchip: Cast an operand to prevent potential overflow
    - mtd: rawnand: arasan: Fix double assertion of chip-select
    - mtd: rawnand: arasan: Fix missing de-registration of NAND
    - phy: qcom-qmp: Fix register name in RX Lane config of SC8280XP
    - phy: core: Fix an OF node refcount leakage in _of_phy_get()
    - phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup()
    - phy: core: Fix that API devm_phy_put() fails to release the phy
    - phy: core: Fix that API devm_of_phy_provider_unregister() fails to
      unregister the phy provider
    - phy: core: Fix that API devm_phy_destroy() fails to destroy the phy
    - phy: usb: Toggle the PHY power during init
    - phy: rockchip: naneng-combphy: fix phy reset
    - dmaengine: mv_xor: fix child node refcount handling in early exit
    - dmaengine: dw: Select only supported masters for ACPI devices
    - dmaengine: tegra: Return correct DMA status when paused
    - dmaengine: fsl-edma: implement the cleanup path of fsl_edma3_attach_pd()
    - dmaengine: apple-admac: Avoid accessing registers in probe
    - stddef: make __struct_group() UAPI C++-friendly
    - tracing/kprobe: Make trace_kprobe's module callback called after jump_label
      update
    - watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04
    - watchdog: mediatek: Add support for MT6735 TOPRGU/WDT
    - scsi: qla1280: Fix hw revision numbering for ISP1020/1040
    - udf: Skip parent dir link count update if corrupted
    - ALSA: hda/conexant: fix Z60MR100 startup pop issue
    - ALSA: sh: Use standard helper for buffer accesses
    - smb: server: Fix building with GCC 15
    - regmap: Use correct format specifier for logging range errors
    - LoongArch: Fix reserving screen info memory for above-4G firmware
    - LoongArch: BPF: Adjust the parameter of emit_jirl()
    - platform/x86: asus-nb-wmi: Ignore unknown event 0xCF
    - spi: intel: Add Panther Lake SPI controller support
    - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load
      time
    - scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN
      as an error
    - spi: omap2-mcspi: Fix the IS_ERR() bug for devm_clk_get_optional_enabled()
    - spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors
    - blk-mq: register cpuhp callback after hctx is added to xarray table
    - freezer, sched: Report frozen tasks as 'D' instead of 'R'
    - tracing: Constify string literal data member in struct trace_event_call
    - io_uring/sqpoll: fix sqpoll error handling races
    - i2c: microchip-core: actually use repeated sends
    - i2c: imx: add imx7d compatible string for applying erratum ERR007805
    - i2c: microchip-core: fix "ghost" detections
    - btrfs: sysfs: fix direct super block member reads
    - ALSA: sh: Fix wrong argument order for copy_from_iter()
    - fork: avoid inappropriate uprobe access to invalid mm
    - smb: client: Deduplicate "select NETFS_SUPPORT" in Kconfig
    - smb: fix bytes written value in /proc/fs/cifs/Stats
    - ASoC: amd: ps: Fix for enabling DMIC on acp63 platform via _DSD entry
    - ASoC: dt-bindings: realtek,rt5645: Fix CPVDD voltage comment
    - power: supply: bq24190: Fix BQ24296 Vbus regulator support
    - watchdog: rzg2l_wdt: Power on the watchdog domain in the restart handler
    - Revert "watchdog: s3c2410_wdt: use exynos_get_pmu_regmap_by_phandle() for
      PMU regs"
    - udf: Verify inode link counts before performing rename
    - ALSA: ump: Don't open legacy substream for an inactive group
    - ALSA: ump: Indicate the inactive group in legacy substream names
    - ALSA: ump: Update legacy substream names upon FB info update
    - bpf: Zero index arg error string for dynptr and iter
    - scsi: mpi3mr: Synchronize access to ioctl data buffer
    - scsi: mpi3mr: Start controller indexing from 0
    - ACPI/IORT: Add PMCG platform information for HiSilicon HIP10/11
    - ACPI/IORT: Add PMCG platform information for HiSilicon HIP09A
    - wifi: iwlwifi: be less noisy if the NIC is dead in S3
    - objtool: Add bch2_trans_unlocked_error() to bcachefs noreturns
    - dmaengine: loongson2-apb: Change GENMASK to GENMASK_ULL
    - perf/x86/intel/uncore: Add Clearwater Forest support
    - rtla/timerlat: Fix histogram ALL for zero samples
    - perf/x86/intel: Fix bitmask of OCR and FRONTEND events for LNC
    - perf/x86/intel/ds: Add PEBS format 6
    - power: supply: cros_charge-control: add mutex for driver data
    - power: supply: cros_charge-control: allow start_threshold == end_threshold
    - power: supply: cros_charge-control: hide start threshold on v2 cmd
    - btrfs: add and use helper to verify the calling task has locked the inode
    - btrfs: fix race with memory mapped writes when activating swap file
    - btrfs: fix swap file activation failure due to extents that used to be
      shared
    - btrfs: check folio mapping after unlock in put_file_data()
    - btrfs: allow swap activation to be interruptible
    - btrfs: avoid monopolizing a core when activating a swap file
    - Bluetooth: btusb: mediatek: move Bluetooth power off command position
    - Bluetooth: btusb: mediatek: add callback function in btusb_disconnect
    - Bluetooth: btusb: mediatek: change the conditions for ISO interface
    - ALSA: ump: Shut up truncated string warning
    - Upstream stable to v6.6.69, v6.12.8

* Oracular update: upstream stable patchset 2025-02-06 (LP: #2097531) //
    CVE-2024-56757
    - Bluetooth: btusb: mediatek: add intf release flow when usb disconnect

* Oracular update: upstream stable patchset 2025-02-06 (LP: #2097531) //
    CVE-2024-56758
    - btrfs: check folio mapping after unlock in relocate_one_folio()

* Oracular update: upstream stable patchset 2025-02-06 (LP: #2097531) //
    CVE-2024-56759
    - btrfs: fix use-after-free when COWing tree bock and tracing is enabled

* Oracular update: upstream stable patchset 2025-02-06 (LP: #2097531) //
    CVE-2024-57806
    - btrfs: fix transaction atomicity bug when enabling simple quotas

* Oracular update: upstream stable patchset 2025-02-06 (LP: #2097531) //
    CVE-2024-57793
    - virt: tdx-guest: Just leak decrypted memory on unrecoverable errors

* Oracular update: upstream stable patchset 2025-02-06 (LP: #2097531) //
    CVE-2024-56761
    - x86/fred: Clear WFE in missing-ENDBRANCH #CPs

* Oracular update: upstream stable patchset 2025-02-06 (LP: #2097531) //
    CVE-2024-56764
    - ublk: detach gendisk from ublk device if add_disk() fails

* Oracular update: upstream stable patchset 2025-02-06 (LP: #2097531) //
    CVE-2024-57804
    - scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs

* Oracular update: upstream stable patchset 2025-02-06 (LP: #2097531) //
    CVE-2024-57805
    - ASoC: SOF: Intel: hda-dai: Do not release the link DMA on STOP

* Oracular update: upstream stable patchset 2025-02-06 (LP: #2097531) //
    CVE-2024-57799
    - phy: rockchip: samsung-hdptx: Set drvdata before enabling runtime PM

* Oracular update: upstream stable patchset 2025-02-06 (LP: #2097531) //
    CVE-2024-56768
    - bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP

* Oracular update: upstream stable patchset 2025-02-06 (LP: #2097531) //
    CVE-2024-57792
    - power: supply: gpio-charger: Fix set charge current limits

* Oracular update: upstream stable patchset 2025-02-06 (LP: #2097531) //
    CVE-2024-56760
    - PCI/MSI: Handle lack of irqdomain gracefully

* Oracular update: upstream stable patchset 2025-02-06 (LP: #2097531) //
    CVE-2024-56763
    - tracing: Prevent bad count for tracing_cpumask_write

* Oracular update: upstream stable patchset 2025-02-06 (LP: #2097531) //
    CVE-2024-57946
    - virtio-blk: don't keep queue frozen during system suspend

* Oracular update: upstream stable patchset 2025-02-06 (LP: #2097531) //
    CVE-2024-57798
    - drm/dp_mst: Ensure mst_primary pointer is valid in
      drm_dp_mst_handle_up_req()

* Oracular update: upstream stable patchset 2025-02-06 (LP: #2097531) //
    CVE-2024-57807
    - scsi: megaraid_sas: Fix for a potential deadlock

* Oracular update: upstream stable patchset 2025-02-06 (LP: #2097531) //
    CVE-2024-56765
    - powerpc/pseries/vas: Add close() callback in vas_vm_ops struct

* Oracular update: upstream stable patchset 2025-02-06 (LP: #2097531) //
    CVE-2024-56766
    - mtd: rawnand: fix double free in atmel_pmecc_create_user()

* Oracular update: upstream stable patchset 2025-02-06 (LP: #2097531) //
    CVE-2024-56767
    - dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset

* Oracular update: upstream stable patchset 2025-02-06 (LP: #2097531) //
    CVE-2024-56769
    - media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413)
    - p2sb: Factor out p2sb_read_from_cache()
    - p2sb: Introduce the global flag p2sb_hidden_by_bios
    - p2sb: Move P2SB hide and unhide code to p2sb_scan_and_cache()
    - p2sb: Do not scan and remove the P2SB device when it is unhidden
    - i2c: pnx: Fix timeout in wait functions
    - tools: hv: change permissions of NetworkManager configuration file
    - cxl/pci: Fix potential bogus return value upon successful probing
    - cxl/region: Fix region creation for greater than x2 switches
    - net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll
    - ionic: use ee->offset when returning sprom data
    - net: renesas: rswitch: rework ts tags management
    - ksmbd: count all requests in req_running counter
    - ksmbd: fix broken transfers when exceeding max simultaneous operations
    - net: hinic: Fix cleanup in create_rxqs/txqs()
    - net: ethernet: bgmac-platform: fix an OF node reference leak
    - ipvs: Fix clamp() of ip_vs_conn_tab on small memory systems
    - netfilter: ipset: Fix for recursive locking warning
    - selftests: openvswitch: fix tcpdump execution
    - net: mdiobus: fix an OF node reference leak
    - mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk
    - mmc: mtk-sd: disable wakeup in .remove() and in the error path of .probe()
    - EDAC/amd64: Simplify ECC check on unified memory controllers
    - chelsio/chtls: prevent potential integer overflow on 32bit
    - i2c: riic: Always round-up when calculating bus period
    - efivarfs: Fix error on non-existent file
    - hexagon: Disable constant extender optimization for LLVM prior to 19.1.0
    - USB: serial: option: add TCL IK512 MBIM & ECM
    - USB: serial: option: add MeiG Smart SLM770A
    - USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready
    - USB: serial: option: add MediaTek T7XX compositions
    - USB: serial: option: add Telit FE910C04 rmnet compositions
    - thunderbolt: Improve redrive mode handling
    - drm/panel: novatek-nt35950: fix return value check in nt35950_probe()
    - i915/guc: Reset engine utilization buffer before registration
    - i915/guc: Ensure busyness counter increases motonically
    - i915/guc: Accumulate active runtime on gt reset
    - hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit
      Registers
    - hwmon: (tmp513) Fix Current Register value interpretation
    - hwmon: (tmp513) Fix interpretation of values of Temperature Result and Limit
      Registers
    - zram: refuse to use zero sized block device as backing device
    - zram: fix uninitialized ZRAM not releasing backing device
    - zram: fix potential UAF of zram table
    - vmalloc: fix accounting with i915
    - btrfs: tree-checker: reject inline extent items with 0 ref count
    - tracing: Fix test_event_printk() to process entire print argument
    - tracing: Add missing helper functions in event pointer dereference check
    - tracing: Add "%s" check in test_event_printk()
    - tracing: Have process_string() also allow arrays
    - selftests/memfd: run sysctl tests when PID namespace support is enabled
    - selftests/bpf: Use asm constraint "m" for LoongArch
    - io_uring: Fix registered ring file refcount leak
    - NFS/pnfs: Fix a live lock between recalled layouts and layoutget
    - of/irq: Fix interrupt-map cell length check in of_irq_parse_imap_parent()
    - of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one()
    - nilfs2: fix buffer head leaks in calls to truncate_inode_pages()
    - udmabuf: also check for F_SEAL_FUTURE_WRITE
    - of: Fix error path in of_parse_phandle_with_args_map()
    - of: Fix refcount leakage for OF node returned by __of_get_dma_parent()
    - ceph: validate snapdirname option length when mounting
    - ceph: improve error handling and short/overflow-read logic in
      __ceph_sync_read()
    - ceph: fix memory leaks in __ceph_sync_read()
    - epoll: Add synchronous wakeup support for ep_poll_callback
    - firmware: arm_ffa: Fix the race around setting ffa_dev->properties
    - RISC-V: KVM: Fix csr_write -> csr_set for HVIEN PMU overflow bit
    - s390/ipl: Fix never less than zero warning
    - erofs: fix PSI memstall accounting
    - s390/mm: Consider KMSAN modules metadata for paging levels
    - xfs: sb_spino_align is not verified
    - xfs: fix sparse inode limits on runt AG
    - xfs: fix off-by-one error in fsmap's end_daddr usage
    - xfs: fix sb_spino_align checks for large fsblock sizes
    - xfs: fix zero byte checking in the superblock scrubber
    - tools/net/ynl: fix sub-message key lookup for nested attributes
    - netdev: fix repeated netlink messages in queue dump
    - netdev: fix repeated netlink messages in queue stats
    - team: Fix feature exposure when no ports are present
    - can: m_can: set init flag earlier in probe
    - can: m_can: fix missed interrupts with m_can_pci
    - net: dsa: restore dsa_software_vlan_untag() ability to operate on VLAN-
      untagged traffic
    - netdev-genl: avoid empty messages in queue dump
    - psample: adjust size if rate_as_probability is set
    - irqchip/gic-v3: Work around insecure GIC integrations
    - KVM: arm64: Do not allow ID_AA64MMFR0_EL1.ASIDbits to be overridden
    - KVM: arm64: Fix set_id_regs selftest for ASIDBITS becoming unwritable
    - net: mctp: handle skb cleanup on sock_queue failures
    - xhci: Turn NEC specific quirk for handling Stop Endpoint errors generic
    - thunderbolt: Add support for Intel Panther Lake-M/P
    - thunderbolt: Don't display nvm_version unless upgrade supported
    - drm/display: use ERR_PTR on DP tunnel manager creation fail
    - drm/amd: Update strapping for NBIO 2.5.0
    - drm/amdgpu: fix amdgpu_coredump
    - drm/amdgpu: Handle NULL bo->tbo.resource (again) in amdgpu_vm_bo_update
    - udmabuf: udmabuf_create pin folio codestyle cleanup
    - dma-buf: Fix __dma_buf_debugfs_list_del argument for !CONFIG_DEBUG_FS
    - drm/panel: st7701: Add prepare_prev_first flag to drm_panel
    - drm/panel: synaptics-r63353: Fix regulator unbalance
    - drm/amdgpu/nbio7.11: fix IP version check
    - drm/amdgpu/nbio7.7: fix IP version check
    - drm/amdgpu/smu14.0.2: fix IP version check
    - alloc_tag: fix set_codetag_empty() when !CONFIG_MEM_ALLOC_PROFILING_DEBUG
    - btrfs: split bios to the fs sector size boundary
    - btrfs: fix improper generation check in snapshot delete
    - s390/mm: Fix DirectMap accounting
    - drm/amdgpu/nbio7.0: fix IP version check
    - drm/amdgpu/gfx12: fix IP version check
    - drm/amdgpu/mmhub4.1: fix IP version check
    - fgraph: Still initialize idle shadow stacks when starting
    - tools: hv: Fix a complier warning in the fcopy uio daemon
    - x86/hyperv: Fix hv tsc page based sched_clock for hibernation
    - ocfs2: fix the space leak in LA when releasing LA
    - udmabuf: fix racy memfd sealing check
    - of: property: fw_devlink: Do not use interrupt-parent directly
    - of: address: Preserve the flags portion on 1:1 dma-ranges mapping
    - Upstream stable to v6.6.68, v6.12.7

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-51729
    - mm: use aligned address in copy_user_gigantic_page()

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-52319
    - mm: use aligned address in clear_gigantic_page()

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-56710
    - ceph: fix memory leak in ceph_direct_read_write()

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-53685
    - ceph: give up on paths longer than PATH_MAX

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-54193
    - accel/ivpu: Fix WARN in ivpu_ipc_send_receive_internal()

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-54455
    - accel/ivpu: Fix general protection fault in ivpu_bo_list()

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-56368
    - ring-buffer: Fix overflow in __rb_map_vma

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-57881
    - mm/page_alloc: don't call pfn_to_page() on possibly non-existent PFN in
      split_large_buddy()

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-56711
    - drm/panel: himax-hx83102: Add a check to prevent NULL pointer dereference

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-56712
    - udmabuf: fix memory leak on last export_udmabuf() error path

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-56713
    - net: netdevsim: fix nsim_pp_hold_write()

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-56714
    - ionic: no double destroy workqueue

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-56719
    - net: stmmac: fix TSO DMA API usage causing oops

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-53690
    - nilfs2: prevent use of deleted inode

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-56709
    - io_uring: check if iowq is killed before queuing

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-54680
    - smb: client: fix TCP timers deadlock after rmmod

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-55881
    - KVM: x86: Play nice with protected guests in complete_hypercall_exit()

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-55916
    - Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-56369
    - drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-56372
    - net: tun: fix tun_napi_alloc_frags()

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-56715
    - ionic: Fix netdev notifier unregister on failure

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-56716
    - netdevsim: prevent bad user input in nsim_dev_health_break_write()

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-56717
    - net: mscc: ocelot: fix incorrect IFH SRC_PORT field in
      ocelot_ifh_set_basic()

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-57791
    - net/smc: check return value of sock_recvmsg when draining clc data

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-47408
    - net/smc: check smcd_v2_ext_offset when receiving proposal msg

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-49568
    - net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-49571
    - net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal
      msg

* Oracular update: upstream stable patchset 2025-02-05 (LP: #2097413) //
    CVE-2024-56718
    - net/smc: protect link down work from execute after lgr freed

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332)
    - perf/x86/intel/ds: Unconditionally drain PEBS DS when changing PEBS_DATA_CFG
    - ksmbd: fix racy issue from session lookup and expire
    - splice: do not checksum AF_UNIX sockets
    - tcp: check space before adding MPTCP SYN options
    - riscv: Fix wrong usage of __pa() on a fixmap address
    - ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5
    - usb: host: max3421-hcd: Correctly abort a USB request.
    - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys()
    - usb: dwc2: Fix HCD resume
    - usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature
    - usb: dwc2: Fix HCD port connection race
    - scsi: ufs: core: Update compl_time_stamp_local_clock after completing a cqe
    - usb: gadget: midi2: Fix interpretation of is_midi1 bits
    - usb: ehci-hcd: fix call balance of clocks handling routines
    - usb: typec: anx7411: fix fwnode_handle reference leak
    - usb: typec: anx7411: fix OF node reference leaks in
      anx7411_typec_switch_probe()
    - usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode
    - drm/i915: Fix memory leak by correcting cache object name in error handler
    - xfs: update btree keys correctly when _insrec splits an inode root block
    - xfs: don't drop errno values when we fail to ficlone the entire range
    - xfs: return from xfs_symlink_verify early on V4 filesystems
    - xfs: fix scrub tracepoints when inode-rooted btrees are involved
    - xfs: only run precommits once per transaction object
    - bpf: Check size for BTF-based ctx access of pointer members
    - bpf: Fix theoretical prog_array UAF in __uprobe_perf_func()
    - bpf, sockmap: Fix update element with same
    - wifi: mac80211: init cnt before accessing elem in
      ieee80211_copy_mbssid_beacon
    - wifi: mac80211: fix station NSS capability initialization order
    - batman-adv: Do not send uninitialized TT changes
    - batman-adv: Remove uninitialized data in full table TT response
    - batman-adv: Do not let TT changes list grows indefinitely
    - wifi: cfg80211: sme: init n_channels before channels[] access
    - selftests: mlxsw: sharedbuffer: Remove h1 ingress test case
    - selftests: mlxsw: sharedbuffer: Remove duplicate test cases
    - selftests: mlxsw: sharedbuffer: Ensure no extra packets are counted
    - ptp: kvm: x86: Return EOPNOTSUPP instead of ENODEV from kvm_arch_ptp_init()
    - net: mscc: ocelot: fix memory leak on ocelot_port_add_txtstamp_skb()
    - net: mscc: ocelot: improve handling of TX timestamp for unknown skb
    - net: mscc: ocelot: ocelot->ts_id_lock and ocelot_port->tx_skbs.lock are IRQ-
      safe
    - net: mscc: ocelot: be resilient to loss of PTP packets during transmission
    - net: mscc: ocelot: perform error cleanup in ocelot_hwstamp_set()
    - spi: aspeed: Fix an error handling path in aspeed_spi_[read|write]_user()
    - net: sparx5: fix FDMA performance issue
    - net: sparx5: fix the maximum frame length register
    - ACPI: resource: Fix memory resource type union access
    - cxgb4: use port number to set mac addr
    - qca_spi: Fix clock speed for multiple QCA7000
    - qca_spi: Make driver probing reliable
    - ASoC: amd: yc: Fix the wrong return value
    - Documentation: PM: Clarify pm_runtime_resume_and_get() return value
    - net: renesas: rswitch: fix race window between tx start and complete
    - net: renesas: rswitch: fix leaked pointer on error path
    - net: renesas: rswitch: handle stop vs interrupt race
    - net: dsa: felix: fix stuck CPU-injected packets with short taprio windows
    - bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
    - team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
    - ACPICA: events/evxfregn: don't release the ContextMutex that was never
      acquired
    - Bluetooth: iso: Fix recursive locking warning
    - Bluetooth: SCO: Add support for 16 bits transparent voice setting
    - net: renesas: rswitch: fix initial MPIC register setting
    - net: dsa: microchip: KSZ9896 register regmap alignment to 32 bit boundaries
    - blk-iocost: Avoid using clamp() on inuse in __propagate_weights()
    - kselftest/arm64: abi: fix SVCR detection
    - KVM: arm64: Disable MPAM visibility by default and ignore VMM writes
    - selftests/bpf: remove use of __xlated()
    - xen/netfront: fix crash when removing device
    - x86: make get_cpu_vendor() accessible from Xen code
    - objtool/x86: allow syscall instruction
    - x86/static-call: provide a way to do very early static-call updates
    - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0
    - x86/asm: Make serialize() always_inline
    - x86/xen: don't do PV iret hypercall through hypercall page
    - x86/xen: add central hypercall functions
    - x86/xen: use new hypercall functions instead of hypercall page
    - x86/xen: remove hypercall page
    - x86/static-call: fix 32-bit build
    - serial: sh-sci: Check if TX data was written to device in .tx_empty()
    - clk: en7523: Fix wrong BUS clock for EN7581
    - block: Switch to using refcount_t for zone write plugs
    - block: Use a zone write plug BIO work for REQ_NOWAIT BIOs
    - dm: Fix dm-zoned-reclaim zone write pointer alignment
    - gpio: graniterapids: Fix GPIO Ack functionality
    - spi: rockchip: Fix PM runtime count on no-op cs
    - gpio: ljca: Initialize num before accessing item in ljca_gpio_config
    - ALSA: hda/realtek: Fix headset mic on Acer Nitro 5
    - crypto: hisilicon/debugfs - fix the struct pointer incorrectly offset
      problem
    - block: Ignore REQ_NOWAIT for zone reset and zone finish operations
    - gpio: graniterapids: Fix incorrect BAR assignment
    - gpio: graniterapids: Fix invalid GPI_IS register offset
    - gpio: graniterapids: Fix invalid RXEVCFG register bitmask
    - gpio: graniterapids: Determine if GPIO pad can be used by driver
    - gpio: graniterapids: Check if GPIO line can be used for IRQs
    - usb: core: hcd: only check primary hcd skip_phy_initialization
    - bpf: Revert "bpf: Mark raw_tp arguments with PTR_MAYBE_NULL"
    - usb: typec: ucsi: Fix completion notifications
    - drm/xe: Call invalidation_fence_fini for PT inval fences in error state
    - drm/amdkfd: pause autosuspend when creating pdd
    - drm/amdkfd: fixed page fault when enable MES shader debugger
    - drm/i915/dsb: s/dsb/dsb_color_vblank/
    - drm/i915/color: Stop using non-posted DSB writes for legacy LUT
    - drm/amdgpu: fix UVD contiguous CS mapping problem
    - drm/amd/pm: Set SMU v13.0.7 default workload type
    - drm/amdkfd: hard-code cacheline size for gfx11
    - drm/amdkfd: hard-code MALL cacheline size for gfx11, gfx12
    - xfs: set XFS_SICK_INO_SYMLINK_ZAPPED explicitly when zapping a symlink
    - xfs: return a 64-bit block count from xfs_btree_count_blocks
    - bpf: Augment raw_tp arguments with PTR_MAYBE_NULL
    - wifi: mac80211: fix a queue stall in certain cases of CSA
    - perf machine: Initialize machine->env to address a segfault
    - bnxt_en: Fix GSO type for HW GRO packets on 5750X chips
    - block: get wp_offset by bdev_offset_from_zone_start
    - cifs: Fix rmdir failure due to ongoing I/O on deleted file
    - net: renesas: rswitch: fix possible early skb release
    - Bluetooth: Improve setsockopt() handling of malformed user input
    - libperf: evlist: Fix --cpu argument on hybrid platform
    - ASoC: fsl_xcvr: change IFACE_PCM to IFACE_MIXER
    - ASoC: fsl_spdif: change IFACE_PCM to IFACE_MIXER
    - selftests: netfilter: Stabilize rpath.sh
    - net: mana: Fix memory leak in mana_gd_setup_irqs
    - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs
    - net, team, bonding: Add netdev_base_features helper
    - bonding: Fix initial {vlan,mpls}_feature set in bond_compute_features
    - team: Fix initial vlan_feature set in __team_compute_features
    - net: dsa: tag_ocelot_8021q: fix broken reception
    - drm/xe: fix the ERR_PTR() returned on failure to allocate tiny pt
    - blk-mq: move cpuhp callback registering out of q->sysfs_lock
    - block: avoid to reuse `hctx` not removed from cpuhp callback list
    - rust: kbuild: set `bindgen`'s Rust target version
    - Upstream stable to v6.6.67, v6.12.6

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-56652
    - drm/xe/reg_sr: Remove register pool

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-54191
    - Bluetooth: iso: Fix circular lock in iso_conn_big_sync

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-54460
    - Bluetooth: iso: Fix circular lock in iso_listen_bis

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-57879
    - Bluetooth: iso: Always release hdev at the end of iso_listen_bis

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-57880
    - ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-56656
    - bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-53682
    - regulator: axp20x: AXP717: set ramp_delay

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-55641
    - xfs: unlock inodes when erroring out of xfs_trans_alloc_dir

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-56671
    - gpio: graniterapids: Fix vGPIO driver crash

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-55642
    - block: Prevent potential deadlocks in zone write plug error recovery

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-56673
    - riscv: mm: Do not call pmd dtor on vmemmap page table teardown

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-56653
    - Bluetooth: btmtk: avoid UAF in btmtk_process_coredump

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-56654
    - Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-56770
    - net/sched: netem: account for backlog updates from child qdisc

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-56655
    - netfilter: nf_tables: do not defer rule destruction via call_rcu

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-54683
    - netfilter: IDLETIMER: Fix for possible ABBA deadlock

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-55639
    - net: renesas: rswitch: avoid use-after-put for a device tree node

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-56657
    - ALSA: control: Avoid WARN() for symlink errors

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-56659
    - net: lapb: increase LAPB_HEADER_LEN

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-56660
    - net/mlx5: DR, prevent potential error pointer dereference

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-56662
    - acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-56663
    - wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-56664
    - bpf, sockmap: Fix race between element replace and close()

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-56665
    - bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-56667
    - drm/i915: Fix NULL pointer dereference in capture_engine

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-56670
    - usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to
      accessing null pointer

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-53687
    - riscv: Fix IPIs usage in kfence_protect_page()

* Oracular update: upstream stable patchset 2025-02-04 (LP: #2097332) //
    CVE-2024-56675
    - bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors

* CVE-2024-56669
    - iommu/vt-d: Remove cache tags before disabling ATS

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827)
    - iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
    - watchdog: xilinx_wwdt: Calculate max_hw_heartbeat_ms using clock frequency
    - watchdog: apple: Actually flush writes after requesting watchdog restart
    - watchdog: mediatek: Make sure system reset gets asserted in
      mtk_wdt_restart()
    - can: gs_usb: add usb endpoint address detection at driver probe step
    - can: c_can: c_can_handle_bus_err(): update statistics if skb allocation
      fails
    - can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL
    - can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics
    - can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics
    - can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics
    - can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics
    - can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
    - can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics
    - can: f81604: f81604_handle_can_bus_errors(): fix {rx,tx}_errors statistics
    - ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
    - selftests: hid: fix typo and exit code
    - ptp: Add error handling for adjfine callback in ptp_clock_adjtime
    - net/sched: tbf: correct backlog statistic for GSO packets
    - platform/x86: asus-wmi: add support for vivobook fan profiles
    - platform/x86: asus-wmi: Fix inconsistent use of thermal policies
    - platform/x86: asus-wmi: Ignore return value when writing thermal policy
    - tipc: fix NULL deref in cleanup_bearer()
    - net/qed: allow old cards not supporting "num_images" to work
    - ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5
    - ixgbe: downgrade logging of unsupported VF API version to debug
    - net: sched: fix erspan_opt settings in cls_flower
    - netfilter: nft_set_hash: skip duplicated elements pending gc run
    - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
    - ethtool: Fix wrong mod state in case of verbose and no_mask bitset
    - mlxsw: spectrum_acl_flex_keys: Constify struct mlxsw_afk_element_inst
    - mlxsw: spectrum_acl_flex_keys: Use correct key block on Spectrum-4
    - net/mlx5e: Remove workaround to avoid syndrome for internal port
    - gpio: grgpio: use a helper variable to store the address of ofdev->dev
    - soc: fsl: cpm1: qmc: Fix blank line and spaces
    - soc: fsl: cpm1: qmc: Re-order probe() operations
    - soc: fsl: cpm1: qmc: Introduce qmc_init_resource() and its CPM1 version
    - soc: fsl: cpm1: qmc: Introduce qmc_{init,exit}_xcc() and their CPM1 version
    - soc: fsl: cpm1: qmc: Set the ret error code on platform_get_irq() failure
    - mmc: mtk-sd: use devm_mmc_alloc_host
    - mmc: mtk-sd: Fix error handle of probe function
    - mmc: mtk-sd: fix devm_clk_get_optional usage
    - mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting
    - zram: do not mark idle slots that cannot be idle
    - zram: clear IDLE flag in mark_idle()
    - ntp: Remove invalid cast in time offset math
    - i3c: master: support to adjust first broadcast address speed
    - i3c: master: Fix missing 'ret' assignment in set_speed()
    - i3c: master: svc: use slow speed for first broadcast address
    - i3c: master: Replace hard code 2 with macro I3C_ADDR_SLOT_STATUS_BITS
    - i3c: master: Extend address status bit to 4 and add
      I3C_ADDR_SLOT_EXT_DESIRED
    - i3c: master: Fix dynamic address leak when 'assigned-address' is present
    - scsi: ufs: core: Always initialize the UIC done completion
    - scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG
    - bpf, vsock: Fix poll() missing a queue
    - bpf, vsock: Invoke proto::close on close()
    - xsk: always clear DMA mapping information when unmapping the pool
    - bpftool: fix potential NULL pointer dereferencing in prog_dump()
    - drm/sti: Add __iomem for mixer_dbg_mxn's parameter
    - ALSA: ump: Update substream name from assigned FB names
    - ALSA: seq: ump: Fix seq port updates per FB info notify
    - ALSA: usb-audio: Notify xrun for low-latency mode
    - tools: Override makefile ARCH variable if defined, but empty
    - ASoC: SOF: ipc3-topology: Convert the topology pin index to ALH dai index
    - ASoC: SOF: ipc3-topology: fix resource leaks in
      sof_ipc3_widget_setup_comp_dai()
    - bpf: Fix narrow scalar spill onto 64-bit spilled scalar slots
    - scsi: scsi_debug: Fix hrtimer support for ndelay
    - ASoC: mediatek: mt8188-mt6359: Remove hardcoded dmic codec
    - drm/v3d: Enable Performance Counters before clearing them
    - scatterlist: fix incorrect func name in kernel-doc
    - iio: magnetometer: yas530: use signed integer type for clamp limits
    - bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie
    - bpf: Remove unnecessary kfree(im_node) in lpm_trie_update_elem
    - bpf: Handle in-place update for full LPM trie correctly
    - bpf: Fix exact match conditions in trie_get_next_key()
    - x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails
    - watchdog: rti: of: honor timeout-sec property
    - can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E 6.
    - tracing: Fix cmp_entries_dup() to respect sort() comparison rules
    - arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit
      ASIDs
    - ALSA: usb-audio: add mixer mapping for Corsair HS80
    - ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8
    - ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG)
    - scsi: qla2xxx: Fix abort in bsg timeout
    - scsi: qla2xxx: Fix NVMe and NPIV connect issue
    - scsi: qla2xxx: Supported speed displayed incorrectly for VPorts
    - scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt
    - scsi: ufs: core: Add missing post notify for power mode change
    - fs/smb/client: avoid querying SMB2_OP_QUERY_WSL_EA for SMB3 POSIX
    - fs/smb/client: Implement new SMB3 POSIX type
    - fs/smb/client: cifs_prime_dcache() for SMB3 POSIX reparse points
    - smb3.1.1: fix posix mounts to older servers
    - drm/dp_mst: Verify request type in the corresponding down message reply
    - modpost: Add .irqentry.text to OTHER_SECTIONS
    - x86/kexec: Restore GDT on return from ::preserve_context kexec
    - dma-buf: fix dma_fence_array_signaled v4
    - dma-fence: Fix reference leak on fence merge failure path
    - dma-fence: Use kernel's sort for merging fences
    - regmap: detach regmap from dev on regmap_exit
    - mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10
      tablet
    - mmc: core: Further prevent card detect during shutdown
    - ocfs2: update seq_file index in ocfs2_dlm_seq_next
    - lib: stackinit: hide never-taken branch from compiler
    - kasan: make report_lock a raw spinlock
    - x86/mm: Add _PAGE_NOPTISHADOW bit to avoid updating userspace page tables
    - epoll: annotate racy check
    - kselftest/arm64: Log fp-stress child startup errors to stdout
    - btrfs: avoid unnecessary device path update for the same device
    - btrfs: do not clear read-only when adding sprout device
    - kselftest/arm64: Don't leak pipe fds in pac.exec_sign_all()
    - hwmon: (nct6775) Add 665-ACE/600M-CL to ASUS WMI monitoring list
    - ACPI: x86: Make UART skip quirks work on PCI UARTs without an UID
    - perf/x86/amd: Warn only on new bits set
    - spi: spi-fsl-lpspi: Adjust type of scldiv
    - HID: add per device quirk to force bind to hid-generic
    - media: uvcvideo: RealSense D421 Depth module metadata
    - media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera
    - media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108
    - mmc: core: Add SD card quirk for broken poweroff notification
    - mmc: sdhci-esdhc-imx: enable quirks SDHCI_QUIRK_NO_LED
    - regmap: maple: Provide lockdep (sub)class for maple tree's internal lock
    - selftests/resctrl: Protect against array overflow when reading strings
    - HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support
    - drm/vc4: hdmi: Avoid log spam for audio start failure
    - drm/vc4: hvs: Set AXI panic modes for the HVS
    - drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model
    - drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition
    - drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK
    - drm/bridge: it6505: Enable module autoloading
    - drm/mcde: Enable module autoloading
    - drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check()
    - drm/display: Fix building with GCC 15
    - ALSA: hda: Use own quirk lookup helper
    - ALSA: hda/conexant: Use the new codec SSID matching
    - r8169: don't apply UDP padding quirk on RTL8126A
    - samples/bpf: Fix a resource leak
    - net: fec_mpc52xx_phy: Use %pa to format resource_size_t
    - net: ethernet: fs_enet: Use %pa to format resource_size_t
    - net/sched: cbs: Fix integer overflow in cbs_set_port_rate()
    - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc
    - wifi: ath5k: add PCI ID for SX76X
    - wifi: ath5k: add PCI ID for Arcadyan devices
    - fanotify: allow reporting errors on failure to open fd
    - drm/panel: simple: Add Microchip AC69T88A LVDS Display panel
    - net: sfp: change quirks for Alcatel Lucent G-010S-P
    - net: stmmac: Programming sequence for VLAN packets with split header
    - drm/sched: memset() 'job' in drm_sched_job_init()
    - amdgpu/uvd: get ring reference from rq scheduler
    - drm/amdgpu: don't access invalid sched
    - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih
    - drm/amdgpu: Dereference the ATCS ACPI buffer
    - netlink: specs: Add missing bitset attrs to ethtool spec
    - drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr
    - fsl/fman: Validate cell-index value obtained from Device Tree
    - drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov
    - ALSA: usb-audio: Make mic volume workarounds globally applicable
    - wifi: ipw2x00: libipw_rx_any(): fix bad alignment
    - dsa: qca8k: Use nested lock to avoid splat
    - Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables
    - Bluetooth: Add new quirks for ATS2851
    - Bluetooth: Support new quirks for ATS2851
    - Bluetooth: Set quirks for ATS2851
    - ASoC: hdmi-codec: reorder channel allocation list
    - rocker: fix link status detection in rocker_carrier_init()
    - net/neighbor: clear error in case strict check is not set
    - netpoll: Use rcu_access_pointer() in __netpoll_setup
    - pinctrl: freescale: fix COMPILE_TEST error with PINCTRL_IMX_SCU
    - tracing/ftrace: disable preemption in syscall probe
    - tracing: Use atomic64_inc_return() in trace_clock_counter()
    - tools/rtla: fix collision with glibc sched_attr/sched_set_attr
    - rtla/timerlat: Make timerlat_top_cpu->*_count unsigned long long
    - scsi: ufs: core: Make DMA mask configuration more flexible
    - scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths
    - clk: qcom: rcg2: add clk_rcg2_shared_floor_ops
    - clk: qcom: rpmh: add support for SAR2130P
    - clk: qcom: tcsrcc-sm8550: add SAR2130P support
    - scsi: st: Don't modify unknown block number in MTIOCGET
    - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset
    - pinctrl: qcom-pmic-gpio: add support for PM8937
    - pinctrl: qcom: spmi-mpp: Add PM8937 compatible
    - thermal/drivers/qcom/tsens-v1: Add support for MSM8937 tsens
    - nvdimm: rectify the illogical code within nd_dax_probe()
    - smb: client: memcpy() with surrounding object base address
    - verification/dot2: Improve dot parser robustness
    - KMSAN: uninit-value in inode_go_dump (5)
    - PCI: qcom: Add support for IPQ9574
    - PCI: vmd: Add DID 8086:B06F and 8086:B60B for Intel client SKUs
    - PCI: vmd: Set devices to D0 before enabling PM L1 Substates
    - PCI: Detect and trust built-in Thunderbolt chips
    - PCI: Add 'reset_subordinate' to reset hierarchy below bridge
    - PCI: Add ACS quirk for Wangxun FF5xxx NICs
    - f2fs: print message if fscorrupted was found in f2fs_new_node_page()
    - ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 8 A1-840
    - ACPI: x86: Clean up Asus entries in acpi_quirk_skip_dmi_ids[]
    - fs/ntfs3: Fix case when unmarked clusters intersect with zone
    - usb: chipidea: udc: handle USB Error Interrupt if IOC not set
    - iio: light: ltr501: Add LTER0303 to the supported devices
    - ASoC: amd: yc: fix internal mic on Redmi G 2022
    - drm/amdgpu/vcn: reset fw_shared when VCPU buffers corrupted on vcn v4.0.3
    - ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen 6
      21M1CTO1WW
    - misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle
    - rtc: cmos: avoid taking rtc_lock for extended period of time
    - serial: 8250_dw: Add Sophgo SG2044 quirk
    - smb: client: don't try following DFS links in cifs_tree_connect()
    - setlocalversion: work around "git describe" performance
    - sched/core: Remove the unnecessary need_resched() check in nohz_csd_func()
    - sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU turning
      busy
    - sched/core: Prevent wakeup of ksoftirqd during idle load balance
    - btrfs: fix missing snapshot drew unlock when root is dead during swap
      activation
    - clk: en7523: Initialize num before accessing hws in en7523_register_clocks()
    - tracing/eprobe: Fix to release eprobe when failed to add dyn_event
    - x86: Fix build regression with CONFIG_KEXEC_JUMP enabled
    - Revert "unicode: Don't special case ignorable code points"
    - vfio/mlx5: Align the page tracking max message size with the device
      capability
    - selftests/ftrace: adjust offset for kprobe syntax error test
    - KVM: x86/mmu: Ensure that kvm_release_pfn_clean() takes exact pfn from
      kvm_faultin_pfn()
    - jffs2: Fix rtime decompressor
    - ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume"
    - drm/amdgpu: rework resume handling for display (v2)
    - ALSA: hda: Fix build error without CONFIG_SND_DEBUG
    - ALSA: usb-audio: Update UMP group attributes for GTB blocks, too
    - bnxt_en: ethtool: Supply ntuple rss context action
    - net: phy: microchip: Reset LAN88xx PHY to ensure clean link state on
      LAN7800/7850
    - ice: fix PHY Clock Recovery availability check
    - ice: fix PHY timestamp extraction for ETH56G
    - ice: Fix VLAN pruning in switchdev mode
    - ixgbe: Correct BASE-BX10 compliance code
    - Revert "udp: avoid calling sock_def_readable() if possible"
    - net/mlx5e: SD, Use correct mdev to build channel param
    - vsock/test: fix failures due to wrong SO_RCVLOWAT parameter
    - vsock/test: fix parameter types in SO_VM_SOCKETS_* calls
    - mmc: sd: SDUC Support Recognition
    - mmc: core: Adjust ACMD22 to SDUC
    - mmc: core: Use GFP_NOIO in ACMD22
    - f2fs: clean up w/ F2FS_{BLK_TO_BYTES,BTYES_TO_BLK}
    - f2fs: fix to adjust appropriate length for fiemap
    - f2fs: fix to requery extent which cross boundary of inquiry
    - drm/amd/display: calculate final viewport before TAP optimization
    - drm/amd/display: Ignore scalar validation failure if pipe is phantom
    - pmdomain: core: Add missing put_device()
    - pmdomain: core: Fix error path in pm_genpd_init() when ida alloc fails
    - pmdomain: core: add dummy release function to genpd device
    - nvme: don't apply NVME_QUIRK_DEALLOCATE_ZEROES when DSM is not supported
    - bpf: Ensure reg is PTR_TO_STACK in process_iter_arg
    - irqchip/stm32mp-exti: CONFIG_STM32MP_EXTI should not default to y when
      compile-testing
    - bpf: Don't mark STACK_INVALID as STACK_MISC in mark_stack_slot_misc
    - nvme-fabrics: handle zero MAXCMD without closing the connection
    - rust: allow `clippy::needless_lifetimes`
    - HID: i2c-hid: Revert to using power commands to wake on resume
    - LoongArch: KVM: Protect kvm_check_requests() with SRCU
    - net :mana :Request a V2 response version for MANA_QUERY_GF_STAT
    - ALSA: usb-audio: Fix a DMA to stack memory bug
    - ALSA: usb-audio: Add extra PID for RME Digiface USB
    - scsi: ufs: pltfrm: Disable runtime PM during removal of glue drivers
    - io_uring: Change res2 parameter type in io_uring_cmd_done
    - selftests/damon: add _damon_sysfs.py to TEST_FILES
    - selftest: hugetlb_dio: fix test naming
    - x86/cacheinfo: Delete global num_cache_leaves
    - drm/amdkfd: hard-code cacheline for gc943,gc944
    - drm/amdkfd: add MEC version that supports no PCIe atomics for GFX12
    - drm/amdgpu/swsmu: fix SMU11 typos (memlk -> memclk)
    - drm/amd/pm: fix and simplify workload handling
    - drm/amd/display: Correct prefetch calculation
    - drm/amd/display: Limit VTotal range to max hw cap minus fp
    - drm/amd/display: Add a left edge pixel if in YCbCr422 or YCbCr420 and odm
    - drm/amd/amdgpu: allow use kiq to do hdp flush under sriov
    - drm/amdgpu/hdp4.0: do a posting read when flushing HDP
    - drm/amdgpu/hdp5.0: do a posting read when flushing HDP
    - drm/amdgpu/hdp5.2: do a posting read when flushing HDP
    - drm/amdgpu/hdp6.0: do a posting read when flushing HDP
    - drm/amdgpu/hdp7.0: do a posting read when flushing HDP
    - x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation
    - x86/cpu/topology: Remove limit of CPUs due to disabled IO/APIC
    - mm/damon: fix order of arguments in damos_before_apply tracepoint
    - mm: memcg: declare do_memsw_account inline
    - mm: open-code PageTail in folio_flags() and const_folio_flags()
    - mm: open-code page_folio() in dump_page()
    - mm: respect mmap hint address when aligning for THP
    - scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove()
    - memblock: allow zero threshold in validate_numa_converage()
    - rust: enable arbitrary_self_types and remove `Receiver`
    - s390/pci: Sort PCI functions prior to creating virtual busses
    - s390/pci: Use topology ID for multi-function devices
    - s390/pci: Ignore RID for isolated VFs
    - btrfs: canonicalize the device path before adding it
    - btrfs: add the missing error handling inside get_canonical_dev_path
    - ext4: partial zero eof block on unaligned inode size extension
    - crypto: ecdsa - Avoid signed integer overflow on signature decoding
    - ACPI: video: force native for Apple MacbookPro11,2 and Air7,2
    - cleanup: Adjust scoped_guard() macros to avoid potential warning
    - iio: magnetometer: fix if () scoped_guard() formatting
    - timekeeping: Always check for negative motion
    - [Config] updateconfigs for CLOCKSOURCE_VALIDATE_LAST_CYCLE
    - gpio: free irqs that are still requested when the chip is being removed
    - firmware: qcom: scm: Allow QSEECOM on Lenovo Yoga Slim 7x
    - soc: qcom: pd-mapper: Add QCM6490 PD maps
    - media: uvcvideo: Force UVC version to 1.0a for 0408:4033
    - firmware: qcom: scm: Allow QSEECOM on Dell XPS 13 9345
    - drm/xe/pciids: separate RPL-U and RPL-P PCI IDs
    - drm/xe/pciids: separate ARL and MTL PCI IDs
    - drm/xe/pciids: Add PVC's PCI device ID macros
    - wifi: mac80211: export ieee80211_purge_tx_queue() for drivers
    - drm/xe/pciid: Add new PCI id for ARL
    - ASoC: Intel: sof_rt5682: Add HDMI-In capture with rt5682 support for MTL.
    - drm/amd/display: skip disable CRTC in seemless bootup case
    - drm/amd/display: Fix garbage or black screen when resetting otg
    - drm/amd/display: disable SG displays on cyan skillfish
    - drm/xe/ptl: L3bank mask is not available on the media GT
    - drm/xe/xe3: Add initial set of workarounds
    - ALSA: hda/realtek: Use codec SSID matching for Lenovo devices
    - ALSA: hda/realtek: Fix quirk matching for Legion Pro 7
    - wifi: mac80211: Add non-atomic station iterator
    - accel/qaic: Add AIC080 support
    - drm/amd/display: Full exit out of IPS2 when all allow signals have been
      cleared
    - ASoC: sdw_utils: Add support for exclusion DAI quirks
    - ASoC: sdw_utils: Add a quirk to allow the cs42l43 mic DAI to be ignored
    - ASoC: Intel: sof_sdw: Add quirk for cs42l43 system using host DMICs
    - ASoC: Intel: sof_sdw: Add quirks for some new Lenovo laptops
    - ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 21Q6 and 21Q7
    - ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 21QA and 21QB
    - ASoC: sdw_utils: Add quirk to exclude amplifier function
    - ASoC: Intel: soc-acpi-intel-arl-match: Add rt722 and rt1320 support
    - drm/amd/display: Fix underflow when playing 8K video in full screen mode
    - mptcp: annotate data-races around subflow->fully_established
    - net/tcp: Add missing lockdep annotations for TCP-AO hlist traversals
    - drm/panic: Add ABGR2101010 support
    - drm/amd/display: avoid disable otg when dig was disabled
    - drm/amd/display: Fix Potential Null Dereference
    - drm/amd/display: Remove hw w/a toggle if on DP2/HPO
    - drm/amd/display: parse umc_info or vram_info based on ASIC
    - drm/amd/display: Prune Invalid Modes For HDMI Output
    - mptcp: fix possible integer overflow in mptcp_reset_tout_timer
    - i2c: i801: Add support for Intel Panther Lake
    - Bluetooth: hci_conn: Reduce hci_conn_drop() calls in two functions
    - Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925
    - Bluetooth: btusb: Add new VID/PID 0489/e124 for MT7925
    - Bluetooth: btusb: Add 3 HWIDs for MT7925
    - rtla: Fix consistency in getopt_long for timerlat_hist
    - rtla/timerlat: Make timerlat_hist_cpu->*_count unsigned long long
    - ring-buffer: Limit time with disabled interrupts in rb_check_pages()
    - iommu/amd: Fix corruption when mapping large pages from 0
    - scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up
      FDMI
    - scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback
    - clk: qcom: clk-alpha-pll: Add NSS HUAYRA ALPHA PLL support for ipq9574
    - tracing: Fix function name for trampoline
    - tools/rtla: Enhance argument parsing in timerlat_load.py
    - mailbox: pcc: Check before sending MCTP PCC response ACK
    - PCI: starfive: Enable controller runtime PM before probing host bridge
    - remoteproc: qcom: pas: enable SAR2130P audio DSP support
    - f2fs: add a sysfs node to limit max read extent count per-inode
    - fs/ntfs3: Implement fallocate for compressed files
    - fs/ntfs3: Fix warning in ni_fiemap
    - regulator: qcom-rpmh: Update ranges for FTSMPS525
    - usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag
    - usb: chipidea: udc: limit usb request length to max 16KB
    - usb: chipidea: udc: create bounce buffer for problem sglist entries if
      possible
    - usb: typec: ucsi: Do not call ACPI _DSM method for UCSI read operations
    - iio: adc: ad7192: properly check spi_get_device_match_data()
    - usb: typec: ucsi: glink: be more precise on orientation-aware ports
    - nvme: use helper nvme_ctrl_state in nvme_keep_alive_finish function
    - Revert "nvme: make keep-alive synchronous operation"
    - irqchip/gicv3-its: Add workaround for hip09 ITS erratum 162100801
    - [Config] updateconfigs for HISILICON_ERRATUM_162100801
    - drm/amd/display: Add option to retrieve detile buffer size
    - btrfs: drop unused parameter options from open_ctree()
    - btrfs: drop unused parameter data from btrfs_fill_super()
    - btrfs: fix mount failure due to remount races
    - media: ipu6: use the IPU6 DMA mapping APIs to do mapping
    - net/mlx5: unique names for per device caches
    - ASoC: Intel: avs: Fix return status of avs_pcm_hw_constraints_init()
    - Revert "drm/amd/display: parse umc_info or vram_info based on ASIC"
    - s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails
    - timekeeping: Remove CONFIG_DEBUG_TIMEKEEPING
    - [Config] updateconfigs for DEBUG_TIMEKEEPING
    - clocksource: Make negative motion detection more robust
    - softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel
    - Revert "iio: adc: ti-lmp92064: add missing select IIO_(TRIGGERED_)BUFFER in
      Kconfig"
    - Upstream stable to v6.6.66, v6.12.5

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56583
    - sched/deadline: Fix warning in migrate_enable for boosted tasks

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-41932
    - sched: fix warning in sched_setaffinity

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-57872
    - scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56588
    - scsi: hisi_sas: Create all dump files during debugfs initialization

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56591
    - Bluetooth: hci_conn: Use disable_delayed_work_sync

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56784
    - drm/amd/display: Adding array index check to prevent memory corruption

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-47794
    - bpf: Prevent tailcall infinite loop caused by freplace

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56599
    - wifi: ath10k: avoid NULL pointer error during sdio remove

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56607
    - wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask()

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56608
    - drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56609
    - wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56782
    - ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-57875
    - block: RCU protect disk->conv_zones_bitmap

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-48876
    - stackdepot: fix stack_depot_save_flags() in NMI context

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56618
    - pmdomain: imx: gpcv2: Adjust delay after power up handshake

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-57839
    - Revert "readahead: properly shorten readahead when falling back to
      do_page_cache_ra()"

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56620
    - scsi: ufs: qcom: Only free platform MSIs when ESI is enabled

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56621
    - scsi: ufs: core: Cancel RTC work during ufshcd_remove()

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-57878
    - arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56624
    - iommufd: Fix out_fput in iommufd_fault_alloc()

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-49569
    - nvme-rdma: unquiesce admin_q before destroy it

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56632
    - nvme-tcp: fix the memleak while create new ctrl failed

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56639
    - net: hsr: must allocate more bytes for RedBox support

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56646
    - ipv6: avoid possible NULL deref in modify_prefix_route()

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56647
    - net: Fix icmp host relookup triggering ip_rt_bug

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-57850
    - jffs2: Prevent rtime decompress memory corruption

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56611
    - mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a
      MM

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56613
    - sched/numa: fix memory leak due to the overwritten vma->numab_state

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56584
    - io_uring/tctx: work around xa_store() allocation error issue

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56781
    - powerpc/prom_init: Fixup missing powermac #size-cells

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56785
    - MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56585
    - LoongArch: Fix sleeping in atomic context for PREEMPT_RT

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-41935
    - f2fs: fix to shrink read extent node in batches

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-43098
    - i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to
      avoid deadlock

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-45828
    - i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56586
    - f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56587
    - leds: class: Protect brightness_show() with led_cdev->led_access mutex

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56786
    - bpf: put bpf_link's program when link is safe to be deallocated

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-47141
    - pinmux: Use sequential access to access desc->pinmux data

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56589
    - scsi: hisi_sas: Add cond_resched() for no forced preemption model

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56590
    - Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56592
    - bpf: Call free_htab_elem() after htab_unlock_bucket()

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56593
    - wifi: brcmfmac: Fix oops due to NULL pointer dereference in
      brcmf_sdiod_sglist_rw()

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56594
    - drm/amdgpu: set the right AMDGPU sg segment limitation

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-57843
    - virtio-net: fix overflow inside virtnet_rq_alloc

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56595
    - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56596
    - jfs: fix array-index-out-of-bounds in jfs_readdir

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56597
    - jfs: fix shift-out-of-bounds in dbSplit

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56598
    - jfs: array-index-out-of-bounds fix in dtReadFirst

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-47143
    - dma-debug: fix a possible deadlock on radix_lock

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56600
    - net: inet6: do not leave a dangling sk pointer in inet6_create()

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56601
    - net: inet: do not leave a dangling sk pointer in inet_create()

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56602
    - net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56603
    - net: af_can: do not leave a dangling sk pointer in can_create()

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56604
    - Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56605
    - Bluetooth: L2CAP: do not leave dangling sk pointer on error in
      l2cap_sock_create()

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56606
    - af_packet: avoid erroring out after sock_init_data() in packet_create()

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-47809
    - dlm: fix possible lkb_resource null dereference

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-48873
    - wifi: rtw89: check return value of ieee80211_probereq_get() for RNR

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56787
    - soc: imx8m: Probe the SoC driver as platform driver

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56610
    - kcsan: Turn report_filterlist_lock into a raw_spinlock

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-48875
    - btrfs: don't take dev_replace rwsem on task already holding it

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-57849
    - s390/cpum_sf: Handle CPU hotplug remove during sampling

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56614
    - xsk: fix OOB map writes when deleting elements

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56615
    - bpf: fix OOB devmap writes when deleting elements

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-57876
    - drm/dp_mst: Fix resetting msg rx state after topology removal

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56616
    - drm/dp_mst: Fix MST sideband message body length check

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56617
    - cacheinfo: Allocate memory during CPU hotplug if not done from the primary
      CPU

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-48881
    - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56619
    - nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56622
    - scsi: ufs: core: sysfs: Prevent div by zero

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56623
    - scsi: qla2xxx: Fix use after free on unload

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-57874
    - arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56625
    - can: dev: can_set_termination(): allow sleeping GPIOs

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56626
    - ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56627
    - ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56628
    - LoongArch: Add architecture specific huge_pte_clear()

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56629
    - HID: wacom: fix when get product name maybe null pointer

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56630
    - ocfs2: free inode when ocfs2_get_init_inode() fails

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56631
    - scsi: sg: Fix slab-use-after-free read in sg_release()

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-50051
    - spi: mpc52xx: Add cancel_work_sync before module remove

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56633
    - tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56634
    - gpio: grgpio: Add NULL check in grgpio_probe

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56635
    - net: avoid potential UAF in default_operstate()

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56636
    - geneve: do not assume mac header is set in geneve_xmit_skb()

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56637
    - netfilter: ipset: Hold module reference while requesting a module

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56638
    - netfilter: nft_inner: incorrect percpu area handling under softirq

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-52332
    - igb: Fix potential invalid memory access in igb_init_module()

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56640
    - net/smc: fix LGR and link use-after-free issue

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56641
    - net/smc: initialize close_work early to avoid warning

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56642
    - tipc: Fix use-after-free of kernel socket in cleanup_bearer().

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56643
    - dccp: Fix memory leak in dccp_feat_change_recv

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56644
    - net/ipv6: release expired exception dst cached in socket

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56645
    - can: j1939: j1939_session_new(): fix skb reference counting

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56648
    - net: hsr: avoid potential out-of-bound access in fill_frame_info()

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56649
    - net: enetc: Do not configure preemptible TCs if SIs do not support

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56783
    - netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56650
    - netfilter: x_tables: fix LED ID check in led_tg_check()

* Oracular update: upstream stable patchset 2025-01-28 (LP: #2096827) //
    CVE-2024-56651
    - can: hi311x: hi3110_can_ist(): fix potential use-after-free

* Oracular update: upstream stable patchset 2025-01-27 (LP: #2096744)
    - Revert "x86/pvh: Call C code via the kernel virtual mapping"
    - Revert "x86/pvh: Set phys_base when calling xen_prepare_pvh()"
    - btrfs: drop unused parameter file_offset from
      btrfs_encoded_read_regular_fill_pages()
    - btrfs: change btrfs_encoded_read() so that reading of extent is done by
      caller
    - btrfs: rename btrfs_submit_bio() to btrfs_submit_bbio()
    - btrfs: move priv off stack in btrfs_encoded_read_regular_fill_pages()
    - md/raid5: Wait sync io to finish before changing group cnt
    - arm64: dts: mediatek: mt8186-corsola: Fix GPU supply coupling max-spread
    - arm64: dts: mediatek: mt8186-corsola: Fix IT6505 reset line polarity
    - media: platform: rga: fix 32-bit DMA limitation
    - net: phy: dp83869: fix status reporting for 1000base-x autonegotiation
    - media: ov08x40: Fix burst write sequence
    - tracing: Fix function timing profiler to initialize hashtable
    - mm/damon/vaddr: fix issue in damon_va_evenly_split_region()
    - powerpc/vdso: Refactor CFLAGS for CVDSO build
    - powerpc/vdso: Drop -mstack-protector-guard flags in 32-bit files with clang
    - cpufreq: scmi: Fix cleanup path when boost enablement fails
    - nvmem: core: Check read_only flag for force_ro in bin_attr_nvmem_write()
    - driver core: fw_devlink: Stop trying to optimize cycle detection logic
    - spmi: pmic-arb: fix return path in for_each_available_child_of_node()
    - net: stmmac: set initial EEE policy configuration
    - vfio/qat: fix overflow check in qat_vf_resume_write()
    - PCI: qcom: Disable ASPM L0s for X1E80100
    - remoteproc: qcom_q6v5_pas: disable auto boot for wpss
    - mtd: spinand: winbond: Fix 512GW and 02JW OOB layout
    - scsi: ufs: exynos: Add check inside exynos_ufs_config_smu()
    - i3c: master: svc: fix possible assignment of the same address to two devices
    - i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI enable counter
    - PCI: dwc: ep: Fix advertised resizable BAR size regression
    - iio: invensense: fix multiple odr switch when FIFO is off
    - dt-bindings: net: fec: add pps channel property
    - net: fec: refactor PPS channel configuration
    - net: fec: make PPS channel configurable
    - drm/panic: Fix uninitialized spinlock acquisition with CONFIG_DRM_PANIC=n
    - drm: panel: jd9365da-h3: Remove unused num_init_cmds structure member
    - drm/fbdev-dma: Select FB_DEFERRED_IO
    - [Config] updateconfigs for FB_DMAMEM_HELPERS_DEFERRED
    - drm/bridge: it6505: Fix inverted reset polarity
    - drm/xe/xe_guc_ads: save/restore OA registers and allowlist regs
    - drm/xe/migrate: fix pat index usage
    - Revert "drm/radeon: Delay Connector detecting when HPD singals is unstable"
    - drm/xe/migrate: use XE_BO_FLAG_PAGETABLE
    - drm/amdgpu/pm: add gen5 display to the user on smu v14.0.2/3
    - drm/amd: Add some missing straps from NBIO 7.11.0
    - drm/amd/pm: skip setting the power source on smu v14.0.2/3
    - drm/amd: Fix initialization mistake for NBIO 7.11 devices
    - drm/amd/pm: disable pcie speed switching on Intel platform for smu v14.0.2/3
    - drm/amd/pm: Remove arcturus min power limit
    - drm/amd/display: update pipe selection policy to check head pipe
    - drm/amd/display: Remove PIPE_DTO_SRC_SEL programming from set_dtbclk_dto
    - Revert "drm/xe/xe_guc_ads: save/restore OA registers and allowlist regs"
    - Upstream stable to v6.6.65, v6.12.4

* Oracular update: upstream stable patchset 2025-01-27 (LP: #2096744) //
    CVE-2024-56775
    - drm/amd/display: Fix handling of plane refcount

* Oracular update: upstream stable patchset 2025-01-27 (LP: #2096744) //
    CVE-2024-56552
    - drm/xe/guc_submit: fix race around suspend_pending

* Oracular update: upstream stable patchset 2025-01-27 (LP: #2096744) //
    CVE-2024-56559
    - mm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address
      into one operation

* Oracular update: upstream stable patchset 2025-01-27 (LP: #2096744) //
    CVE-2024-56561
    - PCI: endpoint: Fix PCI domain ID release in pci_epc_destroy()

* Oracular update: upstream stable patchset 2025-01-27 (LP: #2096744) //
    CVE-2024-56550
    - s390/stacktrace: Use break instead of return statement

* Oracular update: upstream stable patchset 2025-01-27 (LP: #2096744) //
    CVE-2024-56771
    - mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information

* Oracular update: upstream stable patchset 2025-01-27 (LP: #2096744) //
    CVE-2024-56563
    - ceph: fix cred leak in ceph_mds_check_access()

* Oracular update: upstream stable patchset 2025-01-27 (LP: #2096744) //
    CVE-2024-56564
    - ceph: pass cred pointer to ceph_mds_auth_match()

* Oracular update: upstream stable patchset 2025-01-27 (LP: #2096744) //
    CVE-2024-56565
    - f2fs: fix to drop all discards after creating snapshot on lvm device

* Oracular update: upstream stable patchset 2025-01-27 (LP: #2096744) //
    CVE-2024-57809
    - PCI: imx6: Fix suspend/resume support on i.MX6QDL

* Oracular update: upstream stable patchset 2025-01-27 (LP: #2096744) //
    CVE-2024-56568
    - iommu/arm-smmu: Defer probe of clients after smmu device bound

* Oracular update: upstream stable patchset 2025-01-27 (LP: #2096744) //
    CVE-2024-56772
    - kunit: string-stream: Fix a UAF bug in kunit_init_suite()

* Oracular update: upstream stable patchset 2025-01-27 (LP: #2096744) //
    CVE-2024-56773
    - kunit: Fix potential null dereference in kunit_device_driver_test()

* Oracular update: upstream stable patchset 2025-01-27 (LP: #2096744) //
    CVE-2024-56580
    - media: qcom: camss: fix error path on configuration of power domains

* Oracular update: upstream stable patchset 2025-01-27 (LP: #2096744) //
    CVE-2024-56582
    - btrfs: fix use-after-free in btrfs_encoded_read_endio()

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594)
    - xfs: remove unknown compat feature check in superblock write validation
    - btrfs: don't loop for nowait writes when checking for cross references
    - md/md-bitmap: Add missing destroy_work_on_stack()
    - arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer
    - arm64: dts: freescale: imx8mm-verdin: Fix SD regulator startup delay
    - arm64: dts: ti: k3-am62-verdin: Fix SD regulator startup delay
    - media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled
    - arm64: dts: freescale: imx8mp-verdin: Fix SD regulator startup delay
    - media: verisilicon: av1: Fix reference video buffer pointer assignment
    - media: platform: exynos4-is: Fix an OF node reference leak in
      fimc_md_is_isp_available
    - media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled
    - media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled
    - media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate()
    - media: uvcvideo: Stop stream during unregister
    - maple_tree: refine mas_store_root() on storing NULL
    - vmstat: call fold_vm_zone_numa_events() before show per zone NUMA event
    - zram: clear IDLE flag after recompression
    - iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables
    - leds: lp55xx: Remove redundant test for invalid channel number
    - clk: qcom: gcc-qcs404: fix initial rate of GPLL3
    - ARM: 9429/1: ioremap: Sync PGDs for VMALLOC shadow
    - ARM: 9430/1: entry: Do a dummy read from VMAP shadow
    - ARM: 9431/1: mm: Pair atomic_set_release() with _read_acquire()
    - ceph: extract entity name from device id
    - util_macros.h: fix/rework find_closest() macros
    - scsi: ufs: exynos: Fix hibern8 notify callbacks
    - i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled
    - PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie" compatible
    - PCI: keystone: Add link up check to ks_pcie_other_map_bus()
    - PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf()
    - fs/proc/kcore.c: Clear ret value in read_kcore_iter after successful
      iov_iter_zero
    - thermal: int3400: Fix reading of current_uuid for active policy
    - leds: flash: mt6360: Fix device_for_each_child_node() refcounting in error
      paths
    - ovl: properly handle large files in ovl_security_fileattr
    - dm: Fix typo in error message
    - dm thin: Add missing destroy_work_on_stack()
    - PCI: of_property: Assign PCI instead of CPU bus address to dynamic PCI nodes
    - PCI: rockchip-ep: Fix address translation unit programming
    - iio: accel: kx022a: Fix raw read format
    - iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name()
    - iio: gts: fix infinite loop for gain_to_scaletables()
    - powerpc: Fix stack protector Kconfig test for clang
    - powerpc: Adjust adding stack protector flags to KBUILD_CLAGS for clang
    - drm/mediatek: Fix child node refcount handling in early exit
    - drm/etnaviv: flush shader L1 cache after user commandstream
    - drm: xlnx: zynqmp_dpsub: fix hotplug detection
    - drm/amdkfd: Use the correct wptr size
    - drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu
      v13.0.7
    - posix-timers: Target group sigqueue to current task only if not exiting
    - sched: Initialize idle tasks only once
    - Upstream stable to v6.6.64, v6.12.3

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-56551
    - drm/amdgpu: fix usage slab after free

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-56776
    - drm/sti: avoid potential dereference of error pointers

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-56777
    - drm/sti: avoid potential dereference of error pointers in
      sti_gdp_atomic_check

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-56778
    - drm/sti: avoid potential dereference of error pointers in
      sti_hqvdp_atomic_check

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-56557
    - iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-56779
    - nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-56558
    - nfsd: make sure exp active before svc_export_show

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-56562
    - i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-56566
    - mm/slub: Avoid list corruption when removing a slab from the full list

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-57838
    - s390/entry: Mark IRQ entries to fix stack depot warnings

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-56567
    - ad7780: fix division by zero in ad7780_write_raw()

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-56569
    - ftrace: Fix regression with module command in stack_trace_filter

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-56570
    - ovl: Filter invalid inodes with missing lookup function

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-56572
    - media: platform: allegro-dvt: Fix possible memory leak in
      allocate_buffers_internal()

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-56573
    - efi/libstub: Free correct pointer on failure

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-56574
    - media: ts2020: fix null-ptr-deref in ts2020_probe()

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-56575
    - media: imx-jpeg: Ensure power suppliers be suspended before detach them

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-56576
    - media: i2c: tc358743: Fix crash in the probe error path when using polling

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-56577
    - media: mtk-jpeg: Fix null-ptr-deref during unload module

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-56578
    - media: imx-jpeg: Set video drvdata before register video device

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-56579
    - media: amphion: Set video drvdata before register video device

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-56581
    - btrfs: ref-verify: fix use-after-free after invalid ref action

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-56774
    - btrfs: add a sanity check for btrfs root in btrfs_search_slot()

* Oracular update: upstream stable patchset 2025-01-23 (LP: #2095594) //
    CVE-2024-56780
    - quota: flush quota_release_work upon quota writeback

* Lenovo X13s fails to boot kernel 6.11 (LP: #2089237)
    - arm64: dts: qcom: sc8280xp-crd: disable PCIe perst pull downs
    - arm64: dts: qcom: sc8280xp-crd: clean up PCIe2a pinctrl node
    - arm64: dts: qcom: sc8280xp-x13s: Drop redundant clock-lanes from camera@10
    - dt-bindings: PCI: qcom: Allow 'vddpe-3v3-supply' again
    - serial: qcom-geni: disable interrupts during console writes
    - serial: qcom-geni: fix polled console corruption
    - phy: qcom: qmp-combo: move driver data initialisation earlier
    - SAUCE: arm64: dts: qcom: sc8280xp: Fix interrupt type of camss interrupts

* python perf module missing in realtime kernel (LP: #2089411)
    - [Packaging] linux-tools: Add missing python perf symlink
    - [Packaging] linux-tools: Fix python perf library packaging
    - [Packaging] linux-tools: Fall back to old python perf path

* CVE-2024-56672
    - blk-cgroup: Fix UAF in blkcg_unpin_online()

* CVE-2024-56658
    - net: defer final 'struct net' free in netns dismantle

-- Mehmet Basaran <mehmet.basaran@canonical.com>  Wed, 19 Feb 2025 16:36:00 +0300

Changed in linux (Ubuntu Oracular):
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-03-26:

#12

This bug is awaiting verification that the linux-nvidia-6.11/6.11.0-1005.5 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-nvidia-6.11' to 'verification-done-noble-linux-nvidia-6.11'. If the problem still exists, change the tag 'verification-needed-noble-linux-nvidia-6.11' to 'verification-failed-noble-linux-nvidia-6.11'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-nvidia-6.11-v2 verification-needed-noble-linux-nvidia-6.11

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-04-07:

#13

This bug is awaiting verification that the linux-azure-nvidia/6.8.0-1014.15 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-azure-nvidia' to 'verification-done-noble-linux-azure-nvidia'. If the problem still exists, change the tag 'verification-needed-noble-linux-azure-nvidia' to 'verification-failed-noble-linux-azure-nvidia'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-azure-nvidia-v2 verification-needed-noble-linux-azure-nvidia

Juerg Haefliger (juergh) on 2025-04-18

tags:

added: kernel-daily-bug

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-04-26:

#14

This bug is awaiting verification that the linux-aws-6.11/6.11.0-1013.14~24.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-aws-6.11' to 'verification-done-noble-linux-aws-6.11'. If the problem still exists, change the tag 'verification-needed-noble-linux-aws-6.11' to 'verification-failed-noble-linux-aws-6.11'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-aws-6.11-v2 verification-needed-noble-linux-aws-6.11

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-04-28:

#15

This bug is awaiting verification that the linux-raspi/6.8.0-1028.32 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-raspi' to 'verification-done-noble-linux-raspi'. If the problem still exists, change the tag 'verification-needed-noble-linux-raspi' to 'verification-failed-noble-linux-raspi'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-raspi-v2 verification-needed-noble-linux-raspi

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-08-01:

#16

This bug is awaiting verification that the linux-fips/6.8.0-72.72+fips1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-fips' to 'verification-done-noble-linux-fips'. If the problem still exists, change the tag 'verification-needed-noble-linux-fips' to 'verification-failed-noble-linux-fips'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-fips-v2 verification-needed-noble-linux-fips

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-08-05:

#17

This bug is awaiting verification that the linux-gcp-fips/6.8.0-1035.37+fips1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-gcp-fips' to 'verification-done-noble-linux-gcp-fips'. If the problem still exists, change the tag 'verification-needed-noble-linux-gcp-fips' to 'verification-failed-noble-linux-gcp-fips'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-gcp-fips-v2 verification-needed-noble-linux-gcp-fips

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-08-05:

#18

This bug is awaiting verification that the linux-aws-fips/6.8.0-1034.36+fips1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-aws-fips' to 'verification-done-noble-linux-aws-fips'. If the problem still exists, change the tag 'verification-needed-noble-linux-aws-fips' to 'verification-failed-noble-linux-aws-fips'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-aws-fips-v2 verification-needed-noble-linux-aws-fips

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-08-14:

#19

This bug is awaiting verification that the linux-xilinx/6.8.0-1017.18 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-xilinx' to 'verification-done-noble-linux-xilinx'. If the problem still exists, change the tag 'verification-needed-noble-linux-xilinx' to 'verification-failed-noble-linux-xilinx'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-xilinx-v2 verification-needed-noble-linux-xilinx

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-08-14:

#20

This bug is awaiting verification that the linux-azure-fips/6.8.0-1034.39+fips1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-azure-fips' to 'verification-done-noble-linux-azure-fips'. If the problem still exists, change the tag 'verification-needed-noble-linux-azure-fips' to 'verification-failed-noble-linux-azure-fips'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-azure-fips-v2 verification-needed-noble-linux-azure-fips

Ubuntu
linux package

Incorrect LAPIC/x2APIC parsing order

Bug Description

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

	Status	Importance	Assigned to
linux (Ubuntu)	Confirmed	Undecided	Unassigned
Noble	Fix Released	Medium	Unassigned
Oracular	Fix Released	Medium	Unassigned

Ubuntulinux package

Incorrect LAPIC/x2APIC parsing order

Bug Description

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
linux package