Bug #2097824 “iBFT iSCSI out-of-bounds shift UBSAN warning” : Bugs : linux package : Ubuntu

Revision history for this message

Chengen Du (chengendu) wrote on 2025-02-11:

#1

https://lists.ubuntu.com/archives/kernel-team/2025-February/156928.html

Changed in linux (Ubuntu Focal):
assignee:	nobody → Chengen Du (chengendu)
Changed in linux (Ubuntu Jammy):
assignee:	nobody → Chengen Du (chengendu)
Changed in linux (Ubuntu Noble):
assignee:	nobody → Chengen Du (chengendu)
Changed in linux (Ubuntu Oracular):
assignee:	nobody → Chengen Du (chengendu)
Changed in linux (Ubuntu Plucky):
assignee:	nobody → Chengen Du (chengendu)
Changed in linux (Ubuntu Focal):
status:	New → In Progress
Changed in linux (Ubuntu Jammy):
status:	New → In Progress
Changed in linux (Ubuntu Noble):
status:	New → In Progress
Changed in linux (Ubuntu Oracular):
status:	New → In Progress
Changed in linux (Ubuntu Plucky):
status:	New → In Progress

Koichiro Den (koichiroden) on 2025-02-21

Changed in linux (Ubuntu Noble):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Oracular):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Jammy):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Focal):
status:	In Progress → Won't Fix
Changed in linux (Ubuntu Jammy):
importance:	Undecided → Medium
Changed in linux (Ubuntu Noble):
importance:	Undecided → Medium
Changed in linux (Ubuntu Oracular):
importance:	Undecided → Medium

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-03-24:

#2

This bug is awaiting verification that the linux/6.8.0-58.60 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux' to 'verification-done-noble-linux'. If the problem still exists, change the tag 'verification-needed-noble-linux' to 'verification-failed-noble-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-v2 verification-needed-noble-linux

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-03-24:

#3

This bug is awaiting verification that the linux/5.15.0-138.148 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux' to 'verification-done-jammy-linux'. If the problem still exists, change the tag 'verification-needed-jammy-linux' to 'verification-failed-jammy-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-v2 verification-needed-jammy-linux

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-03-24:

#4

This bug is awaiting verification that the linux/6.11.0-24.24 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-oracular-linux' to 'verification-done-oracular-linux'. If the problem still exists, change the tag 'verification-needed-oracular-linux' to 'verification-failed-oracular-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-oracular-linux-v2 verification-needed-oracular-linux

Revision history for this message

Chengen Du (chengendu) wrote on 2025-03-25:

#5

Jammy, Noble, and Oracular have been successfully verified on Oracle Cloud, and the UBSAN warning is no longer present.

Jammy: Linux jammy-ipv6-bm 5.15.0-138-generic #148-Ubuntu SMP PREEMPT_DYNAMIC Fri Mar 14 19:05:48 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
Noble: Linux noble-ipv6-bm 6.8.0-58-generic #60-Ubuntu SMP PREEMPT_DYNAMIC Fri Mar 14 18:29:48 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
Oracular: Linux chengen-oracular-ipv6-bm 6.11.0-24-generic #24-Ubuntu SMP PREEMPT_DYNAMIC Fri Mar 14 18:13:56 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

tags:

added: verification-done-jammy-linux verification-done-noble-linux verification-done-oracular-linux
removed: verification-needed-jammy-linux verification-needed-noble-linux verification-needed-oracular-linux

Revision history for this message

Launchpad Janitor (janitor) wrote on 2025-04-16:

#6

Download full text (11.5 KiB)

This bug was fixed in the package linux - 6.11.0-24.24

---------------
linux (6.11.0-24.24) oracular; urgency=medium

* oracular/linux: 6.11.0-24.24 -proposed tracker (LP: #2102476)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2025.03.17)

  * ipsec_offload in rtnetlink.sh from ubunsu_kselftests_net fails on O/J
    (LP: #2096976)
    - SAUCE: selftest: netfilter: fix null IP field in kci_test_ipsec_offload

* Add additional PCI ids for BMG support (LP: #2098969)
- drm/xe/bmg: Add new PCI IDs

  * wdat_wdt.ko should be pulled in by linux-image-virtual (LP: #2098554)
    - [Packaging]: wdat_wdt.ko is moved from "linux-modules-extra-*-generic" to
      "linux-modules-*-generic"

  * CVE-2025-21756
    - vsock: Keep the binding until socket destruction
    - vsock: Orphan socket after transport release

  * Oracular update: upstream stable patchset 2025-03-05 (LP: #2100983)
    - ASoC: wm8994: Add depends on MFD core
    - ASoC: samsung: Add missing selects for MFD_WM8994
    - seccomp: Stub for !CONFIG_SECCOMP
    - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request
    - of/unittest: Add test that of_address_to_resource() fails on non-
      translatable address
    - irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
    - hwmon: (drivetemp) Set scsi command timeout to 10s
    - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
    - smb: client: handle lack of EA support in smb2_query_path_info()
    - net: sched: fix ets qdisc OOB Indexing
    - Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad"
    - cachestat: fix page cache statistics permission checking
    - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
    - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
    - ALSA: usb-audio: Add delay quirk for USB Audio Device
    - Input: xpad - add support for Nacon Pro Compact
    - Input: atkbd - map F23 key to support default copilot shortcut
    - Input: xpad - add unofficial Xbox 360 wireless receiver clone
    - Input: xpad - add QH Electronics VID/PID
    - Input: xpad - improve name of 8BitDo controller 2dc8:3106
    - Input: xpad - add support for Nacon Evol-X Xbox One Controller
    - Input: xpad - add support for wooting two he (arm)
    - drm/v3d: Assign job pointer to NULL before signaling the fence
    - ASoC: codecs: es8316: Fix HW rate calculation for 48Mhz MCLK
    - ASoC: cs42l43: Add codec force suspend/resume ops
    - drm/amd/display: Initialize denominator defaults to 1
    - ALSA: hda/realtek: Fix volume adjustment issue on Lenovo ThinkBook 16P Gen5
    - drm/connector: hdmi: Validate supported_formats matches ycbcr_420_allowed
    - ASoC: samsung: Add missing depends on I2C
    - mm: zswap: properly synchronize freeing resources during CPU hotunplug
    - mm: zswap: move allocations during CPU init outside the lock
    - libfs: Return ENOSPC when the directory offset range is exhausted
    - Revert "libfs: Add simple_offset_empty()"
    - Revert "libfs: fix infinite directory reads for offset dir"
    - libfs: Replace simple_offset end-of-direc...

This bug was fixed in the package linux - 6.11.0-24.24

---------------
linux (6.11.0-24.24) oracular; urgency=medium

* oracular/linux: 6.11.0-24.24 -proposed tracker (LP: #2102476)

* Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2025.03.17)

* ipsec_offload in rtnetlink.sh from ubunsu_kselftests_net fails on O/J
    (LP: #2096976)
    - SAUCE: selftest: netfilter: fix null IP field in kci_test_ipsec_offload

* Add additional PCI ids for BMG support (LP: #2098969)
    - drm/xe/bmg: Add new PCI IDs

* wdat_wdt.ko should be pulled in by linux-image-virtual (LP: #2098554)
    - [Packaging]: wdat_wdt.ko is moved from "linux-modules-extra-*-generic" to
      "linux-modules-*-generic"

* CVE-2025-21756
    - vsock: Keep the binding until socket destruction
    - vsock: Orphan socket after transport release

* Oracular update: upstream stable patchset 2025-03-05 (LP: #2100983)
    - ASoC: wm8994: Add depends on MFD core
    - ASoC: samsung: Add missing selects for MFD_WM8994
    - seccomp: Stub for !CONFIG_SECCOMP
    - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request
    - of/unittest: Add test that of_address_to_resource() fails on non-
      translatable address
    - irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
    - hwmon: (drivetemp) Set scsi command timeout to 10s
    - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
    - smb: client: handle lack of EA support in smb2_query_path_info()
    - net: sched: fix ets qdisc OOB Indexing
    - Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad"
    - cachestat: fix page cache statistics permission checking
    - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
    - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
    - ALSA: usb-audio: Add delay quirk for USB Audio Device
    - Input: xpad - add support for Nacon Pro Compact
    - Input: atkbd - map F23 key to support default copilot shortcut
    - Input: xpad - add unofficial Xbox 360 wireless receiver clone
    - Input: xpad - add QH Electronics VID/PID
    - Input: xpad - improve name of 8BitDo controller 2dc8:3106
    - Input: xpad - add support for Nacon Evol-X Xbox One Controller
    - Input: xpad - add support for wooting two he (arm)
    - drm/v3d: Assign job pointer to NULL before signaling the fence
    - ASoC: codecs: es8316: Fix HW rate calculation for 48Mhz MCLK
    - ASoC: cs42l43: Add codec force suspend/resume ops
    - drm/amd/display: Initialize denominator defaults to 1
    - ALSA: hda/realtek: Fix volume adjustment issue on Lenovo ThinkBook 16P Gen5
    - drm/connector: hdmi: Validate supported_formats matches ycbcr_420_allowed
    - ASoC: samsung: Add missing depends on I2C
    - mm: zswap: properly synchronize freeing resources during CPU hotunplug
    - mm: zswap: move allocations during CPU init outside the lock
    - libfs: Return ENOSPC when the directory offset range is exhausted
    - Revert "libfs: Add simple_offset_empty()"
    - Revert "libfs: fix infinite directory reads for offset dir"
    - libfs: Replace simple_offset end-of-directory detection
    - libfs: Use d_children list to iterate simple_offset directories
    - wifi: rtl8xxxu: add more missing rtl8192cu USB IDs
    - HID: wacom: Initialize brightness of LED trigger
    - Upstream stable to v6.6.75, v6.12.12

* CVE-2025-21702
    - pfifo_tail_enqueue: Drop new packet when sch->limit == 0

* CVE-2025-21703
    - netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()

* Fix line-out playback on some platforms with Cirrus Logic “Dolphin” hardware
    (LP: #2099880)
    - ALSA: hda/cirrus: Correct the full scale volume set logic

* Enable Large Language Model (LLM) workloads using Intel NPU (LP: #2098972)
    - accel/ivpu: Increase DMA address range

* Introduce and use sendpages_ok() instead of sendpage_ok() in nvme-tcp and
    drbd (LP: #2093871)
    - net: introduce helper sendpages_ok()
    - nvme-tcp: use sendpages_ok() instead of sendpage_ok()
    - drbd: use sendpages_ok() instead of sendpage_ok()

* Intel Be201 Bluetooth hardware error 0x0f on Arrow Lake (LP: #2088151)
    - Bluetooth: btintel: Add DSBR support for BlazarIW, BlazarU and GaP

* Oracular update: upstream stable patchset 2025-02-26 (LP: #2100328)
    - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
    - bpf: Fix bpf_sk_select_reuseport() memory leak
    - openvswitch: fix lockup on tx to unregistering netdev with carrier
    - pktgen: Avoid out-of-bounds access in get_imix_entries
    - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
    - gtp: Destroy device along with udp socket's netns dismantle.
    - nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
    - net: xilinx: axienet: Fix IRQ coalescing packet count overflow
    - net: fec: handle page_pool_dev_alloc_pages error
    - net/mlx5: Fix RDMA TX steering prio
    - net/mlx5: Clear port select structure when fail to create
    - net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel
    - net/mlx5e: Rely on reqid in IPsec tunnel mode
    - net/mlx5e: Always start IPsec sequence number from 1
    - drm/vmwgfx: Add new keep_resv BO param
    - drm/v3d: Ensure job pointer is set to NULL after job completion
    - soc: ti: pruss: Fix pruss APIs
    - hwmon: (tmp513) Fix division of negative numbers
    - Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data"
    - i2c: mux: demux-pinctrl: check initial mux selection, too
    - i2c: rcar: fix NACK handling when being a target
    - smb: client: fix double free of TCP_Server_Info::hostname
    - mac802154: check local interfaces before deleting sdata list
    - hfs: Sanity check the root record
    - fs: fix missing declaration of init_files
    - kheaders: Ignore silly-rename files
    - cachefiles: Parse the "secctx" immediately
    - scsi: ufs: core: Honor runtime/system PM levels if set by host controller
      drivers
    - selftests: tc-testing: reduce rshift value
    - ACPI: resource: acpi_dev_irq_override(): Check DMI match last
    - iomap: avoid avoid truncating 64-bit offset to 32 bits
    - poll_wait: add mb() to fix theoretical race between waitqueue_active() and
      .poll()
    - RDMA/bnxt_re: Fix to export port num to ib_query_qp
    - nvmet: propagate npwg topology
    - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA
    - i2c: atr: Fix client detach
    - mptcp: be sure to send ack when mptcp-level window re-opens
    - mptcp: fix spurious wake-up on under memory pressure
    - selftests: mptcp: avoid spurious errors on disconnect
    - net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
    - vsock/bpf: return early if transport is not assigned
    - vsock/virtio: discard packets if the transport changes
    - vsock/virtio: cancel close work in the destructor
    - vsock: reset socket state when de-assigning the transport
    - vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
    - nouveau/fence: handle cross device fences properly
    - filemap: avoid truncating 64-bit offset to 32 bits
    - fs/proc: fix softlockup in __read_vmcore (part 2)
    - gpio: xilinx: Convert gpio_lock to raw spinlock
    - pmdomain: imx8mp-blk-ctrl: add missing loop break condition
    - irqchip: Plug a OF node reference leak in platform_irqchip_probe()
    - irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
    - irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()
    - hrtimers: Handle CPU state correctly on hotplug
    - drm/i915/fb: Relax clear color alignment to 64 bytes
    - drm/amdgpu: always sync the GFX pipe on ctx switch
    - ocfs2: fix deadlock in ocfs2_get_system_file_inode
    - nfsd: add list_head nf_gc to struct nfsd_file
    - x86/xen: fix SLS mitigation in xen_hypercall_iret()
    - efi/zboot: Limit compression options to GZIP and ZSTD
    - [Config] updateconfigs for EFI_ZBOOT
    - eth: bnxt: always recalculate features after XDP clearing, fix null-deref
    - net: ravb: Fix max TX frame size for RZ/V2M
    - ice: Fix E825 initialization
    - ice: Fix quad registers read on E825
    - ice: Fix ETH56G FC-FEC Rx offset value
    - ice: Introduce ice_get_phy_model() wrapper
    - ice: Add ice_get_ctrl_ptp() wrapper to simplify the code
    - ice: Use ice_adapter for PTP shared data instead of auxdev
    - ice: Add correct PHY lane assignment
    - cpuidle: teo: Update documentation after previous changes
    - pfcp: Destroy device along with udp socket's netns dismantle.
    - cpufreq: Move endif to the end of Kconfig file
    - net/mlx5: Fix a lockdep warning as part of the write combining test
    - net/mlx5: SF, Fix add port error handling
    - drm/tests: helpers: Fix compiler warning
    - drm/vmwgfx: Unreserve BO on error
    - reset: rzg2l-usbphy-ctrl: Assign proper of node to the allocated device
    - i2c: core: fix reference leak in i2c_register_adapter()
    - platform/x86: dell-uart-backlight: fix serdev race
    - platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race
    - i2c: testunit: sort case blocks
    - i2c: testunit: on errors, repeat NACK until STOP
    - hwmon: (ltc2991) Fix mixed signed/unsigned in DIV_ROUND_CLOSEST
    - fs/qnx6: Fix building with GCC 15
    - gpio: virtuser: lock up configfs that an instantiated device depends on
    - gpio: sim: lock up configfs that an instantiated device depends on
    - platform/x86/intel: power-domains: Add Clearwater Forest support
    - platform/x86: ISST: Add Clearwater Forest to support list
    - afs: Fix merge preference rule failure condition
    - sched/fair: Fix update_cfs_group() vs DELAY_DEQUEUE
    - ALSA: hda/realtek: fixup ASUS GA605W
    - ALSA: hda/realtek: fixup ASUS H7606W
    - drm/nouveau/disp: Fix missing backlight control on Macbook 5,1
    - net/ncsi: fix locking in Get MAC Address handling
    - selftests/mm: set allocated memory to non-zero content in cow test
    - drm/amd/display: Do not elevate mem_type change to full update
    - mm: clear uffd-wp PTE/PMD state on mremap()
    - tracing: gfp: Fix the GFP enum values shown for user space tracing tools
    - timers/migration: Fix another race between hotplug and idle entry/exit
    - timers/migration: Enforce group initialization visibility to tree walkers
    - drm/xe: Mark ComputeCS read mode as UC on iGPU
    - drm/xe/oa: Add missing VISACTL mux registers
    - drm/amdgpu/smu13: update powersave optimizations
    - drm/amdgpu: fix fw attestation for MP0_14_0_{2/3}
    - drm/amdgpu: disable gfxoff with the compute workload on gfx12
    - drm/amd/display: Fix PSR-SU not support but still call the
      amdgpu_dm_psr_enable
    - drm/amd/display: Disable replay and psr while VRR is enabled
    - drm/amd/display: Do not wait for PSR disable on vbl enable
    - Revert "drm/amd/display: Enable urgent latency adjustments for DCN35"
    - drm/amd/display: Validate mdoe under MST LCT=1 case as well
    - Upstream stable to v6.6.74, v6.12.11

* CVE-2025-21700
    - net: sched: Disallow replacing of child qdisc from one parent to another

* iBFT iSCSI out-of-bounds shift UBSAN warning (LP: #2097824)
    - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()

* Fix dmesg warn during x11perf testing. (LP: #2097106)
    - drm/xe: Fix xe_pt_abort_unbind

* btrfs will WARN_ON() in btrfs_remove_qgroup() unnecessarily (LP: #2091719)
    - btrfs: improve the warning and error message for btrfs_remove_qgroup()

* CVE-2025-21701
    - net: avoid race between device unregistration and ethnl ops

-- Stefan Bader <stefan.bader@canonical.com>  Fri, 14 Mar 2025 15:14:28 +0100

Changed in linux (Ubuntu Oracular):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2025-04-16:

#7

This bug was fixed in the package linux - 5.15.0-138.148

---------------
linux (5.15.0-138.148) jammy; urgency=medium

* jammy/linux: 5.15.0-138.148 -proposed tracker (LP: #2102587)

  * ipsec_offload in rtnetlink.sh from ubunsu_kselftests_net fails on O/J
    (LP: #2096976)
    - SAUCE: selftest: netfilter: fix null IP field in kci_test_ipsec_offload

  * CVE-2025-21756
    - vsock: Keep the binding until socket destruction
    - vsock: Orphan socket after transport release

* CVE-2024-50256
- netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()

* CVE-2025-21702
- pfifo_tail_enqueue: Drop new packet when sch->limit == 0

* CVE-2025-21703
- netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()

* CVE-2025-21700
- net: sched: Disallow replacing of child qdisc from one parent to another

* CVE-2024-46826
- ELF: fix kernel.randomize_va_space double read

* CVE-2024-56651
- can: hi311x: hi3110_can_ist(): fix potential use-after-free

* iBFT iSCSI out-of-bounds shift UBSAN warning (LP: #2097824)
- iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()

  * CVE-2024-50248
    - ntfs3: Add bounds checking to mi_enum_attr()
    - fs/ntfs3: Sequential field availability check in mi_enum_attr()

* CVE-2022-0995
- watch_queue: Use the bitmap API when applicable

* CVE-2024-26837
- net: bridge: switchdev: Skip MDB replays of deferred events on offload

* CVE-2025-21701
- net: avoid race between device unregistration and ethnl ops

  * CVE-2024-57798
    - drm/dp_mst: Skip CSN if topology probing is not done yet
    - drm/dp_mst: Ensure mst_primary pointer is valid in
      drm_dp_mst_handle_up_req()

* CVE-2024-56658
- net: defer final 'struct net' free in netns dismantle

* CVE-2024-35864
- smb: client: fix potential UAF in smb2_is_valid_lease_break()

* CVE-2024-35864/CVE-2024-26928
- smb: client: fix potential UAF in cifs_debug_files_proc_show()

-- Stefan Bader <email address hidden> Fri, 14 Mar 2025 15:32:05 +0100

This bug was fixed in the package linux - 5.15.0-138.148

---------------
linux (5.15.0-138.148) jammy; urgency=medium

* jammy/linux: 5.15.0-138.148 -proposed tracker (LP: #2102587)

* ipsec_offload in rtnetlink.sh from ubunsu_kselftests_net fails on O/J
    (LP: #2096976)
    - SAUCE: selftest: netfilter: fix null IP field in kci_test_ipsec_offload

* CVE-2025-21756
    - vsock: Keep the binding until socket destruction
    - vsock: Orphan socket after transport release

* CVE-2024-50256
    - netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()

* CVE-2025-21702
    - pfifo_tail_enqueue: Drop new packet when sch->limit == 0

* CVE-2025-21703
    - netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()

* CVE-2025-21700
    - net: sched: Disallow replacing of child qdisc from one parent to another

* CVE-2024-46826
    - ELF: fix kernel.randomize_va_space double read

* CVE-2024-56651
    - can: hi311x: hi3110_can_ist(): fix potential use-after-free

* iBFT iSCSI out-of-bounds shift UBSAN warning (LP: #2097824)
    - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()

* CVE-2024-50248
    - ntfs3: Add bounds checking to mi_enum_attr()
    - fs/ntfs3: Sequential field availability check in mi_enum_attr()

* CVE-2022-0995
    - watch_queue: Use the bitmap API when applicable

* CVE-2024-26837
    - net: bridge: switchdev: Skip MDB replays of deferred events on offload

* CVE-2025-21701
    - net: avoid race between device unregistration and ethnl ops

* CVE-2024-57798
    - drm/dp_mst: Skip CSN if topology probing is not done yet
    - drm/dp_mst: Ensure mst_primary pointer is valid in
      drm_dp_mst_handle_up_req()

* CVE-2024-56658
    - net: defer final 'struct net' free in netns dismantle

* CVE-2024-35864
    - smb: client: fix potential UAF in smb2_is_valid_lease_break()

* CVE-2024-35864/CVE-2024-26928
    - smb: client: fix potential UAF in cifs_debug_files_proc_show()

-- Stefan Bader <stefan.bader@canonical.com>  Fri, 14 Mar 2025 15:32:05 +0100

Changed in linux (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2025-04-16:

#8

Download full text (159.7 KiB)

This bug was fixed in the package linux - 6.8.0-58.60

---------------
linux (6.8.0-58.60) noble; urgency=medium

* noble/linux: 6.8.0-58.60 -proposed tracker (LP: #2102529)

  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2025.03.17)

  * wdat_wdt.ko should be pulled in by linux-image-virtual (LP: #2098554)
    - [Packaging]: wdat_wdt.ko is moved from "linux-modules-extra-*-generic" to
      "linux-modules-*-generic"

  * Noble update: upstream stable patchset 2025-03-12 (LP: #2102118)
    - openrisc: Use asm-generic's version of fix_to_virt() & virt_to_fix()
    - iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
    - watchdog: xilinx_wwdt: Calculate max_hw_heartbeat_ms using clock frequency
    - watchdog: apple: Actually flush writes after requesting watchdog restart
    - watchdog: mediatek: Make sure system reset gets asserted in
      mtk_wdt_restart()
    - can: gs_usb: add VID/PID for Xylanta SAINT3 product family
    - can: gs_usb: add usb endpoint address detection at driver probe step
    - can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL
    - can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics
    - can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics
    - can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics
    - can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics
    - can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
    - can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics
    - can: f81604: f81604_handle_can_bus_errors(): fix {rx,tx}_errors statistics
    - ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
    - selftests: hid: fix typo and exit code
    - ptp: Add error handling for adjfine callback in ptp_clock_adjtime
    - net/sched: tbf: correct backlog statistic for GSO packets
    - net: hsr: fix fill_frame_info() regression vs VLAN packets
    - platform/x86: asus-wmi: add support for vivobook fan profiles
    - platform/x86: asus-wmi: Fix inconsistent use of thermal policies
    - platform/x86: asus-wmi: Ignore return value when writing thermal policy
    - net/smc: mark optional smcd_ops and check for support when called
    - net/smc: add operations to merge sndbuf with peer DMB
    - net/smc: {at|de}tach sndbuf to peer DMB if supported
    - net/smc: refactoring initialization of smc sock
    - net/qed: allow old cards not supporting "num_images" to work
    - ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5
    - ixgbe: downgrade logging of unsupported VF API version to debug
    - net: sched: fix erspan_opt settings in cls_flower
    - netfilter: nft_set_hash: skip duplicated elements pending gc run
    - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
    - ethtool: Fix wrong mod state in case of verbose and no_mask bitset
    - mlxsw: spectrum_acl_flex_keys: Constify struct mlxsw_afk_element_inst
    - mlxsw: spectrum_acl_flex_keys: Use correct key block on Spectrum-4
    - net/mlx5e: Remove workaround to avoid syndrome for internal port...

This bug was fixed in the package linux - 6.8.0-58.60

---------------
linux (6.8.0-58.60) noble; urgency=medium

* noble/linux: 6.8.0-58.60 -proposed tracker (LP: #2102529)

* Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2025.03.17)

* wdat_wdt.ko should be pulled in by linux-image-virtual (LP: #2098554)
    - [Packaging]: wdat_wdt.ko is moved from "linux-modules-extra-*-generic" to
      "linux-modules-*-generic"

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118)
    - openrisc: Use asm-generic's version of fix_to_virt() & virt_to_fix()
    - iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
    - watchdog: xilinx_wwdt: Calculate max_hw_heartbeat_ms using clock frequency
    - watchdog: apple: Actually flush writes after requesting watchdog restart
    - watchdog: mediatek: Make sure system reset gets asserted in
      mtk_wdt_restart()
    - can: gs_usb: add VID/PID for Xylanta SAINT3 product family
    - can: gs_usb: add usb endpoint address detection at driver probe step
    - can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL
    - can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics
    - can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics
    - can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics
    - can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics
    - can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
    - can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics
    - can: f81604: f81604_handle_can_bus_errors(): fix {rx,tx}_errors statistics
    - ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
    - selftests: hid: fix typo and exit code
    - ptp: Add error handling for adjfine callback in ptp_clock_adjtime
    - net/sched: tbf: correct backlog statistic for GSO packets
    - net: hsr: fix fill_frame_info() regression vs VLAN packets
    - platform/x86: asus-wmi: add support for vivobook fan profiles
    - platform/x86: asus-wmi: Fix inconsistent use of thermal policies
    - platform/x86: asus-wmi: Ignore return value when writing thermal policy
    - net/smc: mark optional smcd_ops and check for support when called
    - net/smc: add operations to merge sndbuf with peer DMB
    - net/smc: {at|de}tach sndbuf to peer DMB if supported
    - net/smc: refactoring initialization of smc sock
    - net/qed: allow old cards not supporting "num_images" to work
    - ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5
    - ixgbe: downgrade logging of unsupported VF API version to debug
    - net: sched: fix erspan_opt settings in cls_flower
    - netfilter: nft_set_hash: skip duplicated elements pending gc run
    - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
    - ethtool: Fix wrong mod state in case of verbose and no_mask bitset
    - mlxsw: spectrum_acl_flex_keys: Constify struct mlxsw_afk_element_inst
    - mlxsw: spectrum_acl_flex_keys: Use correct key block on Spectrum-4
    - net/mlx5e: Remove workaround to avoid syndrome for internal port
    - xhci: Allow RPM on the USB controller (1022:43f7) by default
    - gpio: grgpio: use a helper variable to store the address of ofdev->dev
    - usb: dwc3: gadget: Rewrite endpoint allocation flow
    - usb: dwc3: ep0: Don't reset resource alloc flag (including ep0)
    - usb: dwc3: ep0: Don't clear ep0 DWC3_EP_TRANSFER_STARTED
    - mmc: mtk-sd: use devm_mmc_alloc_host
    - mmc: mtk-sd: Fix error handle of probe function
    - mmc: mtk-sd: fix devm_clk_get_optional usage
    - mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting
    - zram: do not mark idle slots that cannot be idle
    - zram: clear IDLE flag in mark_idle()
    - powerpc/vdso: Refactor CFLAGS for CVDSO build
    - powerpc/vdso: Drop -mstack-protector-guard flags in 32-bit files with clang
    - ntp: Remove invalid cast in time offset math
    - driver core: Add FWLINK_FLAG_IGNORE to completely ignore a fwnode link
    - driver core: fw_devlink: Stop trying to optimize cycle detection logic
    - drivers: core: fix device leak in __fw_devlink_relax_cycles()
    - i3c: master: support to adjust first broadcast address speed
    - i3c: master: svc: use slow speed for first broadcast address
    - i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI enable counter
    - i3c: master: Replace hard code 2 with macro I3C_ADDR_SLOT_STATUS_BITS
    - i3c: master: Extend address status bit to 4 and add
      I3C_ADDR_SLOT_EXT_DESIRED
    - i3c: master: Fix dynamic address leak when 'assigned-address' is present
    - i3c: master: Fix missing 'ret' assignment in set_speed()
    - drm/bridge: it6505: update usleep_range for RC circuit charge time
    - drm/bridge: it6505: Fix inverted reset polarity
    - scsi: ufs: core: Always initialize the UIC done completion
    - scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG
    - bpf, vsock: Fix poll() missing a queue
    - bpf, vsock: Invoke proto::close on close()
    - xsk: always clear DMA mapping information when unmapping the pool
    - bpftool: fix potential NULL pointer dereferencing in prog_dump()
    - drm/sti: Add __iomem for mixer_dbg_mxn's parameter
    - ALSA: seq: ump: Use automatic cleanup of kfree()
    - ALSA: ump: Update substream name from assigned FB names
    - ALSA: seq: ump: Fix seq port updates per FB info notify
    - ALSA: usb-audio: Notify xrun for low-latency mode
    - tools: Override makefile ARCH variable if defined, but empty
    - ASoC: SOF: ipc3-topology: Convert the topology pin index to ALH dai index
    - ASoC: SOF: ipc3-topology: fix resource leaks in
      sof_ipc3_widget_setup_comp_dai()
    - bpf: Fix narrow scalar spill onto 64-bit spilled scalar slots
    - scsi: scsi_debug: Fix hrtimer support for ndelay
    - ASoC: mediatek: mt8188-mt6359: Remove hardcoded dmic codec
    - drm/v3d: Enable Performance Counters before clearing them
    - scatterlist: fix incorrect func name in kernel-doc
    - iio: magnetometer: yas530: use signed integer type for clamp limits
    - bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie
    - bpf: Remove unnecessary kfree(im_node) in lpm_trie_update_elem
    - bpf: Handle in-place update for full LPM trie correctly
    - bpf: Fix exact match conditions in trie_get_next_key()
    - x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails
    - watchdog: rti: of: honor timeout-sec property
    - can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E 6.
    - tracing: Fix cmp_entries_dup() to respect sort() comparison rules
    - arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit
      ASIDs
    - ALSA: usb-audio: add mixer mapping for Corsair HS80
    - ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8
    - ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG)
    - scsi: qla2xxx: Fix abort in bsg timeout
    - scsi: qla2xxx: Fix NVMe and NPIV connect issue
    - scsi: qla2xxx: Supported speed displayed incorrectly for VPorts
    - scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt
    - scsi: ufs: core: Add missing post notify for power mode change
    - fs/smb/client: cifs_prime_dcache() for SMB3 POSIX reparse points
    - drm/dp_mst: Verify request type in the corresponding down message reply
    - drm/amdgpu/hdp5.2: do a posting read when flushing HDP
    - modpost: Add .irqentry.text to OTHER_SECTIONS
    - x86/kexec: Restore GDT on return from ::preserve_context kexec
    - dma-buf: fix dma_fence_array_signaled v4
    - dma-fence: Fix reference leak on fence merge failure path
    - dma-fence: Use kernel's sort for merging fences
    - regmap: detach regmap from dev on regmap_exit
    - mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10
      tablet
    - mmc: core: Further prevent card detect during shutdown
    - ocfs2: update seq_file index in ocfs2_dlm_seq_next
    - lib: stackinit: hide never-taken branch from compiler
    - kasan: make report_lock a raw spinlock
    - x86/mm: Add _PAGE_NOPTISHADOW bit to avoid updating userspace page tables
    - epoll: annotate racy check
    - kselftest/arm64: Log fp-stress child startup errors to stdout
    - btrfs: avoid unnecessary device path update for the same device
    - btrfs: do not clear read-only when adding sprout device
    - kselftest/arm64: Don't leak pipe fds in pac.exec_sign_all()
    - hwmon: (nct6775) Add 665-ACE/600M-CL to ASUS WMI monitoring list
    - ACPI: x86: Make UART skip quirks work on PCI UARTs without an UID
    - perf/x86/amd: Warn only on new bits set
    - spi: spi-fsl-lpspi: Adjust type of scldiv
    - HID: add per device quirk to force bind to hid-generic
    - media: uvcvideo: RealSense D421 Depth module metadata
    - media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera
    - media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108
    - mmc: core: Add SD card quirk for broken poweroff notification
    - mmc: sdhci-esdhc-imx: enable quirks SDHCI_QUIRK_NO_LED
    - regmap: maple: Provide lockdep (sub)class for maple tree's internal lock
    - selftests/resctrl: Protect against array overflow when reading strings
    - drm/vc4: hdmi: Avoid log spam for audio start failure
    - drm/vc4: hvs: Set AXI panic modes for the HVS
    - drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model
    - drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition
    - drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK
    - drm/bridge: it6505: Enable module autoloading
    - drm/mcde: Enable module autoloading
    - drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check()
    - drm/display: Fix building with GCC 15
    - ALSA: hda: Use own quirk lookup helper
    - ALSA: hda/conexant: Use the new codec SSID matching
    - r8169: don't apply UDP padding quirk on RTL8126A
    - samples/bpf: Fix a resource leak
    - net: fec_mpc52xx_phy: Use %pa to format resource_size_t
    - net: ethernet: fs_enet: Use %pa to format resource_size_t
    - net/sched: cbs: Fix integer overflow in cbs_set_port_rate()
    - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc
    - wifi: ath5k: add PCI ID for SX76X
    - wifi: ath5k: add PCI ID for Arcadyan devices
    - fanotify: allow reporting errors on failure to open fd
    - drm/panel: simple: Add Microchip AC69T88A LVDS Display panel
    - net: sfp: change quirks for Alcatel Lucent G-010S-P
    - net: stmmac: Programming sequence for VLAN packets with split header
    - drm/sched: memset() 'job' in drm_sched_job_init()
    - amdgpu/uvd: get ring reference from rq scheduler
    - drm/amdgpu: don't access invalid sched
    - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih
    - drm/amdgpu: Dereference the ATCS ACPI buffer
    - netlink: specs: Add missing bitset attrs to ethtool spec
    - drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr
    - fsl/fman: Validate cell-index value obtained from Device Tree
    - drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov
    - ALSA: usb-audio: Make mic volume workarounds globally applicable
    - wifi: ipw2x00: libipw_rx_any(): fix bad alignment
    - dsa: qca8k: Use nested lock to avoid splat
    - Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables
    - Bluetooth: Add new quirks for ATS2851
    - Bluetooth: Support new quirks for ATS2851
    - Bluetooth: Set quirks for ATS2851
    - ASoC: hdmi-codec: reorder channel allocation list
    - rocker: fix link status detection in rocker_carrier_init()
    - net/neighbor: clear error in case strict check is not set
    - netpoll: Use rcu_access_pointer() in __netpoll_setup
    - pinctrl: freescale: fix COMPILE_TEST error with PINCTRL_IMX_SCU
    - tracing/ftrace: disable preemption in syscall probe
    - tracing: Use atomic64_inc_return() in trace_clock_counter()
    - tools/rtla: fix collision with glibc sched_attr/sched_set_attr
    - rtla/timerlat: Make timerlat_top_cpu->*_count unsigned long long
    - scsi: ufs: core: Make DMA mask configuration more flexible
    - scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths
    - clk: qcom: rcg2: add clk_rcg2_shared_floor_ops
    - clk: qcom: rpmh: add support for SAR2130P
    - clk: qcom: tcsrcc-sm8550: add SAR2130P support
    - scsi: st: Don't modify unknown block number in MTIOCGET
    - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset
    - pinctrl: qcom-pmic-gpio: add support for PM8937
    - pinctrl: qcom: spmi-mpp: Add PM8937 compatible
    - thermal/drivers/qcom/tsens-v1: Add support for MSM8937 tsens
    - nvdimm: rectify the illogical code within nd_dax_probe()
    - smb: client: memcpy() with surrounding object base address
    - verification/dot2: Improve dot parser robustness
    - KMSAN: uninit-value in inode_go_dump (5)
    - PCI: qcom: Add support for IPQ9574
    - PCI: vmd: Add DID 8086:B06F and 8086:B60B for Intel client SKUs
    - PCI: vmd: Set devices to D0 before enabling PM L1 Substates
    - PCI: Detect and trust built-in Thunderbolt chips
    - PCI: Add 'reset_subordinate' to reset hierarchy below bridge
    - PCI: Add ACS quirk for Wangxun FF5xxx NICs
    - f2fs: print message if fscorrupted was found in f2fs_new_node_page()
    - ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 8 A1-840
    - ACPI: x86: Clean up Asus entries in acpi_quirk_skip_dmi_ids[]
    - fs/ntfs3: Fix case when unmarked clusters intersect with zone
    - usb: chipidea: udc: handle USB Error Interrupt if IOC not set
    - iio: light: ltr501: Add LTER0303 to the supported devices
    - ASoC: amd: yc: fix internal mic on Redmi G 2022
    - drm/amdgpu/vcn: reset fw_shared when VCPU buffers corrupted on vcn v4.0.3
    - drm/amdgpu/vcn: reset fw_shared under SRIOV
    - ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen 6
      21M1CTO1WW
    - misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle
    - rtc: cmos: avoid taking rtc_lock for extended period of time
    - serial: 8250_dw: Add Sophgo SG2044 quirk
    - smb: client: don't try following DFS links in cifs_tree_connect()
    - setlocalversion: work around "git describe" performance
    - sched/core: Remove the unnecessary need_resched() check in nohz_csd_func()
    - sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU turning
      busy
    - sched/core: Prevent wakeup of ksoftirqd during idle load balance
    - btrfs: fix missing snapshot drew unlock when root is dead during swap
      activation
    - clk: en7523: Initialize num before accessing hws in en7523_register_clocks()
    - tracing/eprobe: Fix to release eprobe when failed to add dyn_event
    - x86: Fix build regression with CONFIG_KEXEC_JUMP enabled
    - Revert "unicode: Don't special case ignorable code points"
    - vfio/mlx5: Align the page tracking max message size with the device
      capability
    - selftests/ftrace: adjust offset for kprobe syntax error test
    - KVM: x86/mmu: Ensure that kvm_release_pfn_clean() takes exact pfn from
      kvm_faultin_pfn()
    - jffs2: Fix rtime decompressor
    - mm/damon/vaddr: fix issue in damon_va_evenly_split_region()
    - iio: invensense: fix multiple odr switch when FIFO is off
    - ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume"
    - ALSA: hda: Fix build error without CONFIG_SND_DEBUG
    - usb: dwc3: ep0: Don't reset resource alloc flag
    - ALSA: usb-audio: Update UMP group attributes for GTB blocks, too
    - platform/x86: asus-wmi: Fix thermal profile initialization
    - i3c: master: svc: fix possible assignment of the same address to two devices
    - btrfs: drop unused parameter file_offset from
      btrfs_encoded_read_regular_fill_pages()
    - md/raid5: Wait sync io to finish before changing group cnt
    - media: platform: rga: fix 32-bit DMA limitation
    - net: phy: dp83869: fix status reporting for 1000base-x autonegotiation
    - remoteproc: qcom_q6v5_pas: disable auto boot for wpss
    - mtd: spinand: winbond: Fix 512GW and 02JW OOB layout
    - PCI: Pass domain number to pci_bus_release_domain_nr() explicitly
    - dt-bindings: net: fec: add pps channel property
    - net: fec: refactor PPS channel configuration
    - net: fec: make PPS channel configurable
    - drm/xe/xe_guc_ads: save/restore OA registers and allowlist regs
    - drm/xe/migrate: use XE_BO_FLAG_PAGETABLE
    - drm/amd: Add some missing straps from NBIO 7.11.0
    - drm/amd: Fix initialization mistake for NBIO 7.11 devices
    - drm/amdgpu/pm: Don't use OD table on Arcturus
    - drm/amd/pm: Remove arcturus min power limit
    - drm/amd/display: update pipe selection policy to check head pipe
    - drm/amd/display: Remove PIPE_DTO_SRC_SEL programming from set_dtbclk_dto
    - Revert "drm/xe/xe_guc_ads: save/restore OA registers and allowlist regs"
    - ipv6: avoid possible NULL deref in modify_prefix_route()
    - net: phy: microchip: Reset LAN88xx PHY to ensure clean link state on
      LAN7800/7850
    - ice: fix PHY Clock Recovery availability check
    - vsock/test: fix failures due to wrong SO_RCVLOWAT parameter
    - vsock/test: fix parameter types in SO_VM_SOCKETS_* calls
    - mmc: core Convert UNSTUFF_BITS macro to inline function
    - mmc: sd: SDUC Support Recognition
    - mmc: core: Adjust ACMD22 to SDUC
    - mmc: core: Use GFP_NOIO in ACMD22
    - f2fs: clean up w/ F2FS_{BLK_TO_BYTES,BTYES_TO_BLK}
    - f2fs: fix to adjust appropriate length for fiemap
    - f2fs: fix to requery extent which cross boundary of inquiry
    - drm/amd/display: calculate final viewport before TAP optimization
    - drm/amd/display: Ignore scalar validation failure if pipe is phantom
    - pmdomain: core: Add missing put_device()
    - pmdomain: core: Fix error path in pm_genpd_init() when ida alloc fails
    - pmdomain: core: add dummy release function to genpd device
    - bpf: Ensure reg is PTR_TO_STACK in process_iter_arg
    - bpf: Don't mark STACK_INVALID as STACK_MISC in mark_stack_slot_misc
    - LoongArch: KVM: Protect kvm_check_requests() with SRCU
    - net :mana :Request a V2 response version for MANA_QUERY_GF_STAT
    - ALSA: usb-audio: Add extra PID for RME Digiface USB
    - ALSA: hda/realtek: fix micmute LEDs don't work on HP Laptops
    - scsi: ufs: pltfrm: Disable runtime PM during removal of glue drivers
    - io_uring/cmd: document some uring_cmd related helpers
    - io_uring: Change res2 parameter type in io_uring_cmd_done
    - selftests/damon: add _damon_sysfs.py to TEST_FILES
    - drm/amd/display: Correct prefetch calculation
    - drm/amd/amdgpu: allow use kiq to do hdp flush under sriov
    - drm/amdgpu/hdp6.0: do a posting read when flushing HDP
    - drm/amdgpu/hdp4.0: do a posting read when flushing HDP
    - drm/amdgpu/hdp5.0: do a posting read when flushing HDP
    - x86/cpu/intel: Switch to new Intel CPU model defines
    - x86/cpu/intel: Drop stray FAM6 check with new Intel CPU model defines
    - x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation
    - mm/damon: fix order of arguments in damos_before_apply tracepoint
    - mm: respect mmap hint address when aligning for THP
    - scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove()
    - memblock: allow zero threshold in validate_numa_converage()
    - s390/pci: Sort PCI functions prior to creating virtual busses
    - s390/pci: Use topology ID for multi-function devices
    - s390/pci: Ignore RID for isolated VFs
    - s390/pci: Fix SR-IOV for PFs initially in standby
    - s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn()
    - s390/pci: Fix handling of isolated VFs
    - ext4: partial zero eof block on unaligned inode size extension
    - crypto: ecdsa - Convert byte arrays with key coordinates to digits
    - crypto: ecc - Prevent ecc_digits_from_bytes from reading too many bytes
    - crypto: ecdsa - Rename keylen to bufsize where necessary
    - crypto: ecdsa - Use ecc_digits_from_bytes to convert signature
    - crypto: ecdsa - Avoid signed integer overflow on signature decoding
    - ACPI: video: force native for Apple MacbookPro11,2 and Air7,2
    - cleanup: Adjust scoped_guard() macros to avoid potential warning
    - gpio: free irqs that are still requested when the chip is being removed
    - media: uvcvideo: Force UVC version to 1.0a for 0408:4035
    - media: uvcvideo: Force UVC version to 1.0a for 0408:4033
    - wifi: mac80211: export ieee80211_purge_tx_queue() for drivers
    - drm/amd/display: skip disable CRTC in seemless bootup case
    - drm/amd/display: disable SG displays on cyan skillfish
    - wifi: mac80211: Add non-atomic station iterator
    - accel/qaic: Add AIC080 support
    - mptcp: annotate data-races around subflow->fully_established
    - net/tcp: Add missing lockdep annotations for TCP-AO hlist traversals
    - drm/amd/display: Prune Invalid Modes For HDMI Output
    - i2c: i801: Add support for Intel Arrow Lake-H
    - i2c: i801: Add support for Intel Panther Lake
    - Bluetooth: hci_conn: Reduce hci_conn_drop() calls in two functions
    - Bluetooth: btusb: Add new VID/PID 13d3/3602 for MT7925
    - Bluetooth: btusb: Add USB HW IDs for MT7921/MT7922/MT7925
    - Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925
    - Bluetooth: btusb: Add new VID/PID 0489/e124 for MT7925
    - Bluetooth: btusb: Add 3 HWIDs for MT7925
    - rtla/timerlat: Make timerlat_hist_cpu->*_count unsigned long long
    - ring-buffer: Correct stale comments related to non-consuming readers
    - ring-buffer: Limit time with disabled interrupts in rb_check_pages()
    - scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up
      FDMI
    - scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback
    - clk: qcom: clk-alpha-pll: Add support for zonda ole pll configure
    - clk: qcom: clk-alpha-pll: Add NSS HUAYRA ALPHA PLL support for ipq9574
    - mailbox: pcc: Check before sending MCTP PCC response ACK
    - remoteproc: qcom: pas: Add support for SA8775p ADSP, CDSP and GPDSP
    - remoteproc: qcom: pas: enable SAR2130P audio DSP support
    - fs/ntfs3: Implement fallocate for compressed files
    - fs/ntfs3: Fix warning in ni_fiemap
    - regulator: qcom-rpmh: Update ranges for FTSMPS525
    - usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag
    - usb: chipidea: udc: limit usb request length to max 16KB
    - usb: chipidea: udc: create bounce buffer for problem sglist entries if
      possible
    - iio: adc: ad7192: Convert from of specific to fwnode property handling
    - iio: adc: ad7192: properly check spi_get_device_match_data()
    - usb: typec: ucsi: add callback for connector status updates
    - usb: typec: ucsi: glink: move GPIO reading into connector_status callback
    - usb: typec: ucsi: add update_connector callback
    - usb: typec: ucsi: glink: set orientation aware if supported
    - usb: typec: ucsi: glink: be more precise on orientation-aware ports
    - usb: typec: ucsi: glink: fix off-by-one in connector_status
    - usb: typec: ucsi: Set orientation as none when connector is unplugged
    - nvme: use helper nvme_ctrl_state in nvme_keep_alive_finish function
    - Revert "nvme: make keep-alive synchronous operation"
    - irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack
    - irqchip/gicv3-its: Add workaround for hip09 ITS erratum 162100801
    - [Config] updateconfigs for HISILICON_ERRATUM_162100801
    - drm/amd/display: Add option to retrieve detile buffer size
    - btrfs: drop unused parameter options from open_ctree()
    - btrfs: drop unused parameter data from btrfs_fill_super()
    - btrfs: fix mount failure due to remount races
    - net/mlx5: unique names for per device caches
    - s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails
    - ALSA: hda/realtek: Fix spelling mistake "Firelfy" -> "Firefly"
    - softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel
    - Upstream stable to v6.6.65, v6.6.66, v6.12.4, v6.12.5

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-41932
    - sched: fix warning in sched_setaffinity

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-57872
    - scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56588
    - scsi: hisi_sas: Create all dump files during debugfs initialization

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-47794
    - bpf: Prevent tailcall infinite loop caused by freplace

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56599
    - wifi: ath10k: avoid NULL pointer error during sdio remove

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56607
    - wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask()

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56608
    - drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56609
    - wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56782
    - ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-48876
    - stackdepot: fix stack_depot_save_flags() in NMI context

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56620
    - scsi: ufs: qcom: Only free platform MSIs when ESI is enabled

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56621
    - scsi: ufs: core: Cancel RTC work during ufshcd_remove()

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-49569
    - nvme-rdma: unquiesce admin_q before destroy it

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56632
    - nvme-tcp: fix the memleak while create new ctrl failed

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56647
    - net: Fix icmp host relookup triggering ip_rt_bug

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56775
    - drm/amd/display: Fix handling of plane refcount

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56561
    - PCI: endpoint: Fix PCI domain ID release in pci_epc_destroy()

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56550
    - s390/stacktrace: Use break instead of return statement

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56771
    - mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56568
    - iommu/arm-smmu: Defer probe of clients after smmu device bound

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56772
    - kunit: string-stream: Fix a UAF bug in kunit_init_suite()

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56773
    - kunit: Fix potential null dereference in kunit_device_driver_test()

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56580
    - media: qcom: camss: fix error path on configuration of power domains

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-57850
    - jffs2: Prevent rtime decompress memory corruption

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56583
    - sched/deadline: Fix warning in migrate_enable for boosted tasks

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56611
    - mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a
      MM

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56613
    - sched/numa: fix memory leak due to the overwritten vma->numab_state

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56584
    - io_uring/tctx: work around xa_store() allocation error issue

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56781
    - powerpc/prom_init: Fixup missing powermac #size-cells

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56785
    - MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56585
    - LoongArch: Fix sleeping in atomic context for PREEMPT_RT

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-41935
    - f2fs: fix to shrink read extent node in batches

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-43098
    - i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to
      avoid deadlock

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-45828
    - i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56586
    - f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56587
    - leds: class: Protect brightness_show() with led_cdev->led_access mutex

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56786
    - bpf: put bpf_link's program when link is safe to be deallocated

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-47141
    - pinmux: Use sequential access to access desc->pinmux data

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56589
    - scsi: hisi_sas: Add cond_resched() for no forced preemption model

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56590
    - Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56592
    - bpf: Call free_htab_elem() after htab_unlock_bucket()

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56593
    - wifi: brcmfmac: Fix oops due to NULL pointer dereference in
      brcmf_sdiod_sglist_rw()

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56594
    - drm/amdgpu: set the right AMDGPU sg segment limitation

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-57843
    - virtio-net: fix overflow inside virtnet_rq_alloc

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56596
    - jfs: fix array-index-out-of-bounds in jfs_readdir

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56597
    - jfs: fix shift-out-of-bounds in dbSplit

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-47143
    - dma-debug: fix a possible deadlock on radix_lock

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56601
    - net: inet: do not leave a dangling sk pointer in inet_create()

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56602
    - net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56603
    - net: af_can: do not leave a dangling sk pointer in can_create()

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56604
    - Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56605
    - Bluetooth: L2CAP: do not leave dangling sk pointer on error in
      l2cap_sock_create()

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56606
    - af_packet: avoid erroring out after sock_init_data() in packet_create()

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-47809
    - dlm: fix possible lkb_resource null dereference

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-48873
    - wifi: rtw89: check return value of ieee80211_probereq_get() for RNR

* Missing support for USB-C Apple Magic Trackpad (LP: #2098063) // Noble
    update: upstream stable patchset 2025-03-12 (LP: #2102118)
    - HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56787
    - soc: imx8m: Probe the SoC driver as platform driver

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56610
    - kcsan: Turn report_filterlist_lock into a raw_spinlock

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-48875
    - btrfs: don't take dev_replace rwsem on task already holding it

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-57849
    - s390/cpum_sf: Handle CPU hotplug remove during sampling

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-57876
    - drm/dp_mst: Fix resetting msg rx state after topology removal

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56616
    - drm/dp_mst: Fix MST sideband message body length check

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-48881
    - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56619
    - nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56622
    - scsi: ufs: core: sysfs: Prevent div by zero

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56623
    - scsi: qla2xxx: Fix use after free on unload

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-57874
    - arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56625
    - can: dev: can_set_termination(): allow sleeping GPIOs

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56626
    - ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56628
    - LoongArch: Add architecture specific huge_pte_clear()

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56629
    - HID: wacom: fix when get product name maybe null pointer

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56630
    - ocfs2: free inode when ocfs2_get_init_inode() fails

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56631
    - scsi: sg: Fix slab-use-after-free read in sg_release()

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-50051
    - spi: mpc52xx: Add cancel_work_sync before module remove

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56633
    - tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56565
    - f2fs: fix to drop all discards after creating snapshot on lvm device

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56634
    - gpio: grgpio: Add NULL check in grgpio_probe

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56635
    - net: avoid potential UAF in default_operstate()

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56636
    - geneve: do not assume mac header is set in geneve_xmit_skb()

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56637
    - netfilter: ipset: Hold module reference while requesting a module

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56638
    - netfilter: nft_inner: incorrect percpu area handling under softirq

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-52332
    - igb: Fix potential invalid memory access in igb_init_module()

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56640
    - net/smc: fix LGR and link use-after-free issue

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56641
    - net/smc: initialize close_work early to avoid warning

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56643
    - dccp: Fix memory leak in dccp_feat_change_recv

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56644
    - net/ipv6: release expired exception dst cached in socket

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56645
    - can: j1939: j1939_session_new(): fix skb reference counting

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56648
    - net: hsr: avoid potential out-of-bound access in fill_frame_info()

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56649
    - net: enetc: Do not configure preemptible TCs if SIs do not support

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56783
    - netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level

* Noble update: upstream stable patchset 2025-03-12 (LP: #2102118) //
    CVE-2024-56650
    - netfilter: x_tables: fix LED ID check in led_tg_check()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915)
    - wifi: radiotap: Avoid -Wflex-array-member-not-at-end warnings
    - ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work()
    - ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec
    - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet
    - ASoC: Intel: sst: Support LPE0F28 ACPI HID
    - wifi: iwlwifi: mvm: Use the sync timepoint API in suspend
    - mac80211: fix user-power when emulating chanctx
    - usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver
    - selftests/watchdog-test: Fix system accidentally reset after watchdog-test
    - ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13
    - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB
    - bpf: fix filed access without lock
    - net: usb: qmi_wwan: add Quectel RG650V
    - soc: qcom: Add check devm_kasprintf() returned value
    - firmware: arm_scmi: Reject clear channel request on A2P
    - regulator: rk808: Add apply_bit for BUCK3 on RK809
    - platform/x86: dell-smbios-base: Extends support to Alienware products
    - platform/x86: dell-wmi-base: Handle META key Lock/Unlock events
    - ASoC: tas2781: Add new driver version for tas2563 & tas2781 qfn chip
    - tools/lib/thermal: Remove the thermal.h soft link when doing make clean
    - can: j1939: fix error in J1939 documentation.
    - platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing incorrect
      fan speed
    - ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6
    - ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate()
    - ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div()
    - drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less
      strict
    - proc/softirqs: replace seq_printf with seq_put_decimal_ull_width
    - ASoC: audio-graph-card2: Purge absent supplies for device tree nodes
    - LoongArch: Define a default value for VM_DATA_DEFAULT_FLAGS
    - ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry
    - ARM: 9420/1: smp: Fix SMP for xip kernels
    - ipmr: Fix access to mfc_cache_list without lock held
    - mptcp: fix possible integer overflow in mptcp_reset_tout_timer
    - arm64: probes: Disable kprobes/uprobes on MOPS instructions
    - kselftest/arm64: mte: fix printf type warnings about __u64
    - kselftest/arm64: mte: fix printf type warnings about longs
    - s390/cio: Do not unregister the subchannel based on DNV
    - s390/pageattr: Implement missing kernel_page_present()
    - ext4: avoid remount errors with 'abort' mount option
    - mips: asm: fix warning when disabling MIPS_FP_SUPPORT
    - m68k: mvme147: Fix SCSI controller IRQ numbers
    - m68k: mvme147: Reinstate early console
    - arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG
    - acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block()
    - cachefiles: Fix missing pos updates in cachefiles_ondemand_fd_write_iter()
    - block: fix bio_split_rw_at to take zone_write_granularity into account
    - s390/syscalls: Avoid creation of arch/arch/ directory
    - ext4: remove calls to to set/clear the folio error flag
    - ext4: pipeline buffer reads in mext_page_mkuptodate()
    - ext4: remove array of buffer_heads from mext_page_mkuptodate()
    - ext4: fix race in buffer_head read fault injection
    - nvme-pci: reverse request order in nvme_queue_rqs
    - virtio_blk: reverse request order in virtio_queue_rqs
    - crypto: qat - remove check after debugfs_create_dir()
    - firmware: google: Unregister driver_info on failure
    - crypto: qat - remove faulty arbiter config reset
    - thermal: core: Initialize thermal zones before registering them
    - EDAC/fsl_ddr: Fix bad bit shift operations
    - EDAC/skx_common: Differentiate memory error sources
    - EDAC/{skx_common,i10nm}: Fix incorrect far-memory error source indicator
    - crypto: cavium - Fix the if condition to exit loop after timeout
    - amd-pstate: Set min_perf to nominal_perf for active mode performance gov
    - crypto: hisilicon/qm - disable same error report before resetting
    - crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init()
    - doc: rcu: update printed dynticks counter bits
    - hwmon: (pmbus_core) Allow to hook PMBUS_SMBALERT_MASK
    - hwmon: (pmbus/core) clear faults after setting smbalert mask
    - hwmon: (nct6775-core) Fix overflows seen when writing limit attributes
    - ACPI: CPPC: Fix _CPC register setting issue
    - crypto: caam - add error check to caam_rsa_set_priv_key_form
    - crypto: cavium - Fix an error handling path in cpt_ucode_load_fw()
    - rcuscale: Do a proper cleanup if kfree_scale_init() fails
    - tools/lib/thermal: Make more generic the command encoding function
    - thermal/lib: Fix memory leak on error in thermal_genl_auto()
    - x86/unwind/orc: Fix unwind for newly forked tasks
    - time: Partially revert cleanup on msecs_to_jiffies() documentation
    - time: Fix references to _msecs_to_jiffies() handling of values
    - kcsan, seqlock: Support seqcount_latch_t
    - kcsan, seqlock: Fix incorrect assumption in read_seqbegin()
    - clocksource/drivers:sp804: Make user selectable
    - clocksource/drivers/timer-ti-dm: Fix child node refcount handling
    - spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq()
    - microblaze: Export xmb_manager functions
    - arm64: dts: mt8195: Fix dtbs_check error for mutex node
    - arm64: dts: mt8195: Fix dtbs_check error for infracfg_ao node
    - soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq()
    - arm64: dts: qcom: sm6350: Fix GPU frequencies missing on some speedbins
    - ARM: dts: microchip: sam9x60: Add missing property atmel,usart-mode
    - mmc: mmc_spi: drop buggy snprintf()
    - openrisc: Implement fixmap to fix earlycon
    - efi/libstub: fix efi_parse_options() ignoring the default command line
    - tpm: fix signed/unsigned bug when checking event logs
    - media: i2c: ds90ub960: Fix missing return check on ub960_rxport_read call
    - arm64: dts: mt8183: krane: Fix the address of eeprom at i2c4
    - arm64: dts: mt8183: kukui: Fix the address of eeprom at i2c4
    - arm64: dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source
      trackpad
    - Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline"
    - cgroup/bpf: only cgroup v2 can be attached by bpf programs
    - regulator: rk808: Restrict DVS GPIOs to the RK808 variant only
    - arm64: dts: mt8183: fennel: add i2c2's i2c-scl-internal-delay-ns
    - arm64: dts: mt8183: burnet: add i2c2's i2c-scl-internal-delay-ns
    - arm64: dts: mt8183: cozmo: add i2c2's i2c-scl-internal-delay-ns
    - arm64: dts: mt8183: Damu: add i2c2's i2c-scl-internal-delay-ns
    - pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle
    - ARM: dts: cubieboard4: Fix DCDC5 regulator constraints
    - arm64: dts: ti: k3-j7200: use ti,j7200-padconf compatible
    - arm64: dts: ti: k3-j7200: Fix register map for main domain pmx
    - arm64: dts: ti: k3-j7200: Fix clock ids for MCSPI instances
    - arm64: dts: ti: k3-j721e: Fix clock IDs for MCSPI instances
    - arm64: dts: ti: k3-j721s2: Fix clock IDs for MCSPI instances
    - um: Unconditionally call unflatten_device_tree()
    - x86/of: Unconditionally call unflatten_and_copy_device_tree()
    - of/fdt: add dt_phys arg to early_init_dt_scan and early_init_dt_verify
    - riscv: Fix wrong usage of __pa() on a fixmap address
    - pmdomain: ti-sci: Add missing of_node_put() for args.np
    - spi: tegra210-quad: Avoid shift-out-of-bounds
    - spi: zynqmp-gqspi: Undo runtime PM changes at driver exit time
    - regmap: irq: Set lockdep class for hierarchical IRQ domains
    - arm64: dts: renesas: hihope: Drop #sound-dai-cells
    - arm64: dts: mediatek: Add ADC node on MT6357, MT6358, MT6359 PMICs
    - arm64: dts: mediatek: mt6358: fix dtbs_check error
    - arm64: dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names
    - arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed
      regulators
    - selftests/resctrl: Split fill_buf to allow tests finer-grained control
    - selftests/resctrl: Refactor fill_buf functions
    - selftests/resctrl: Fix memory overflow due to unhandled wraparound
    - selftests/resctrl: Protect against array overrun during iMC config parsing
    - arm64: dts: rockchip: correct analog audio name on Indiedroid Nova
    - platform/x86: panasonic-laptop: Return errno correctly in show callback
    - drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused
    - drm/vc4: hvs: Don't write gamma luts on 2711
    - drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer
    - drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function
    - drm/vc4: hvs: Correct logic on stopping an HVS channel
    - drm/omap: Fix possible NULL dereference
    - drm/omap: Fix locking in omap_gem_new_dmabuf()
    - wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq()
    - wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq()
    - drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq()
    - drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq()
    - drm/v3d: Address race-condition in MMU flush
    - wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1
    - wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2
    - dt-bindings: vendor-prefixes: Add NeoFidelity, Inc
    - ASoC: fsl_micfil: fix regmap_write_bits usage
    - ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode
    - drm/bridge: anx7625: Drop EDID cache on bridge power off
    - drm/bridge: it6505: Drop EDID cache on bridge power off
    - libbpf: Fix expected_attach_type set handling in program load callback
    - libbpf: Fix output .symtab byte-order during linking
    - bpf: Fix the xdp_adjust_tail sample prog issue
    - wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR
    - ice: consistently use q_idx in ice_vc_cfg_qs_msg()
    - drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush
    - libbpf: fix sym_is_subprog() logic for weak global subprogs
    - ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c
    - libbpf: never interpret subprogs in .text as entry programs
    - netdevsim: copy addresses for both in and out paths
    - drm/bridge: tc358767: Fix link properties discovery
    - selftests/bpf: Fix msg_verify_data in test_sockmap
    - selftests/bpf: Fix txmsg_redir of test_txmsg_pull in test_sockmap
    - drm: fsl-dcu: enable PIXCLK on LS1021A
    - drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block
    - drm/msm/dpu: drop LM_3 / LM_4 on SDM845
    - drm/msm/dpu: drop LM_3 / LM_4 on MSM8998
    - selftests/bpf: fix test_spin_lock_fail.c's global vars usage
    - drm/panfrost: Remove unused id_mask from struct panfrost_model
    - bpf, arm64: Remove garbage frame for struct_ops trampoline
    - drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq()
    - drm/msm/gpu: Check the status of registration to PM QoS
    - drm/etnaviv: Request pages from DMA32 zone on addressing_limited
    - drm/etnaviv: hold GPU lock across perfmon sampling
    - wifi: wfx: Fix error handling in wfx_core_init()
    - drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk()
    - bpf, bpftool: Fix incorrect disasm pc
    - drm/vkms: Drop unnecessary call to drm_crtc_cleanup()
    - drm: use ATOMIC64_INIT() for atomic64_t
    - netfilter: nf_tables: avoid false-positive lockdep splat on rule deletion
    - netfilter: nf_tables: must hold rcu read lock while iterating expression
      type list
    - netfilter: nf_tables: skip transaction if update object is not implemented
    - netfilter: nf_tables: must hold rcu read lock while iterating object type
      list
    - netlink: typographical error in nlmsg_type constants definition
    - selftests/bpf: Add txmsg_pass to pull/push/pop in test_sockmap
    - selftests/bpf: Fix SENDPAGE data logic in test_sockmap
    - selftests/bpf: Fix total_bytes in msg_loop_rx in test_sockmap
    - selftests/bpf: Add push/pop checking for msg_verify_data in test_sockmap
    - bpf, sockmap: Several fixes to bpf_msg_push_data
    - bpf, sockmap: Fix sk_msg_reset_curr
    - sock_diag: add module pointer to "struct sock_diag_handler"
    - sock_diag: allow concurrent operations
    - sock_diag: allow concurrent operation in sock_diag_rcv_msg()
    - net: use unrcu_pointer() helper
    - selftests: net: really check for bg process completion
    - drm/amdkfd: Fix wrong usage of INIT_WORK()
    - bpf: Force uprobe bpf program to always return 0
    - net: rfkill: gpio: Add check for clk_enable()
    - netpoll: Use rcu_access_pointer() in netpoll_poll_lock
    - wireguard: selftests: load nf_conntrack if not present
    - cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged
    - clk: mediatek: drop two dead config options
    - [Config] drop COMMON_CLK_MT8195_AUDSYS and COMMON_CLK_MT8195_MSDC
    - trace/trace_event_perf: remove duplicate samples on the first tracepoint
      event
    - pinctrl: zynqmp: drop excess struct member description
    - scsi: hisi_sas: Enable all PHYs that are not disabled by user during
      controller reset
    - mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race
    - mfd: da9052-spi: Change read-mask to write-mask
    - cpufreq: loongson2: Unregister platform_driver on failure
    - powerpc/fadump: Refactor and prepare fadump_cma_init for late init
    - mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE
    - mtd: rawnand: atmel: Fix possible memory leak
    - mtd: rawnand: fix double free in atmel_pmecc_create_user()
    - mtd: spi-nor: spansion: Use nor->addr_nbytes in octal DTR mode in
      RD_ANY_REG_OP
    - RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci
    - RDMA/hns: Use dev_* printings in hem code instead of ibdev_*
    - RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey
    - clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset
    - clk: renesas: rzg2l: Fix FOUTPOSTDIV clk
    - RDMA/rxe: Set queue pair cur_qp_state when being queried
    - RISC-V: KVM: Fix APLIC in_clrip and clripnum write emulation
    - clk: imx: lpcg-scu: SW workaround for errata (e10858)
    - clk: imx: fracn-gppll: correct PLL initialization flow
    - clk: imx: fracn-gppll: fix pll power up
    - clk: imx: clk-scu: fix clk enable state save and restore
    - clk: imx: imx8-acm: Fix return value check in
      clk_imx_acm_attach_pm_domains()
    - iommu/vt-d: Fix checks and print in dmar_fault_dump_ptes()
    - iommu/vt-d: Fix checks and print in pgtable_walk()
    - checkpatch: check for missing Fixes tags
    - checkpatch: always parse orig_commit in fixes tag
    - mfd: rt5033: Fix missing regmap_del_irq_chip()
    - fs/proc/kcore.c: fix coccinelle reported ERROR instances
    - scsi: fusion: Remove unused variable 'rc'
    - scsi: sg: Enable runtime power management
    - x86/tdx: Introduce wrappers to read and write TD metadata
    - x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup()
    - x86/tdx: Dynamically disable SEPT violations from causing #VEs
    - RDMA/hns: Fix out-of-order issue of requester when setting FENCE
    - cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost()
    - cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power()
    - dax: delete a stale directory pmem
    - KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests
    - KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending
      doorbells
    - powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static
    - powerpc/kexec: Fix return of uninitialized variable
    - IB/mlx5: Allocate resources just before first QP/SRQ is created
    - clk: ralink: mtmips: fix clock plan for Ralink SoC RT3883
    - clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883
    - dt-bindings: clock: axi-clkgen: include AXI clk
    - clk: clk-axi-clkgen: make sure to enable the AXI bus clock
    - arm64: dts: qcom: sc8180x: Add a SoC-specific compatible to cpufreq-hw
    - pinctrl: k210: Undef K210_PC_DEFAULT
    - smb: cached directories can be more than root file handle
    - mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb()
    - perf cs-etm: Don't flush when packet_queue fills up
    - gfs2: Get rid of gfs2_glock_queue_put in signal_our_withdraw
    - gfs2: Replace gfs2_glock_queue_put with gfs2_glock_put_async
    - gfs2: Rename GLF_VERIFY_EVICT to GLF_VERIFY_DELETE
    - gfs2: Allow immediate GLF_VERIFY_DELETE work
    - gfs2: Fix unlinked inode cleanup
    - perf stat: Close cork_fd when create_perf_stat_counter() failed
    - perf stat: Fix affinity memory leaks on error path
    - perf trace: Keep exited threads for summary
    - perf test attr: Add back missing topdown events
    - f2fs: compress: fix inconsistent update of i_blocks in
      release_compress_blocks and reserve_compress_blocks
    - perf probe: Fix libdw memory leak
    - perf probe: Correct demangled symbols in C++ program
    - rust: macros: fix documentation of the paste! macro
    - PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads
    - PCI: cpqphp: Fix PCIBIOS_* return value confusion
    - perf ftrace latency: Fix unit on histogram first entry when using --use-nsec
    - f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block
    - f2fs: check curseg->inited before write_sum_page in change_curseg
    - f2fs: fix to avoid use GC_AT when setting gc_mode as GC_URGENT_LOW or
      GC_URGENT_MID
    - PCI: cadence: Extract link setup sequence from cdns_pcie_host_setup()
    - PCI: cadence: Set cdns_pcie_host_init() global
    - PCI: j721e: Add reset GPIO to struct j721e_pcie
    - PCI: j721e: Use T_PERST_CLK_US macro
    - PCI: j721e: Add suspend and resume support
    - PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds
    - f2fs: fix to avoid forcing direct write to use buffered IO on inline_data
      inode
    - perf trace: avoid garbage when not printing a trace event's arguments
    - m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x
    - m68k: coldfire/device.c: only build FEC when HW macros are defined
    - perf list: Fix topic and pmu_name argument order
    - perf trace: Fix tracing itself, creating feedback loops
    - perf trace: Do not lose last events in a race
    - perf trace: Avoid garbage when not printing a syscall's arguments
    - remoteproc: qcom: pas: add minidump_id to SM8350 resources
    - rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length
    - remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region
    - nfsd: restore callback functionality for NFSv4.0
    - NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir()
    - NFSD: Fix nfsd4_shutdown_copy()
    - hwmon: (tps23861) Fix reporting of negative temperatures
    - vdpa/mlx5: Fix suboptimal range on iotlb iteration
    - selftests/mount_setattr: Fix failures on 64K PAGE_SIZE kernels
    - gpio: zevio: Add missed label initialisation
    - fs_parser: update mount_api doc to match function signature
    - LoongArch: Fix build failure with GCC 15 (-std=gnu23)
    - LoongArch: BPF: Sign-extend return values
    - power: supply: core: Remove might_sleep() from power_supply_put()
    - power: supply: bq27xxx: Fix registers of bq27426
    - power: supply: rt9471: Fix wrong WDT function regfield declaration
    - power: supply: rt9471: Use IC status regfield to report real charger status
    - net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device
    - tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets
    - net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL
      configuration
    - net: microchip: vcap: Add typegroup table terminators in kunit tests
    - net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged
    - net: mdio-ipq4019: add missing error check
    - marvell: pxa168_eth: fix call balance of pep->clk handling routines
    - net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken
    - octeontx2-af: RPM: Fix mismatch in lmac type
    - octeontx2-af: RPM: Fix low network performance
    - octeontx2-pf: Reset MAC stats during probe
    - octeontx2-af: RPM: fix stale RSFEC counters
    - octeontx2-af: RPM: fix stale FCFEC counters
    - octeontx2-af: Quiesce traffic before NIX block reset
    - spi: atmel-quadspi: Fix register name in verbose logging function
    - net: hsr: fix hsr_init_sk() vs network/transport headers.
    - bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down
    - bnxt_en: Refactor bnxt_ptp_init()
    - bnxt_en: Unregister PTP during PCI shutdown and suspend
    - llc: Improve setsockopt() handling of malformed user input
    - rxrpc: Improve setsockopt() handling of malformed user input
    - tcp: Fix use-after-free of nreq in reqsk_timer_handler().
    - ip6mr: fix tables suspicious RCU usage
    - ipmr: fix tables suspicious RCU usage
    - iio: light: al3010: Fix an error handling path in al3010_probe()
    - usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read()
    - usb: yurex: make waiting on yurex_write interruptible
    - USB: chaoskey: fail open after removal
    - USB: chaoskey: Fix possible deadlock chaoskey_list_lock
    - misc: apds990x: Fix missing pm_runtime_disable()
    - counter: stm32-timer-cnt: Add check for clk_enable()
    - counter: ti-ecap-capture: Add check for clk_enable()
    - ALSA: hda/realtek: Update ALC256 depop procedure
    - drm/radeon: add helper rdev_to_drm(rdev)
    - drm/radeon: change rdev->ddev to rdev_to_drm(rdev)
    - drm/radeon: Fix spurious unplug event on radeon HDMI
    - apparmor: fix 'Do simple duplicate message elimination'
    - ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry
    - gfs2: Don't set GLF_LOCK in gfs2_dispose_glock_lru
    - gfs2: Remove and replace gfs2_glock_queue_work
    - f2fs: fix fiemap failure issue when page size is 16KB
    - usb: ehci-spear: fix call balance of sehci clk handling routines
    - ALSA: usb-audio: Fix a DMA to stack memory bug
    - ASoC: Intel: sst: Fix used of uninitialized ctx to log an error
    - soc: qcom: socinfo: fix revision check in qcom_socinfo_probe()
    - ext4: supress data-race warnings in ext4_free_inodes_{count,set}()
    - ext4: fix FS_IOC_GETFSMAP handling
    - jfs: xattr: check invalid xattr size more strictly
    - ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5
      21MES00B00
    - ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata()
    - perf/x86/intel/pt: Fix buffer full but size is 0 case
    - crypto: x86/aegis128 - access 32-bit arguments as 32-bit
    - KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE
    - powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector
    - KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR
    - KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status
    - KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE
    - KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*
    - KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device
    - fsnotify: fix sending inotify event with unexpected filename
    - tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler
    - locking/lockdep: Avoid creating new name string literals in
      lockdep_set_subclass()
    - tools/nolibc: s390: include std.h
    - pinctrl: qcom: spmi: fix debugfs drive strength
    - dt-bindings: iio: dac: ad3552r: fix maximum spi speed
    - exfat: fix uninit-value in __exfat_get_dentry_set
    - Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}()
    - Compiler Attributes: disable __counted_by for clang < 19.1.3
    - usb: xhci: Fix TD invalidation under pending Set TR Dequeue
    - ARM: dts: omap36xx: declare 1GHz OPP as turbo again
    - wifi: brcmfmac: release 'root' node in all execution paths
    - Revert "usb: gadget: composite: fix OS descriptors w_value logic"
    - gpio: exar: set value when external pull-up or pull-down is present
    - spi: Fix acpi deferred irq probe
    - cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power()
    - cifs: support mounting with alternate password to allow password rotation
    - parisc/ftrace: Fix function graph tracing disablement
    - platform/chrome: cros_ec_typec: fix missing fwnode reference decrement
    - ubi: wl: Put source PEB into correct list if trying locking LEB failed
    - dt-bindings: serial: rs485: Fix rs485-rts-delay property
    - serial: 8250_fintek: Add support for F81216E
    - serial: 8250: omap: Move pm_runtime_get_sync
    - iio: gts: Fix uninitialized symbol 'ret'
    - ublk: fix ublk_ch_mmap() for 64K page size
    - arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled
    - block: fix missing dispatching request when queue is started or unquiesced
    - block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding
    - block: fix ordering between checking BLK_MQ_S_STOPPED request adding
    - blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long
    - HID: wacom: Interpret tilt data from Intuos Pro BT as signed values
    - soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting()
    - media: v4l2-core: v4l2-dv-timings: check cvt/gtf result
    - ALSA: ump: Fix evaluation of MIDI 1.0 FB info
    - ALSA: hda/realtek: Update ALC225 depop procedure
    - ALSA: hda/realtek: Fixup ALC225 depop procedure
    - ALSA: hda/realtek: Set PCBeep to default value for ALC274
    - ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max
    - ALSA: hda/realtek: Apply quirk for Medion E15433
    - smb3: request handle caching when caching directories
    - smb: client: handle max length for SMB symlinks
    - cifs: Add tracing for the cifs_tcon struct refcounting
    - usb: dwc3: gadget: Fix checking for number of TRBs left
    - ublk: fix error code for unsupported command
    - lib: string_helpers: silence snprintf() output truncation warning
    - um: Fix the return value of elf_core_copy_task_fpregs
    - um: Always dump trace for specified task in show_stack
    - rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq()
    - rtc: abx80x: Fix WDT bit position of the status register
    - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty
    - ubifs: Correct the total block count by deducting journal reservation
    - jffs2: fix use of uninitialized variable
    - rtc: rzn1: fix BCD to rtc_time conversion errors
    - nvme-multipath: prepare for "queue-depth" iopolicy
    - nvme-multipath: implement "queue-depth" iopolicy
    - nvme-multipath: avoid hang on inaccessible namespaces
    - nvme/multipath: Fix RCU list traversal to use SRCU primitive
    - block: return unsigned int from bdev_io_min
    - 9p/xen: fix init sequence
    - perf/arm-smmuv3: Fix lockdep assert in ->event_init()
    - perf/arm-cmn: Ensure port and device id bits are set properly
    - smb: client: disable directory caching when dir_cache_timeout is zero
    - cifs: Fix parsing native symlinks relative to the export
    - cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE
      session
    - rtc: ab-eoz9: don't fail temperature reads on undervoltage notification
    - init/modpost: conditionally check section mismatch to __meminit*
    - Rename .data.unlikely to .data..unlikely
    - Rename .data.once to .data..once to fix resetting WARN*_ONCE
    - modpost: remove incorrect code in do_eisa_entry()
    - cifs: during remount, make sure passwords are in sync
    - cifs: unlock on error in smb3_reconfigure()
    - nfs: ignore SB_RDONLY when mounting nfs
    - SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT
    - xfs: remove unknown compat feature check in superblock write validation
    - btrfs: don't loop for nowait writes when checking for cross references
    - md/md-bitmap: Add missing destroy_work_on_stack()
    - arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer
    - arm64: dts: freescale: imx8mm-verdin: Fix SD regulator startup delay
    - arm64: dts: ti: k3-am62-verdin: Fix SD regulator startup delay
    - media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled
    - arm64: dts: freescale: imx8mp-verdin: Fix SD regulator startup delay
    - media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
    - media: verisilicon: av1: Fix reference video buffer pointer assignment
    - media: platform: exynos4-is: Fix an OF node reference leak in
      fimc_md_is_isp_available
    - media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled
    - media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled
    - media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate()
    - media: uvcvideo: Stop stream during unregister
    - maple_tree: refine mas_store_root() on storing NULL
    - vmstat: call fold_vm_zone_numa_events() before show per zone NUMA event
    - zram: clear IDLE flag after recompression
    - iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables
    - leds: lp55xx: Remove redundant test for invalid channel number
    - clk: qcom: gcc-qcs404: fix initial rate of GPLL3
    - ARM: 9429/1: ioremap: Sync PGDs for VMALLOC shadow
    - ARM: 9430/1: entry: Do a dummy read from VMAP shadow
    - ARM: 9431/1: mm: Pair atomic_set_release() with _read_acquire()
    - ceph: extract entity name from device id
    - util_macros.h: fix/rework find_closest() macros
    - scsi: ufs: exynos: Fix hibern8 notify callbacks
    - i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled
    - PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie" compatible
    - PCI: keystone: Add link up check to ks_pcie_other_map_bus()
    - PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf()
    - fs/proc/kcore.c: Clear ret value in read_kcore_iter after successful
      iov_iter_zero
    - thermal: int3400: Fix reading of current_uuid for active policy
    - leds: flash: mt6360: Fix device_for_each_child_node() refcounting in error
      paths
    - ovl: properly handle large files in ovl_security_fileattr
    - dm: Fix typo in error message
    - dm thin: Add missing destroy_work_on_stack()
    - PCI: of_property: Assign PCI instead of CPU bus address to dynamic PCI nodes
    - PCI: rockchip-ep: Fix address translation unit programming
    - iio: accel: kx022a: Fix raw read format
    - iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name()
    - iio: gts: fix infinite loop for gain_to_scaletables()
    - powerpc: Fix stack protector Kconfig test for clang
    - powerpc: Adjust adding stack protector flags to KBUILD_CLAGS for clang
    - udmabuf: use vmf_insert_pfn and VM_PFNMAP for handling mmap
    - drm/mediatek: Fix child node refcount handling in early exit
    - drm/etnaviv: flush shader L1 cache after user commandstream
    - drm: xlnx: zynqmp_dpsub: fix hotplug detection
    - drm/amdkfd: Use the correct wptr size
    - drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu
      v13.0.7
    - posix-timers: Target group sigqueue to current task only if not exiting
    - wifi: cfg80211: Add wiphy_delayed_work_pending()
    - wifi: mac80211: Convert color collision detection to wiphy work
    - spi: stm32: fix missing device mode capability in stm32mp25
    - usb: typec: use cleanup facility for 'altmodes_node'
    - platform/x86: ideapad-laptop: add missing Ideapad Pro 5 fn keys
    - integrity: Avoid -Wflex-array-member-not-at-end warnings
    - integrity: Use static_assert() to check struct sizes
    - ASoC: max9768: Fix event generation for playback mute
    - ARM: 9434/1: cfi: Fix compilation corner case
    - drm/amd/display: Skip Invalid Streams from DSC Policy
    - drm/amd/display: Fix DSC-re-computing
    - drm/amd/display: Fix incorrect DSC recompute trigger
    - s390/facilities: Fix warning about shadow of global variable
    - cachefiles: Fix incorrect length return value in
      cachefiles_ondemand_fd_write_iter()
    - thermal: core: Drop thermal_zone_device_is_enabled()
    - thermal: core: Synchronize suspend-prepare and post-suspend actions
    - thermal: core: Rearrange PM notification code
    - thermal: core: Represent suspend-related thermal zone flags as bits
    - thermal: core: Mark thermal zones as initializing to start with
    - thermal: core: Fix race between zone registration and system suspend
    - crypto: qat - Fix missing destroy_workqueue in adf_init_aer()
    - sched/cpufreq: Ensure sd is rebuilt for EAS check
    - cleanup: Remove address space of returned pointer
    - ARM: dts: renesas: genmai: Fix partition size for QSPI NOR Flash
    - arm64: dts: mediatek: mt8395-genio-1200-evk: Fix dtbs_check error for phy
    - scripts/kernel-doc: Do not track section counter across processed files
    - arm64: dts: qcom: x1e80100: Resize GIC Redistributor register region
    - scripts/kernel-doc: add modeline for vim users
    - scripts/kernel-doc: simplify function printing
    - scripts/kernel-doc: separate out function signature
    - scripts/kernel-doc: simplify signature printing
    - doc: kerneldoc.py: fix indentation
    - kernel-doc: allow object-like macros in ReST output
    - arm64: dts: mediatek: mt8188: Fix USB3 PHY port default status
    - arm64: dts: rockchip: Remove 'enable-active-low' from two boards
    - arm64: dts: qcom: x1e80100: Update C4/C5 residency/exit numbers
    - dt-bindings: cache: qcom,llcc: Fix X1E80100 reg entries
    - pwm: Assume a disabled PWM to emit a constant inactive output
    - drm/imagination: Convert to use time_before macro
    - drm/imagination: Use pvr_vm_context_get()
    - drm/v3d: Flush the MMU before we supply more memory to the binner
    - drm/amdgpu: Fix JPEG v4.0.3 register write
    - ASoC: fsl-asoc-card: Add missing handling of {hp,mic}-dt-gpios
    - wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled
    - selftests/bpf: netns_new() and netns_free() helpers.
    - selftests/bpf: Fix backtrace printing for selftests crashes
    - selftests/bpf: add missing header include for htons
    - drm/vc4: hdmi: Increase audio MAI fifo dreq threshold
    - drm/vc4: Introduce generation number enum
    - drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load
    - drm/vc4: Correct generation check in vc4_hvs_lut_load
    - bpf: Tighten tail call checks for lingering locks, RCU, preempt_disable
    - drm/panfrost: Add missing OPP table refcnt decremental
    - selftests: netfilter: Fix missing return values in conntrack_dump_flush
    - Bluetooth: btintel: Do no pass vendor events to stack
    - Bluetooth: btbcm: fix missing of_node_put() in btbcm_get_board_name()
    - Bluetooth: ISO: Use kref to track lifetime of iso_conn
    - Bluetooth: ISO: Do not emit LE PA Create Sync if previous is pending
    - Bluetooth: hci_conn: Use __counted_by() to avoid -Wfamnae warning
    - Bluetooth: hci_conn: Use struct_size() in hci_le_big_create_sync()
    - Bluetooth: ISO: Do not emit LE BIG Create Sync if previous is pending
    - Bluetooth: ISO: Send BIG Create Sync via hci_sync
    - Bluetooth: iso: Fix circular lock in iso_conn_big_sync
    - net: txgbe: remove GPIO interrupt controller
    - net: txgbe: fix null pointer to pcs
    - RDMA/core: Provide rdma_user_mmap_disassociate() to disassociate mmap pages
    - RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset
    - iommu/amd: Remove amd_iommu_domain_update() from page table freeing
    - iommu/amd/pgtbl_v2: Take protection domain lock before invalidating TLB
    - RDMA/hns: Fix flush cqe error when racing with destroy qp
    - RDMA/hns: Modify debugfs name
    - leds: max5970: Fix unreleased fwnode_handle in probe function
    - kasan: move checks to do_strncpy_from_user
    - kunit: skb: use "gfp" variable instead of hardcoding GFP_KERNEL
    - RDMA/hns: Fix different dgids mapping to the same dip_idx
    - RDMA/hns: Fix accessing invalid dip_ctx during destroying QP
    - rust: kernel: add srctree-relative doclinks
    - rust: kernel: fix THIS_MODULE header path in ThisModule doc comment
    - i3c: master: Remove i3c_dev_disable_ibi_locked(olddev) on device hotjoin
    - remoteproc: qcom: pas: Remove subdevs on the error path of adsp_probe()
    - remoteproc: qcom: adsp: Remove subdevs on the error path of adsp_probe()
    - nfsd: Revert "nfsd: release svc_expkey/svc_export with rcu_work"
    - f2fs: clean up val{>>,<<}F2FS_BLKSIZE_BITS
    - f2fs: fix to do cast in F2FS_{BLK_TO_BYTES, BTYES_TO_BLK} to avoid overflow
    - vfio/mlx5: Fix unwind flows in mlx5vf_pci_save/resume_device_data()
    - exfat: fix file being changed by unaligned direct write
    - bnxt_en: Set backplane link modes correctly for ethtool
    - devres: Fix page faults when tracing devres from unloaded modules
    - usb: gadget: uvc: wake pump everytime we update the free list
    - drm/xe/ufence: Wake up waiters after setting ufence->signalled
    - net_sched: sch_fq: don't follow the fast path if Tx is behind now
    - ASoC: da7213: Populate max_register to regmap_config
    - KVM: x86: switch hugepage recovery thread to vhost_task
    - kvm: defer huge page recovery vhost task to later
    - KVM: x86/mmu: Ensure NX huge page recovery thread is alive before waking
    - KVM: arm64: Change kvm_handle_mmio_return() return polarity
    - dt-bindings: pinctrl: samsung: Fix interrupt constraint for variants with
      fallbacks
    - xhci: Fix control transfer error on Etron xHCI host
    - xhci: Combine two if statements for Etron xHCI host
    - xhci: Don't perform Soft Retry for Etron xHCI host
    - xhci: Don't issue Reset Device command to Etron xHCI host
    - mtd: spi-nor: core: replace dummy buswidth from addr to data
    - Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data"
    - RISC-V: Scalar unaligned access emulated on hotplug CPUs
    - serial: amba-pl011: Fix RX stall when DMA is used
    - serial: amba-pl011: fix build regression
    - i40e: Fix handling changed priv flags
    - netdev-genl: Hold rcu_read_lock in napi_get
    - usb: misc: ljca: set small runtime autosuspend delay
    - usb: misc: ljca: move usb_autopm_put_interface() after wait for response
    - blk-mq: add non_owner variant of start_freeze/unfreeze queue APIs
    - block: model freeze & enter queue as lock for supporting lockdep
    - block: always verify unfreeze lock on the owner task
    - x86/Documentation: Update algo in init_size description of boot protocol
    - kbuild: deb-pkg: Don't fail if modules.order is missing
    - tools/power turbostat: Fix trailing '\n' parsing
    - block: don't verify IO lock for freeze/unfreeze in elevator_init_mq()
    - zram: permit only one post-processing operation at a time
    - perf jevents: Don't stop at the first matched pmu when searching a events
      table
    - docs: media: update location of the media patches
    - Revert "KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata handling out of
      setup_vmcs_config()"
    - soc: fsl: cpm1: qmc: Fix blank line and spaces
    - soc: fsl: cpm1: qmc: Re-order probe() operations
    - soc: fsl: cpm1: qmc: Introduce qmc_init_resource() and its CPM1 version
    - soc: fsl: cpm1: qmc: Introduce qmc_{init,exit}_xcc() and their CPM1 version
    - soc: fsl: cpm1: qmc: Set the ret error code on platform_get_irq() failure
    - x86/mm: Carve out INVLPG inline asm for use by others
    - ALSA: hda/realtek: Enable mic on Vaio VJFH52
    - ALSA: hda/realtek: Enable speaker pins for Medion E15443 platform
    - ALSA: hda/realtek: fix mute/micmute LEDs don't work for EliteBook X G1i
    - usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing
      logic
    - sched: Initialize idle tasks only once
    - Upstream stable to v6.6.64, v6.11.11, v6.12.1, v6.12.2, v6.12.3

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53222
    - zram: fix NULL pointer in comp_algorithm_show()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53169
    - nvme-fabrics: fix kernel crash while shutting down controller

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56721
    - x86/CPU/AMD: Terminate the erratum_1386_microcode array

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53187
    - io_uring: check for overflows in io_pin_pages

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53147
    - exfat: fix out-of-bounds access of directory entries

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53196
    - KVM: arm64: Don't retire aborted MMIO instruction

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56685
    - ASoC: mediatek: Check num_codecs is not zero to avoid panic during probe

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53201
    - drm/amd/display: Fix null check for pipe_ctx->plane_state in
      dcn20_program_pipe

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53203
    - usb: typec: fix potential array underflow in ucsi_ccg_sync_control()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53209
    - bnxt_en: Fix receive ring space parameters when XDP is active

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56742
    - vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53216
    - nfsd: release svc_expkey/svc_export with rcu_work

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53219
    - virtiofs: use pages instead of pointer for kernel direct IO

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53221
    - f2fs: fix null-ptr-deref in f2fs_submit_page_bio()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53228
    - riscv: kvm: Fix out-of-bounds array access

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53232
    - iommu/s390: Implement blocking domain

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53236
    - xsk: Free skb when TX metadata options are invalid

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56703
    - ipv6: Fix soft lockups in fib6_select_path under high next hop churn

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56540
    - accel/ivpu: Prevent recovery invocation during probe and resume

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53163
    - crypto: qat/qat_420xx - fix off by one in uof_get_name()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56755
    - netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56549
    - cachefiles: Fix NULL pointer dereference in object->file

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56551
    - drm/amdgpu: fix usage slab after free

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56776
    - drm/sti: avoid potential dereference of error pointers

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56777
    - drm/sti: avoid potential dereference of error pointers in
      sti_gdp_atomic_check

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56778
    - drm/sti: avoid potential dereference of error pointers in
      sti_hqvdp_atomic_check

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56557
    - iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56779
    - nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56558
    - nfsd: make sure exp active before svc_export_show

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56562
    - i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56566
    - mm/slub: Avoid list corruption when removing a slab from the full list

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-57838
    - s390/entry: Mark IRQ entries to fix stack depot warnings

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56567
    - ad7780: fix division by zero in ad7780_write_raw()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56569
    - ftrace: Fix regression with module command in stack_trace_filter

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56570
    - ovl: Filter invalid inodes with missing lookup function

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56572
    - media: platform: allegro-dvt: Fix possible memory leak in
      allocate_buffers_internal()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56573
    - efi/libstub: Free correct pointer on failure

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56574
    - media: ts2020: fix null-ptr-deref in ts2020_probe()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56575
    - media: imx-jpeg: Ensure power suppliers be suspended before detach them

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56576
    - media: i2c: tc358743: Fix crash in the probe error path when using polling

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56577
    - media: mtk-jpeg: Fix null-ptr-deref during unload module

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56578
    - media: imx-jpeg: Set video drvdata before register video device

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56579
    - media: amphion: Set video drvdata before register video device

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56581
    - btrfs: ref-verify: fix use-after-free after invalid ref action

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56774
    - btrfs: add a sanity check for btrfs root in btrfs_search_slot()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56780
    - quota: flush quota_release_work upon quota writeback

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53168
    - sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56688
    - sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56729
    - smb: Initialize cfid->tcon before performing network ops

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56704
    - 9p/xen: fix release of IRQ

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53171
    - ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53172
    - ubi: fastmap: Fix duplicate slab cache names while attaching

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56739
    - rtc: check if __rtc_read_time was successful in rtc_timer_do_work()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53173
    - NFSv4.0: Fix a use-after-free problem in the asynchronous open()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53145
    - um: Fix potential integer overflow during physmem setup

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53174
    - SUNRPC: make sure cache entry active before cache_show

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53146
    - NFSD: Prevent a potential integer overflow

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53175
    - ipc: fix memleak if msg_init_ns failed in create_ipc_ns

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56692
    - f2fs: fix to do sanity check on node blkaddr in truncate_node()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56698
    - usb: dwc3: gadget: Fix looping of queued SG entries

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56687
    - usb: musb: Fix hardware lockup on first Rx endpoint request

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53176
    - smb: During unmount, ensure all cached dir instances drop their dentry

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53177
    - smb: prevent use-after-free due to open_cached_dir error paths

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53178
    - smb: Don't leak cfid when reconnect races with open_cached_dir

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53180
    - ALSA: pcm: Add sanity NULL check for the default mmap fault handler

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56700
    - media: wl128x: Fix atomicity violation in fmc_send_cmd()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2022-49034
    - sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53181
    - um: vector: Do not use drvdata in release

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53183
    - um: net: Do not use drvdata in release

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53184
    - um: ubd: Do not use drvdata in release

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53185
    - smb: client: fix NULL ptr deref in crypto_aead_setkey()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53188
    - wifi: ath12k: fix crash when unbinding

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53190
    - wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of
      failures

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53191
    - wifi: ath12k: fix warning when unbinding

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56741
    - apparmor: test: Fix memory leak for aa_unpack_strdup()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53148
    - comedi: Flush partial mappings in error case

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53194
    - PCI: Fix use-after-free of slot->bus on hot remove

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53195
    - KVM: arm64: Get rid of userspace_irqchip_in_use

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53197
    - ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox
      devices

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-42122
    - drm/amd/display: Add NULL pointer check for kzalloc

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-49906
    - drm/amd/display: Check null pointer before try to access it

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53150
    - ALSA: usb-audio: Fix out of bounds reads when finding clock sources

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53198
    - xen: Fix the issue of resource not being properly released in
      xenbus_dev_probe()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-41014
    - xfs: add bounds checking to xlog_recover_process_data

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53200
    - drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53202
    - firmware_loader: Fix possible resource leak in fw_log_firmware_info()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53208
    - Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53210
    - s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53213
    - net: usb: lan78xx: Fix double free issue with interrupt buffer allocation

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53214
    - vfio/pci: Properly hide first-in-list PCIe extended capability

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53215
    - svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53217
    - NFSD: Prevent NULL dereference in nfsd4_process_cb_update()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56689
    - PCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks 'mmio'

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53151
    - svcrdma: Address an integer overflow

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53218
    - f2fs: fix race in concurrent f2fs_stop_gc_thread

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56744
    - f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53220
    - f2fs: fix to account dirty data in __get_secs_required()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56745
    - PCI: Fix reset_method_store() memory leak

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53223
    - clk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53154
    - clk: clk-apple-nco: Add NULL check in applnco_probe

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53224
    - RDMA/mlx5: Move events notifier registration to be after device registration

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56746
    - fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53155
    - ocfs2: fix uninitialized value in ocfs2_file_read_iter()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53226
    - RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56747
    - scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56748
    - scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53229
    - RDMA/rxe: Fix the qp flush warnings in req

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56722
    - RDMA/hns: Fix cpu stuck caused by printings during reset

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53230
    - cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53231
    - cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56701
    - powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56678
    - powerpc/mm/fault: Fix kfence page fault reporting

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56677
    - powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56723
    - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56724
    - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56691
    - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53233
    - unicode: Fix utf8_load() error path

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56694
    - bpf: fix recursive lock when verdict program return SK_PASS

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53234
    - erofs: handle NONHEAD !delta[1] lclusters gracefully

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53239
    - ALSA: 6fire: Release resources at card release

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56531
    - ALSA: caiaq: Use snd_card_free_when_closed() at disconnection

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56532
    - ALSA: us122l: Use snd_card_free_when_closed() at disconnection

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56533
    - ALSA: usx2y: Use snd_card_free_when_closed() at disconnection

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56751
    - ipv6: release nexthop on device removal

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56720
    - bpf, sockmap: Several fixes to bpf_msg_pop_data

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56538
    - drm: zynqmp_kms: Unplug DRM device before removal

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56752
    - drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56725
    - octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56707
    - octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56726
    - octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56727
    - octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56728
    - octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56679
    - octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56539
    - wifi: mwifiex: Fix memcpy() field-spanning write warning in
      mwifiex_config_scan()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56543
    - wifi: ath12k: Skip Rx TID cleanup for self peer

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56683
    - drm/vc4: hdmi: Avoid hang with debug registers when suspended

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56545
    - HID: hyperv: streamline driver probe to avoid devres issues

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56705
    - media: atomisp: Add check for rgby_data memory allocation failure

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53157
    - firmware: arm_scpi: Check the DVFS OPP count returned by the firmware

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53158
    - soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56546
    - drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56681
    - crypto: bcm - add error check in the ahash_hmac_init function

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53160
    - rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56708
    - EDAC/igen6: Avoid segmentation fault on module unload

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56690
    - crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return
      -EBUSY

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53161
    - EDAC/bluefield: Fix potential integer overflow

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53162
    - crypto: qat/qat_4xxx - fix off by one in uof_get_name()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56754
    - crypto: caam - Fix the pointer passed to caam_qi_shutdown()

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56548
    - hfsplus: don't query the device logical block size multiple times

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56756
    - nvme-pci: fix freeing of the HMB descriptor table

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-53142
    - initramfs: avoid filename buffer overrun

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-56693
    - brd: defer automatic disk creation until module initialization succeeds

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-44955
    - drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute

* Noble update: upstream stable patchset 2025-03-11 (LP: #2101915) //
    CVE-2024-49899
    - drm/amd/display: Initialize denominators' default to 1

* Noble update: upstream stable patchset 2025-03-06 (LP: #2101042)
    - sctp: fix possible UAF in sctp_v6_available()
    - net: vertexcom: mse102x: Fix tx_bytes calculation
    - drm/rockchip: vop: Fix a dereferenced before check warning
    - mptcp: error out earlier on disconnect
    - mptcp: cope racing subflow creation in mptcp_rcv_space_adjust
    - net/mlx5: fs, lock FTE when checking if active
    - net/mlx5e: kTLS, Fix incorrect page refcounting
    - net/mlx5e: clear xdp features on non-uplink representors
    - net/mlx5e: CT: Fix null-ptr-deref in add rule err flow
    - virtio/vsock: Fix accept_queue memory leak
    - Bluetooth: btintel: Direct exception event to bluetooth stack
    - net: sched: cls_u32: Fix u32's systematic failure to free IDR entries for
      hnodes.
    - samples: pktgen: correct dev to DEV
    - net: stmmac: dwmac-mediatek: Fix inverted handling of mediatek,mac-wol
    - net: Make copy_safe_from_sockptr() match documentation
    - stmmac: dwmac-intel-plat: fix call balance of tx_clk handling routines
    - net: ti: icssg-prueth: Fix 1 PPS sync
    - bonding: add ns target multicast address to slave device
    - ARM: 9419/1: mm: Fix kernel memory mapping for xip kernels
    - x86/mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y
    - mm: fix NULL pointer dereference in alloc_pages_bulk_noprof
    - ocfs2: uncache inode which has failed entering the group
    - vdpa: solidrun: Fix UB bug with devres
    - vdpa/mlx5: Fix PA offset with unaligned starting iotlb map
    - vp_vdpa: fix id_table array not null terminated error
    - ima: fix buffer overrun in ima_eventdigest_init_common
    - KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled
    - KVM: x86: Unconditionally set irr_pending when updating APICv state
    - KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind
      CONFIG_BROKEN
    - nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint
    - nommu: pass NULL argument to vma_iter_prealloc()
    - ALSA: hda/realtek - Fixed Clevo platform headset Mic issue
    - ocfs2: fix UBSAN warning in ocfs2_verify_volume()
    - nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint
    - LoongArch: Fix early_numa_add_cpu() usage for FDT systems
    - LoongArch: Disable KASAN if PGDIR_SIZE is too large for cpu_vabits
    - LoongArch: Make KASAN work with 5-level page-tables
    - Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"
    - mmc: sunxi-mmc: Fix A100 compatible description
    - drm/bridge: tc358768: Fix DSI command tx
    - pmdomain: imx93-blk-ctrl: correct remove path
    - nouveau: fw: sync dma after setup is called.
    - drm/amd: Fix initialization mistake for NBIO 7.7.0
    - drm/amd/display: Adjust VSDB parser for replay feature
    - lib/buildid: Fix build ID parsing logic
    - media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set
    - mptcp: add userspace_pm_lookup_addr_by_id helper
    - mptcp: update local address flags when setting it
    - mptcp: hold pm lock when deleting entry
    - mptcp: drop lookup_by_id in lookup_addr
    - mptcp: pm: use _rcu variant under rcu_read_lock
    - mm: avoid unsafe VMA hook invocation when error arises on mmap hook
    - mm: unconditionally close VMAs on error
    - mm: refactor map_deny_write_exec()
    - mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling
    - mm: resolve faulty mmap_region() error path behaviour
    - net/mlx5: Fix msix vectors to respect platform limit
    - vsock: Fix sk_error_queue memory leak
    - virtio/vsock: Improve MSG_ZEROCOPY error handling
    - net: phylink: ensure PHY momentary link-fails are handled
    - drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle
    - ARM: fix cacheflush with PAN
    - drm/amd/display: Run idle optimizations at end of vblank handler
    - drm/amd/display: Change some variable name of psr
    - x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client
    - x86/stackprotector: Work around strict Clang TLS symbol requirements
    - sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers
    - fs/proc/task_mmu: prevent integer overflow in pagemap_scan_get_args()
    - mm/mremap: fix address wraparound in move_page_tables()
    - KVM: selftests: Disable strict aliasing
    - mm: page_alloc: move mlocked flag clearance into free_pages_prepare()
    - LoongArch: Add WriteCombine shadow mapping in KASAN
    - drm/xe: handle flat ccs during hibernation on igpu
    - pmdomain: arm: Use FLAG_DEV_NAME_FW to ensure unique names
    - pmdomain: core: Add GENPD_FLAG_DEV_NAME_FW flag
    - nouveau: handle EBUSY and EAGAIN for GSP aux errors.
    - nouveau/dp: handle retries for AUX CH transfers with GSP.
    - drm/amdgpu: fix check in gmc_v9_0_get_vm_pte()
    - drm/amdgpu: Fix video caps for H264 and HEVC encode maximum size
    - drm/amd/pm: print pp_dpm_mclk in ascending order on SMU v14.0.0
    - drm/amd/display: Handle dml allocation failure to avoid crash
    - drm/amd/display: Fix failure to read vram info due to static BP_RESULT
    - drm/xe: Restore system memory GGTT mappings
    - drm/xe: improve hibernation on igpu
    - net: sched: u32: Add test case for systematic hnode IDR leaks
    - Upstream stable to v6.6.63, v6.11.10

* Noble update: upstream stable patchset 2025-03-04 (LP: #2100894)
    - 9p: v9fs_fid_find: also lookup by inode if not found dentry
    - 9p: Avoid creating multiple slab caches with the same name
    - selftests/bpf: Verify that sync_linked_regs preserves subreg_def
    - irqchip/ocelot: Fix trigger register address
    - nvme: tcp: avoid race between queue_lock lock and destroy
    - block: Fix elevator_get_default() checking for NULL q->tag_set
    - HID: multitouch: Add support for B2402FVA track point
    - HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad
    - iommu/arm-smmu: Clarify MMU-500 CPRE workaround
    - nvme: disable CC.CRIME (NVME_CC_CRIME)
    - bpf: use kvzmalloc to allocate BPF verifier environment
    - crypto: api - Fix liveliness check in crypto_alg_tested
    - crypto: marvell/cesa - Disable hash algorithms
    - sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML
    - drm/vmwgfx: Limit display layout ioctl array size to
      VMWGFX_NUM_DISPLAY_UNITS
    - RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES
    - nvme-multipath: defer partition scanning
    - drm/amdkfd: Accounting pdd vram_usage for svm
    - powerpc/powernv: Free name on error in opal_event_init()
    - net: phy: mdio-bcm-unimac: Add BCM6846 support
    - nvme-loop: flush off pending I/O while shutting down loop controller
    - smb: client: Fix use-after-free of network namespace.
    - nvme/host: Fix RCU list traversal to use SRCU primitive
    - vDPA/ifcvf: Fix pci_read_config_byte() return code handling
    - bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx
    - bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6
    - ASoC: amd: yc: Add quirk for ASUS Vivobook S15 M3502RA
    - ASoC: amd: yc: Fix non-functional mic on ASUS E1404FA
    - fs: Fix uninitialized value issue in from_kuid and from_kgid
    - HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad
    - HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard
    - RISCV: KVM: use raw_spinlock for critical section in imsic
    - ASoC: rt722-sdca: increase clk_stop_timeout to fix clock stop issue
    - LoongArch: Use "Exception return address" to comment ERA
    - ASoC: fsl_micfil: Add sample rate constraint
    - net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition
    - bpf: Check validity of link->type in bpf_link_show_fdinfo()
    - mm: support order-1 folios in the page cache
    - mm: always initialise folio->_deferred_list
    - mm: refactor folio_undo_large_rmappable()
    - mm/thp: fix deferred split unqueue naming and locking
    - 9p: fix slab cache name creation for real
    - nvmet-passthru: clear EUID/NGUID/UUID while using loop target
    - pinctrl: intel: platform: Add Panther Lake to the list of supported
    - s390/ap: Fix CCA crypto card behavior within protected execution environment
    - selftests/bpf: Assert link info uprobe_multi count & path_size if unset
    - ALSA: hda/tas2781: Add new quirk for Lenovo, ASUS, Dell projects
    - drm/xe/query: Increase timestamp width
    - nvme: make keep-alive synchronous operation
    - samples/landlock: Fix port parsing in sandboxer
    - ASoC: Intel: avs: Update stream status in a separate thread
    - ASoC: codecs: Fix error handling in aw_dev_get_dsp_status function
    - netfs: Downgrade i_rwsem for a buffered write
    - afs: Fix lock recursion
    - HID: i2c-hid: Delayed i2c resume wakeup for 0x0d42 Goodix touchpad
    - LoongArch: KVM: Mark hrtimer to expire in hard interrupt context
    - drm/xe: Don't restart parallel queues multiple times on GT reset
    - Upstream stable to v6.6.62, v6.11.9

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292)
    - arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610
    - arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-
      excavator
    - arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328
    - arm64: dts: rockchip: Fix wakeup prop names on PineNote BT node
    - arm64: dts: rockchip: Fix reset-gpios property on brcm BT nodes
    - arm64: dts: rockchip: fix i2c2 pinctrl-names property on anbernic-rg353p/v
    - arm64: dts: rockchip: Fix bluetooth properties on rk3566 box demo
    - arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards
    - arm64: dts: rockchip: Add DTS for FriendlyARM NanoPi R2S Plus
    - arm64: dts: rockchip: Remove undocumented supports-emmc property
    - arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion
    - arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc
    - arm64: dts: rockchip: remove num-slots property from rk3328-nanopi-r2s-plus
    - arm64: dts: imx8-ss-vpu: Fix imx8qm VPU IRQs
    - arm64: dts: imx8mp: correct sdhc ipg clk
    - arm64: dts: rockchip: remove orphaned pinctrl-names from pinephone pro
    - ARM: dts: rockchip: fix rk3036 acodec node
    - ARM: dts: rockchip: drop grf reference from rk3036 hdmi
    - ARM: dts: rockchip: Fix the spi controller on rk3036
    - ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin
    - arm64: dts: rockchip: Correct GPIO polarity on brcm BT nodes
    - sunrpc: handle -ENOTCONN in xs_tcp_setup_socket()
    - NFSv3: only use NFS timeout for MOUNT when protocols are compatible
    - nfs: avoid i_lock contention in nfs_clear_invalid_mapping
    - net: enetc: set MAC address to the VF net_device
    - dt-bindings: net: xlnx,axi-ethernet: Correct phy-mode property value
    - can: c_can: fix {rx,tx}_errors statistics
    - can: c_can: c_can_handle_bus_err(): update statistics if skb allocation
      fails
    - ice: change q_index variable type to s16 to store -1 value
    - e1000e: Remove Meteor Lake SMBUS workarounds
    - net: phy: ti: add PHY_RST_AFTER_CLK_EN flag
    - net: stmmac: Fix unbalanced IRQ wake disable warning on single irq case
    - netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx
    - netfilter: nf_tables: wait for rcu grace period on net_device removal
    - netfilter: nf_tables: do not defer rule destruction via call_rcu
    - net: arc: rockchip: fix emac mdio node support
    - drivers: net: ionic: add missed debugfs cleanup to ionic_probe() error path
    - Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown"
    - media: stb0899_algo: initialize cfr before using it
    - media: dvb_frontend: don't play tricks with underflow values
    - media: adv7604: prevent underflow condition when reporting colorspace
    - scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer
    - ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init()
    - tools/lib/thermal: Fix sampling handler context ptr
    - thermal/of: support thermal zones w/o trips subnode
    - ASoC: SOF: sof-client-probes-ipc4: Set param_size extension bits
    - media: pulse8-cec: fix data timestamp at pulse8_setup()
    - media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl()
    - can: m_can: m_can_close(): don't call free_irq() for IRQ-less devices
    - can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation
    - can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when
      switching CAN modes
    - ksmbd: count all requests in req_running counter
    - ksmbd: fix broken transfers when exceeding max simultaneous operations
    - pwm: imx-tpm: Use correct MODULO value for EPWM mode
    - rpmsg: glink: Handle rejected intent request better
    - drm/amdgpu: Adjust debugfs eviction and IB access permissions
    - drm/amdgpu: Adjust debugfs register access permissions
    - drm/amdgpu: Fix DPX valid mode check on GC 9.4.3
    - thermal/drivers/qcom/lmh: Remove false lockdep backtrace
    - dm cache: correct the number of origin blocks to match the target length
    - dm cache: optimize dirty bit checking with find_next_bit when resizing
    - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t
      overflow
    - ALSA: usb-audio: Add quirk for HP 320 FHD Webcam
    - net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc()
    - mptcp: use sock_kfree_s instead of kfree
    - arm64: Kconfig: Make SME depend on BROKEN for now
    - [Config] updateconfigs for ARM64_SME
    - arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint
    - Revert "wifi: mac80211: fix RCU list iterations"
    - i2c: designware: do not hold SCL low when I2C_DYNAMIC_TAR_UPDATE is not set
    - fs/proc: fix compile warning about variable 'vmcore_mmap_ops'
    - usb: dwc3: fix fault at system suspend if device was already runtime
      suspended
    - USB: serial: qcserial: add support for Sierra Wireless EM86xx
    - USB: serial: option: add Fibocom FG132 0x0112 composition
    - USB: serial: option: add Quectel RG650V
    - irqchip/gic-v3: Force propagation of the active state with a read-back
    - ucounts: fix counter leak in inc_rlimit_get_ucounts()
    - ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022
    - arm64: dts: rockchip: Designate Turing RK1's system power controller
    - EDAC/qcom: Make irq configuration optional
    - arm64: dts: rockchip: Drop regulator-init-microvolt from two boards
    - net: dpaa_eth: print FD status in CPU endianness in dpaa_eth_fd tracepoint
    - virtio_net: Sync rss config to device when virtnet_probe
    - drm/xe: Set mask bits for CCS_MODE register
    - drm/amd/display: Fix brightness level not retained over reboot
    - drm/imagination: Add a per-file PVR context list
    - mptcp: no admin perm to list endpoints
    - btrfs: fix the length of reserved qgroup to free
    - btrfs: fix per-subvolume RO/RW flags with new mount API
    - clk: qcom: gcc-x1e80100: Fix USB MP SS1 PHY GDSC pwrsts flags
    - clk: qcom: clk-alpha-pll: Fix pll post div mask when width is not set
    - objpool: fix to make percpu slot allocation more robust
    - mm/damon/core: handle zero {aggregation,ops_update} intervals
    - mm/damon/core: handle zero schemes apply interval
    - mm/mlock: set the correct prev on failure
    - clk: qcom: gcc-x1e80100: Fix halt_check for pipediv2 clocks
    - staging: vchiq_arm: Get the rid off struct vchiq_2835_state
    - staging: vchiq_arm: Use devm_kzalloc() for vchiq_arm_state allocation
    - drm/xe/guc/ct: Flush g2h worker in case of g2h response timeout
    - drm/xe: Move LNL scheduling WA to xe_device.h
    - drm/xe/ufence: Flush xe ordered_wq in case of ufence timeout
    - drm/xe/guc/tlb: Flush g2h worker in case of tlb timeout
    - xtensa: Emulate one-byte cmpxchg
    - Upstream stable to v6.6.61, v6.11.8

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50270
    - mm/damon/core: avoid overflow in damon_feed_loop_next_input()

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50274
    - idpf: avoid vport access in idpf_get_link_ksettings

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-53067
    - scsi: ufs: core: Start the RTC update work later

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-53084
    - drm/imagination: Break an object reference loop

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-53085
    - tpm: Lock TPM chip in tpm_pm_suspend() first

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-53086
    - drm/xe: Drop VM dma-resv lock on xe_sync_in_fence_get failure in exec IOCTL

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-53087
    - drm/xe: Fix possible exec queue leak in exec IOCTL

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50288
    - media: vivid: fix buffer overwrite when using > 32 buffers

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50289
    - media: av7110: fix a spectre vulnerability

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-53062
    - media: mgb4: protect driver against spectre

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50291
    - media: dvb-core: add missing buffer index check

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50297
    - net: xilinx: axienet: Enqueue Tx packets in dql before dmaengine starts

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50267
    - USB: serial: io_edgeport: fix use after free in debug printk

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50268
    - usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-53083
    - usb: typec: qcom-pmic: init value of hdr_len/txbuf_len earlier

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50269
    - usb: musb: sunxi: Fix accessing an released usb phy

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50271
    - signal: restore the override_rlimit logic

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50272
    - filemap: Fix bounds checking in filemap_read()

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50273
    - btrfs: reinitialize delayed ref list after deleting it from the list

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50275
    - arm64/sve: Discard stale CPU state when handling SVE traps

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50276
    - net: vertexcom: mse102x: Fix possible double free of TX skb

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-53066
    - nfs: Fix KMSAN warning in decode_getfattr_attrs()

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50278
    - dm cache: fix potential out-of-bounds access on the first resume

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50279
    - dm cache: fix out-of-bounds access to the dirty bitset when resizing

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50280
    - dm cache: fix flushing uninitialized delayed_work on cache_ctr error

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-53060
    - drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50282
    - drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50283
    - ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50284
    - ksmbd: Fix the missing xa_store error check

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50285
    - ksmbd: check outstanding simultaneous SMB operations

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50286
    - ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50287
    - media: v4l2-tpg: prevent the risk of a division by zero

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50290
    - media: cx24116: prevent overflows on SNR calculus

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-53061
    - media: s5p-jpeg: prevent buffer overflows

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-53081
    - media: ar0521: don't overflow when checking PLL values

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50292
    - ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50294
    - rxrpc: Fix missing locking causing hanging calls

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50295
    - net: arc: fix the device for dma_map_single/dma_unmap_single

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-53082
    - virtio_net: Add hash_key_length check

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50296
    - net: hns3: fix kernel crash when uninstalling driver

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-53088
    - i40e: fix race condition by adding filter's intermediate sync state

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50298
    - net: enetc: allocate vf_state during PF probes

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50299
    - sctp: properly validate chunk size in sctp_sf_ootb()

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50300
    - regulator: rtq2208: Fix uninitialized use of regulator_config

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-50301
    - security/keys: fix slab-out-of-bounds in key_task_permission

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-53072
    - platform/x86/amd/pmc: Detect when STB is not available

* Noble update: upstream stable patchset 2025-02-27 (LP: #2100292) //
    CVE-2024-53068
    - firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier()

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996)
    - Input: xpad - sort xpad_device by vendor and product ID
    - Input: xpad - add support for 8BitDo Ultimate 2C Wireless Controller
    - cgroup: Fix potential overflow issue when checking max_depth
    - spi: geni-qcom: Fix boot warning related to pm_runtime and devres
    - wifi: iwlegacy: Fix "field-spanning write" warning in il_enqueue_hcmd()
    - mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING
    - wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys
    - wifi: ath11k: Fix invalid ring usage in full monitor mode
    - wifi: brcm80211: BRCM_TRACING should depend on TRACING
    - RDMA/cxgb4: Dump vendor specific QP details
    - RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down
    - RDMA/bnxt_re: Fix the usage of control path spin locks
    - RDMA/bnxt_re: synchronize the qp-handle table array
    - RDMA/bnxt_re: Fix the locking while accessing the QP table
    - wifi: iwlwifi: mvm: disconnect station vifs if recovery failed
    - wifi: iwlwifi: mvm: don't add default link in fw restart flow
    - ASoC: cs42l51: Fix some error handling paths in cs42l51_probe()
    - net: stmmac: dwmac4: Fix high address display by updating reg_space[] from
      register values
    - net: stmmac: fix TSO DMA API usage causing oops
    - gtp: allow -1 to be specified as file description from userspace
    - bpf: Force checkpoint when jmp history is too long
    - net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension
    - net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets
    - mlxsw: spectrum_ptp: Add missing verification before pushing Tx header
    - bpf, test_run: Fix LIVE_FRAME frame update after a page has been recycled
    - iomap: improve shared block detection in iomap_unshare_iter
    - iomap: don't bother unsharing delalloc extents
    - iomap: share iomap_unshare_iter predicate code with fsdax
    - fsdax: remove zeroing code from dax_unshare_iter
    - iomap: turn iomap_want_unshare_iter into an inline function
    - kasan: Fix Software Tag-Based KASAN with GCC
    - firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state()
    - afs: Fix missing subdir edit when renamed between parent dirs
    - smb: client: set correct device number on nfs reparse points
    - cxl/events: Fix Trace DRAM Event Record
    - fs/ntfs3: Fix warning possible deadlock in ntfs_set_state
    - fs/ntfs3: Stale inode instead of bad
    - scsi: scsi_transport_fc: Allow setting rport state to current state
    - cifs: Fix creating native symlinks pointing to current or parent directory
    - thermal: intel: int340x: processor: Remove MMIO RAPL CPU hotplug support
    - thermal: intel: int340x: processor: Add MMIO RAPL PL4 support
    - net: amd: mvme147: Fix probe banner message
    - NFS: remove revoked delegation from server's delegation list
    - misc: sgi-gru: Don't disable preemption in GRU driver
    - usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler
    - usb: gadget: dummy_hcd: Set transfer interval to 1 microframe
    - usb: gadget: dummy_hcd: execute hrtimer callback in softirq context
    - USB: gadget: dummy-hcd: Fix "task hung" problem
    - ALSA: usb-audio: Add quirks for Dell WD19 dock
    - usbip: tools: Fix detach_port() invalid port error path
    - usb: phy: Fix API devm_usb_put_phy() can not release the phy
    - usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes()
    - usb: typec: qcom-pmic-typec: use fwnode_handle_put() to release fwnodes
    - xhci: Fix Link TRB DMA in command ring stopped completion event
    - xhci: Use pm_runtime_get to prevent RPM on unsupported systems
    - Revert "driver core: Fix uevent_show() vs driver detach race"
    - iio: light: veml6030: fix microlux value calculation
    - RISC-V: ACPI: fix early_ioremap to early_memremap
    - tools/mm: -Werror fixes in page-types/slabinfo
    - tools/mm: fix compile error
    - thunderbolt: Honor TMU requirements in the domain when setting TMU mode
    - mmc: sdhci-pci-gli: GL9767: Fix low power mode on the set clock function
    - mmc: sdhci-pci-gli: GL9767: Fix low power mode in the SD Express process
    - block: fix sanity checks in blk_rq_map_user_bvec
    - cgroup/bpf: use a dedicated workqueue for cgroup bpf destruction
    - phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check
    - riscv: vdso: Prevent the compiler from inserting calls to memset()
    - Input: edt-ft5x06 - fix regmap leak when probe fails
    - ALSA: hda/realtek: Limit internal Mic boost on Dell platform
    - riscv: efi: Set NX compat flag in PE/COFF header
    - riscv: Use '%u' to format the output of 'cpu'
    - riscv: Remove unused GENERATING_ASM_OFFSETS
    - riscv: Remove duplicated GET_RM
    - cxl/port: Fix cxl_bus_rescan() vs bus_rescan_devices()
    - cxl/acpi: Ensure ports ready at cxl_acpi_probe() return
    - mei: use kvmalloc for read buffer
    - mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves
    - x86/traps: Enable UBSAN traps on x86
    - x86/traps: move kmsan check after instrumentation_begin
    - kasan: remove vmalloc_percpu test
    - vmscan,migrate: fix page count imbalance on node stats when demoting pages
    - io_uring: always lock __io_cqring_overflow_flush
    - mm: huge_memory: add vma_thp_disabled() and thp_disabled_by_hw()
    - mm: don't install PMD mappings when THPs are disabled by the hw/process/vma
    - perf trace: Fix non-listed archs in the syscalltbl routines
    - dpll: add Embedded SYNC feature for a pin
    - ice: add callbacks for Embedded SYNC enablement on dpll pins
    - bpf: Add bpf_mem_alloc_check_size() helper
    - net: ethernet: mtk_wed: fix path of MT7988 WO firmware
    - drm/mediatek: ovl: Remove the color format comment for ovl_fmt_convert()
    - drm/mediatek: Fix get efuse issue for MT8188 DPTX
    - ACPI: resource: Fold Asus Vivobook Pro N6506M* DMI quirks together
    - powercap: intel_rapl_msr: Add PL4 support for Arrowlake-U
    - usb: typec: qcom-pmic-typec: fix missing fwnode removal in error path
    - mm: shrinker: avoid memleak in alloc_shrinker_info
    - firmware: microchip: auto-update: fix poll_complete() to not report spurious
      timeout errors
    - soc: qcom: pmic_glink: Handle GLINK intent allocation rejections
    - cxl/port: Fix CXL port initialization order when the subsystem is built-in
    - btrfs: merge btrfs_orig_bbio_end_io() into btrfs_bio_end_io()
    - posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone
    - mm/ksm: remove redundant code in ksm_fork
    - nvme: re-fix error-handling for io_uring nvme-passthrough
    - btrfs: fix extent map merging not happening for adjacent extents
    - btrfs: fix defrag not merging contiguous extents due to merged extent maps
    - mm, mmap: limit THP alignment of anonymous mappings to PMD-aligned sizes
    - mm: multi-gen LRU: ignore non-leaf pmd_young for force_scan=true
    - mm: multi-gen LRU: remove MM_LEAF_OLD and MM_NONLEAF_TOTAL stats
    - mm: shrink skip folio mapped by an exiting process
    - mm: multi-gen LRU: use {ptep,pmdp}_clear_young_notify()
    - drm/i915: Skip programming FIA link enable bits for MTL+
    - drm/i915/display: WA for Re-initialize dispcnlunitt1 xosc clock
    - drm/i915/dp: Clear VSC SDP during post ddi disable routine
    - drm/i915/pps: Disable DPLS_GATING around pps sequence
    - drm/i915: move rawclk from runtime to display runtime info
    - drm/xe/display: drop unused rawclk_freq and RUNTIME_INFO()
    - drm/xe: Support 'nomodeset' kernel command-line option
    - drm/xe/xe2hpg: Introduce performance tuning changes for Xe2_HPG
    - drm/amdgpu/swsmu: fix ordering for setting workload_mask
    - drm/amdgpu/swsmu: default to fullscreen 3D profile for dGPUs
    - drm/amdgpu: handle default profile on on devices without fullscreen 3D
    - MIPS: export __cmpxchg_small()
    - rcu/kvfree: Add kvfree_rcu_barrier() API
    - rcu/kvfree: Refactor kvfree_rcu_queue_batch()
    - Upstream stable to v6.6.60, v6.11.7

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-53050
    - drm/i915/hdcp: Add encoder check in hdcp2_get_capability

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-53051
    - drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50303
    - resource,kexec: walk_system_ram_res_rev must retain resource flags

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50263
    - fork: only invoke khugepaged, ksm hooks if no error

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50220
    - fork: do not invoke uffd on fork if error occurs

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50221
    - drm/amd/pm: Vangogh: Fix kernel memory out of bounds write

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-53053
    - scsi: ufs: core: Fix another deadlock during RTC update

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50225
    - btrfs: fix error propagation of split bios

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50230
    - nilfs2: fix kernel bug due to missing clearing of checked flag

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50238
    - phy: qcom: qmp-usbc: fix NULL-deref on runtime suspend

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-53044
    - net/sched: sch_api: fix xa_insert() error path in tcf_block_get_ext()

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50304
    - ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-53048
    - ice: fix crash on probe for DPLL enabled E810 LOM

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-53045
    - ASoC: dapm: fix bounds checker error in dapm_widget_list_create

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-53055
    - wifi: iwlwifi: mvm: fix 6 GHz scan construction

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-53046
    - arm64: dts: imx8ulp: correct the flexspi compatible string

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-53052
    - io_uring/rw: fix missing NOWAIT check for O_DIRECT start write

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50215
    - nvmet-auth: assign dh_key to NULL after kfree_sensitive

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50216
    - xfs: fix finding a last resort AG in xfs_filestream_pick_ag

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-53043
    - mctp i2c: handle NULL header address

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50218
    - ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-53047
    - mptcp: init: protect sched with rcu_read_lock

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50222
    - iov_iter: fix copy_page_from_iter_atomic() if KMAP_LOCAL_FORCE_MAP

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50223
    - sched/numa: Fix the potential null pointer dereference in task_numa_work()

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50224
    - spi: spi-fsl-dspi: Fix crash when not using GPIO chip select

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50226
    - cxl/port: Fix use-after-free, permit out-of-order decoder shutdown

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50231
    - iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table()

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-53076
    - iio: gts-helper: Fix memory leaks for the error path of
      iio_gts_build_avail_scale_table()

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50232
    - iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr()

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50234
    - wifi: iwlegacy: Clear stale interrupts before resuming device

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50235
    - wifi: cfg80211: clear wdev->cqm_config pointer on free

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50236
    - wifi: ath10k: Fix memory leak in management tx

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50237
    - wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50239
    - phy: qcom: qmp-usb-legacy: fix NULL-deref on runtime suspend

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50240
    - phy: qcom: qmp-usb: fix NULL-deref on runtime suspend

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50242
    - fs/ntfs3: Additional check in ntfs_file_release

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50243
    - fs/ntfs3: Fix general protection fault in run_is_mapped_full

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50244
    - fs/ntfs3: Additional check in ni_clear()

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50245
    - fs/ntfs3: Fix possible deadlock in mi_read

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50246
    - fs/ntfs3: Add rough attr alloc_size check

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50247
    - fs/ntfs3: Check if more than chunk-size bytes are written

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50250
    - fsdax: dax_unshare_iter needs to copy entire blocks

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50251
    - netfilter: nft_payload: sanitize offset and length before calling
      skb_checksum()

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50252
    - mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50255
    - Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50257
    - netfilter: Fix use-after-free in get_info()

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50258
    - net: fix crash when config small gso_max_size/gso_ipv4_max_size

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50262
    - bpf: Fix out-of-bounds write in trie_get_next_key()

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50259
    - netdevsim: Add trailing zero to terminate the string in
      nsim_nexthop_bucket_activity_write()

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-53042
    - ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow()

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-53058
    - net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-50261
    - macsec: Fix use-after-free while sending the offloading packet

* Noble update: upstream stable patchset 2025-02-25 (LP: #2099996) //
    CVE-2024-53059
    - wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()

* Noble update: upstream stable patchset 2025-02-07 (LP: #2097575)
    - irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1
    - xfs: fix error returns from xfs_bmapi_write
    - xfs: fix xfs_bmap_add_extent_delay_real for partial conversions
    - xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent
    - xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item
      recovery
    - xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2
    - xfs: fix missing check for invalid attr flags
    - xfs: check shortform attr entry flags specifically
    - xfs: validate recovered name buffers when recovering xattr items
    - xfs: enforce one namespace per attribute
    - xfs: revert commit 44af6c7e59b12
    - xfs: use dontcache for grabbing inodes during scrub
    - xfs: match lock mode in xfs_buffered_write_iomap_begin()
    - xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional
    - xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset
    - xfs: convert delayed extents to unwritten when zeroing post eof blocks
    - xfs: allow symlinks with short remote targets
    - xfs: make sure sb_fdblocks is non-negative
    - xfs: fix unlink vs cluster buffer instantiation race
    - xfs: fix freeing speculative preallocations for preallocated files
    - xfs: allow unlinked symlinks and dirs with zero size
    - xfs: restrict when we try to align cow fork delalloc to cowextsz hints
    - selftests: mptcp: join: change capture/checksum as bool
    - selftests: mptcp: join: test for prohibited MPC to port-based endp
    - selftests: mptcp: remove duplicated variables
    - iio: accel: bma400: Fix uninitialized variable field_value in tap event
      handling.
    - bpf: Make sure internal and UAPI bpf_redirect flags don't overlap
    - bpf: devmap: provide rxq after redirect
    - cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems
    - lib/Kconfig.debug: fix grammar in RUST_BUILD_ASSERT_ALLOW
    - bpf: Fix memory leak in bpf_core_apply
    - RDMA/bnxt_re: Fix a possible memory leak
    - RDMA/bnxt_re: Fix incorrect AVID type in WQE structure
    - RDMA/bnxt_re: Add a check for memory allocation
    - x86/resctrl: Avoid overflow in MB settings in bw_validate()
    - ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin
    - bpf: Add cookie to perf_event bpf_link_info records
    - bpf: fix unpopulated name_len field in perf_event link info
    - selftests/bpf: Add cookies check for perf_event fill_link_info test
    - selftests/bpf: fix perf_event link info name_len assertion
    - s390/pci: Handle PCI error codes other than 0x3a
    - bpf: fix kfunc btf caching for modules
    - iio: frequency: {admv4420,adrf6780}: format Kconfig entries
    - iio: frequency: admv4420: fix missing select REMAP_SPI in Kconfig
    - drm/vmwgfx: Handle possible ENOMEM in vmw_stdu_connector_atomic_check
    - selftests/bpf: Fix cross-compiling urandom_read
    - task_work: Add TWA_NMI_CURRENT as an additional notify mode.
    - sched/core: Disable page allocation in task_tick_mm_cid()
    - ALSA: hda/cs8409: Fix possible NULL dereference
    - firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()
    - RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP
    - RDMA/irdma: Fix misspelling of "accept*"
    - RDMA/srpt: Make slab cache names unique
    - ipv4: give an IPv4 dev to blackhole_netdev
    - RDMA/bnxt_re: Fix the max CQ WQEs for older adapters
    - RDMA/bnxt_re: Fix out of bound check
    - RDMA/bnxt_re: Return more meaningful error
    - RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
    - RDMA/bnxt_re: Fix the GID table length
    - accel/qaic: Fix the for loop used to walk SG table
    - drm/msm/dpu: make sure phys resources are properly initialized
    - drm/msm/dpu: check for overflow in _dpu_crtc_setup_lm_bounds()
    - drm/msm/dsi: improve/fix dsc pclk calculation
    - drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation
    - drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()
    - drm/msm: Allocate memory for disp snapshot with kvzalloc()
    - firmware: arm_scmi: Queue in scmi layer for mailbox implementation
    - net/smc: Fix memory leak when using percpu refs
    - net: usb: usbnet: fix race in probe failure
    - net: stmmac: dwmac-tegra: Fix link bring-up sequence
    - octeontx2-af: Fix potential integer overflows on integer shifts
    - drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring
    - macsec: don't increment counters for an unrelated SA
    - netdevsim: use cond_resched() in nsim_dev_trap_report_work()
    - net: ethernet: aeroflex: fix potential memory leak in
      greth_start_xmit_gbit()
    - net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid
    - net: xilinx: axienet: fix potential memory leak in axienet_start_xmit()
    - bpf: Fix truncation bug in coerce_reg_to_size_sx()
    - irqchip/renesas-rzg2l: Fix missing put_device
    - drm/msm/dpu: don't always program merge_3d block
    - net: bcmasp: fix potential memory leak in bcmasp_xmit()
    - tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().
    - net: dsa: mv88e6xxx: Fix the max_vid definition for the MV88E6361
    - genetlink: hold RCU in genlmsg_mcast()
    - ravb: Remove setting of RX software timestamp
    - net: ravb: Only advertise Rx/Tx timestamps if hardware supports it
    - scsi: target: core: Fix null-ptr-deref in target_alloc_device()
    - smb: client: fix possible double free in smb2_set_ea()
    - smb: client: fix OOBs when building SMB2_IOCTL request
    - usb: typec: altmode should keep reference to parent
    - s390: Initialize psw mask in perf_arch_fetch_caller_regs()
    - bpf: Fix link info netfilter flags to populate defrag flag
    - vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame
    - net/mlx5: Check for invalid vector index on EQ creation
    - net/mlx5: Fix command bitmask initialization
    - net/mlx5: Unregister notifier on eswitch init failure
    - bpf, sockmap: SK_DROP on attempted redirects of unsupported af_vsock
    - vsock: Update rx_bytes on read_skb()
    - vsock: Update msg_count on read_skb()
    - bpf, vsock: Drop static vsock_bpf_prot initialization
    - riscv, bpf: Make BPF_CMPXCHG fully ordered
    - nvme-pci: fix race condition between reset and nvme_dev_disable()
    - bpf: Fix iter/task tid filtering
    - cdrom: Avoid barrier_nospec() in cdrom_ioctl_media_changed()
    - khugepaged: inline hpage_collapse_alloc_folio()
    - khugepaged: convert alloc_charge_hpage to alloc_charge_folio
    - khugepaged: remove hpage from collapse_file()
    - mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace
      point
    - iio: adc: ti-lmp92064: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
    - xhci: dbgtty: remove kfifo_out() wrapper
    - xhci: dbgtty: use kfifo from tty_port struct
    - xhci: dbc: honor usb transfer size boundaries.
    - usb: gadget: f_uac2: fix non-newline-terminated function name
    - usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store
    - XHCI: Separate PORT and CAPs macros into dedicated file
    - usb: dwc3: core: Fix system suspend on TI AM62 platforms
    - tracing/fprobe-event: cleanup: Fix a wrong comment in fprobe event
    - tracing/probes: cleanup: Set trace_probe::nr_args at trace_probe_init
    - tracing/probes: Support $argN in return probe (kprobe and fprobe)
    - uprobes: encapsulate preparation of uprobe args buffer
    - uprobes: prepare uprobe args buffer lazily
    - uprobes: prevent mutex_lock() under rcu_read_lock()
    - uprobe: avoid out-of-bounds memory access of fetching args
    - exec: don't WARN for racy path_noexec check
    - ASoC: amd: yc: Add quirk for HP Dragonfly pro one
    - ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to
      default regs values
    - ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit
    - arm64: Force position-independent veneers
    - udf: refactor udf_current_aext() to handle error
    - udf: refactor udf_next_aext() to handle error
    - udf: refactor inode_bmap() to handle error
    - udf: fix uninit-value use in udf_get_fileshortad
    - ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string
    - cifs: Validate content of NFS reparse point buffer
    - platform/x86: dell-sysman: add support for alienware products
    - LoongArch: Don't crash in stack_top() for tasks without vDSO
    - jfs: Fix sanity check in dbMount
    - tracing/probes: Fix MAX_TRACE_ARGS limit handling
    - tracing: Consider the NULL character when validating the event length
    - xfrm: extract dst lookup parameters into a struct
    - xfrm: respect ip protocols rules criteria when performing dst lookups
    - netfilter: bpf: must hold reference on net namespace
    - net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()
    - net: plip: fix break; causing plip to never transmit
    - octeon_ep: Implement helper for iterating packets in Rx queue
    - octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()
    - net: dsa: mv88e6xxx: Fix error when setting port policy on mv88e6393x
    - fsl/fman: Save device references taken in mac_probe()
    - fsl/fman: Fix refcount handling of fman-related devices
    - netfilter: xtables: fix typo causing some targets not to load on IPv6
    - net: wwan: fix global oob in wwan_rtnl_policy
    - net/sched: adjust device watchdog timer to detect stopped queue at right
      time
    - net: fix races in netdev_tx_sent_queue()/dev_watchdog()
    - net: usb: usbnet: fix name regression
    - bpf: Add MEM_WRITE attribute
    - bpf: Fix overloading of MEM_UNINIT's meaning
    - bpf: Remove MEM_UNINIT from skb/xdp MTU helpers
    - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions
      created by classifiers
    - net: sched: fix use-after-free in taprio_change()
    - net: sched: use RCU read-side critical section in taprio_dump()
    - posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
    - Bluetooth: SCO: Fix UAF on sco_sock_timeout
    - Bluetooth: ISO: Fix UAF on iso_sock_timeout
    - bpf,perf: Fix perf_event_detach_bpf_prog error handling
    - net: dsa: mv88e6xxx: group cycle counter coefficients
    - net: dsa: mv88e6xxx: read cycle counter period from hardware
    - net: dsa: mv88e6xxx: support 4000ps cycle counter period
    - ASoC: dt-bindings: davinci-mcasp: Fix interrupts property
    - ASoC: dt-bindings: davinci-mcasp: Fix interrupt properties
    - ASoC: loongson: Fix component check failed on FDT systems
    - ASoC: max98388: Fix missing increment of variable slot_found
    - ASoC: rsnd: Fix probe failure on HiHope boards due to endpoint parsing
    - ASoC: fsl_micfil: Add a flag to distinguish with different volume control
      types
    - ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
    - powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request()
    - nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net
    - ALSA: hda/realtek: Update default depop procedure
    - smb: client: Handle kstrdup failures for passwords
    - cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception
    - btrfs: fix passing 0 to ERR_PTR in btrfs_search_dir_index_item()
    - btrfs: zoned: fix zone unusable accounting for freed reserved extent
    - ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[]
    - ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context
    - ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid
      detection issue
    - nilfs2: fix kernel bug due to missing clearing of buffer delay flag
    - openat2: explicitly return -E2BIG for (usize > PAGE_SIZE)
    - KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
    - KVM: arm64: Fix shift-out-of-bounds bug
    - KVM: arm64: Don't eagerly teardown the vgic on init error
    - x86/lam: Disable ADDRESS_MASKING in most cases
    - [Config] disable ADDRESS_MASKING
    - ALSA: hda/tas2781: select CRC32 instead of CRC32_SARWATE
    - ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593
    - LoongArch: Get correct cores_per_package for SMT systems
    - LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context
    - LoongArch: Make KASAN usable for variable cpu_vabits
    - xfrm: fix one more kernel-infoleak in algo dumping
    - hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event
    - drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too
    - selinux: improve error checking in sel_write_load()
    - net: phy: dp83822: Fix reset pin definitions
    - ata: libata: Set DID_TIME_OUT for commands that actually timed out
    - ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe()
    - platform/x86: dell-wmi: Ignore suspend notifications
    - ACPI: PRM: Clean up guid type in struct prm_handler_info
    - tracing: probes: Fix to zero initialize a local variable
    - task_work: make TWA_NMI_CURRENT handling conditional on IRQ_WORK
    - xfrm: validate new SA's prefixlen using SA family when sel.family is unset
    - bpf: Use raw_spinlock_t in ringbuf
    - reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC
    - bpf: Fix unpopulated path_size when uprobe_multi fields unset
    - RDMA/bnxt_re: Fix incorrect dereference of srq in async event
    - RDMA/bnxt_re: Get the toggle bits from SRQ events
    - RDMA/bnxt_re: Change the sequence of updating the CQ toggle value
    - drm/msm/dpu: move CRTC resource assignment to dpu_encoder_virt_atomic_check
    - ring-buffer: Fix reader locking when changing the sub buffer order
    - drm/msm/dpu: Don't always set merge_3d pending flush
    - drm/msm/a6xx+: Insert a fence wait before SMMU table update
    - drm/xe: Take job list lock in xe_sched_add_pending_job
    - drm/xe: Use bookkeep slots for external BO's in exec IOCTL
    - net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init
    - net/mlx5e: Don't call cleanup on profile rollback failure
    - bpf: Fix print_reg_state's constant scalar dump
    - fsnotify: optimize the case of no parent watcher
    - fsnotify: Avoid data race between fsnotify_recalc_mask() and
      fsnotify_object_watched()
    - drm/xe/mcr: Use Xe2_LPM steering tables for Xe2_HPM
    - objpool: fix choosing allocation for percpu slots
    - bnxt_en: replace ptp_lock with irqsave variant
    - bpf, arm64: Fix address emission with tag-based KASAN enabled
    - net: dsa: microchip: disable EEE for KSZ879x/KSZ877x/KSZ876x
    - ASoC: topology: Bump minimal topology ABI version
    - fbdev: wm8505fb: select CONFIG_FB_IOMEM_FOPS
    - btrfs: qgroup: set a more sane default value for subtree drop threshold
    - btrfs: clear force-compress on remount when compress mount option is given
    - x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h-70h
    - x86/amd_nb: Add new PCI ID for AMD family 1Ah model 20h
    - btrfs: reject ro->rw reconfiguration if there are hard ro requirements
    - xfs: don't fail repairs on metadata files with no attr fork
    - drm/bridge: Fix assignment of the of_node of the parent to aux bridge
    - platform/x86/intel/pmc: Fix pmc_core_iounmap to call iounmap for valid
      addresses
    - fgraph: Fix missing unlock in register_ftrace_graph()
    - fgraph: Change the name of cpuhp state to "fgraph:online"
    - ASoC: SOF: Intel: hda: Always clean up link DMA during stop
    - ASoC: dapm: avoid container_of() to get component
    - ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc
    - ASoC: qcom: sdm845: add missing soundwire runtime stream alloc
    - soundwire: intel_ace2x: Send PDI stream number during prepare
    - x86: support user address masking instead of non-speculative conditional
    - ASoC: qcom: Select missing common Soundwire module code on SDM845
    - SAUCE: Revert "iio: adc: ti-lmp92064: add missing select
      IIO_(TRIGGERED_)BUFFER in Kconfig"
    - Upstream stable to v6.6.58, v6.6.59, v6.11.6

* CVE-2025-21756
    - vsock: Keep the binding until socket destruction
    - vsock: Orphan socket after transport release

* Fix NIC name changes for ice (LP: #2100264)
    - ice: Remove ndo_get_phys_port_name

* CVE-2024-50256
    - netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()

* CVE-2025-21702
    - pfifo_tail_enqueue: Drop new packet when sch->limit == 0

* CVE-2024-50167
    - be2net: fix potential memory leak in be_xmit()

* Fix line-out playback on some platforms with Cirrus Logic “Dolphin” hardware
    (LP: #2099880)
    - ALSA: hda/cirrus: Correct the full scale volume set logic

* Enable Large Language Model (LLM) workloads using Intel NPU (LP: #2098972)
    - accel/ivpu: Increase DMA address range

* Patchset for TUXEDO devices (LP: #2098104)
    - wifi: ath12k: add fallback board name without variant while searching
      board-2.bin
    - wifi: ath12k: remove unused ATH12K_BD_IE_BOARD_EXT
    - wifi: ath12k: add support to search regdb data in board-2.bin for WCN7850
    - wifi: ath12k: support default regdb while searching board-2.bin for WCN7850
    - ACPI: resource: Use IRQ override on Maibenben X565
    - ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx
    - ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3
    - ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1
    - PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1
    - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk
    - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk

* Introduce and use sendpages_ok() instead of sendpage_ok() in nvme-tcp and
    drbd (LP: #2093871)
    - net: introduce helper sendpages_ok()
    - nvme-tcp: use sendpages_ok() instead of sendpage_ok()
    - drbd: use sendpages_ok() instead of sendpage_ok()

* CVE-2024-56765
    - powerpc/pseries/vas: Add close() callback in vas_vm_ops struct

* CVE-2025-21700
    - net: sched: Disallow replacing of child qdisc from one parent to another

* CVE-2024-56615
    - bpf: fix OOB devmap writes when deleting elements

* CVE-2024-56651
    - can: hi311x: hi3110_can_ist(): fix potential use-after-free

* CVE-2024-56627
    - ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read

* CVE-2024-56600
    - net: inet6: do not leave a dangling sk pointer in inet6_create()

* CVE-2024-56661
    - tipc: fix NULL deref in cleanup_bearer()

* CVE-2024-56642
    - tipc: Fix use-after-free of kernel socket in cleanup_bearer().

* CVE-2024-53227
    - scsi: bfa: Fix use-after-free in bfad_im_module_exit()

* CVE-2024-53237
    - Bluetooth: fix use-after-free in device_for_each_child()

* CVE-2024-53166
    - block, bfq: fix bfqq uaf in bfq_limit_depth()

* CVE-2024-50265
    - ocfs2: remove entry once instead of null-ptr-dereference in
      ocfs2_xa_remove()

* CVE-2024-50249
    - ACPI: CPPC: Make rmw_lock a raw_spin_lock

* iBFT iSCSI out-of-bounds shift UBSAN warning (LP: #2097824)
    - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()

* [Ubuntu 24.04] MultiVM - L2 guest(s) running stress-ng getting stuck at
    booting after triggering crash (LP: #2077722)
    - KVM: PPC: Book3S HV: Mask off LPCR_MER for a vCPU before running it to avoid
      spurious interrupts

* btrfs will WARN_ON() in btrfs_remove_qgroup() unnecessarily (LP: #2091719)
    - btrfs: improve the warning and error message for btrfs_remove_qgroup()

* CVE-2024-50248
    - ntfs3: Add bounds checking to mi_enum_attr()
    - fs/ntfs3: Sequential field availability check in mi_enum_attr()

* CVE-2025-21701
    - net: avoid race between device unregistration and ethnl ops

* CVE-2024-57798
    - drm/dp_mst: Ensure mst_primary pointer is valid in
      drm_dp_mst_handle_up_req()

* CVE-2024-56672
    - blk-cgroup: Fix UAF in blkcg_unpin_online()

* CVE-2024-56658
    - net: defer final 'struct net' free in netns dismantle

* CVE-2024-56598
    - jfs: array-index-out-of-bounds fix in dtReadFirst

* CVE-2024-56595
    - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree

* CVE-2024-53140
    - netlink: terminate outstanding dump on socket close

* CVE-2024-53063
    - media: dvbdev: prevent the risk of out of memory access

* CVE-2024-50302
    - HID: core: zero-initialize the report buffer

-- Stefan Bader <stefan.bader@canonical.com>  Fri, 14 Mar 2025 15:25:38 +0100

Changed in linux (Ubuntu Noble):
status:	Fix Committed → Fix Released

Juerg Haefliger (juergh) on 2025-04-18

tags:

added: kernel-daily-bug

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-04-23:

#9

This bug is awaiting verification that the linux-nvidia-6.11/6.11.0-1006.6 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-nvidia-6.11' to 'verification-done-noble-linux-nvidia-6.11'. If the problem still exists, change the tag 'verification-needed-noble-linux-nvidia-6.11' to 'verification-failed-noble-linux-nvidia-6.11'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-nvidia-6.11-v2 verification-needed-noble-linux-nvidia-6.11

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-04-26:

#10

This bug is awaiting verification that the linux-aws-6.11/6.11.0-1013.14~24.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-aws-6.11' to 'verification-done-noble-linux-aws-6.11'. If the problem still exists, change the tag 'verification-needed-noble-linux-aws-6.11' to 'verification-failed-noble-linux-aws-6.11'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-aws-6.11-v2 verification-needed-noble-linux-aws-6.11

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-04-28:

#11

This bug is awaiting verification that the linux-raspi/6.8.0-1028.32 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-raspi' to 'verification-done-noble-linux-raspi'. If the problem still exists, change the tag 'verification-needed-noble-linux-raspi' to 'verification-failed-noble-linux-raspi'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-raspi-v2 verification-needed-noble-linux-raspi

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-05-29:

#12

This bug is awaiting verification that the linux-mtk/5.15.0-1039.47 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-mtk' to 'verification-done-jammy-linux-mtk'. If the problem still exists, change the tag 'verification-needed-jammy-linux-mtk' to 'verification-failed-jammy-linux-mtk'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-mtk-v2 verification-needed-jammy-linux-mtk

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-06-03:

#13

This bug is awaiting verification that the linux-nvidia-tegra-5.15/5.15.0-1039.39~20.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux-nvidia-tegra-5.15' to 'verification-done-focal-linux-nvidia-tegra-5.15'. If the problem still exists, change the tag 'verification-needed-focal-linux-nvidia-tegra-5.15' to 'verification-failed-focal-linux-nvidia-tegra-5.15'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-focal-linux-nvidia-tegra-5.15-v2 verification-needed-focal-linux-nvidia-tegra-5.15

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-06-10:

#14

This bug is awaiting verification that the linux-intel/6.11.0-1010.10 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-oracular-linux-intel' to 'verification-done-oracular-linux-intel'. If the problem still exists, change the tag 'verification-needed-oracular-linux-intel' to 'verification-failed-oracular-linux-intel'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-oracular-linux-intel-v2 verification-needed-oracular-linux-intel

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-07-13:

#15

This bug is awaiting verification that the linux-nvidia-tegra/6.8.0-1007.7 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-nvidia-tegra' to 'verification-done-noble-linux-nvidia-tegra'. If the problem still exists, change the tag 'verification-needed-noble-linux-nvidia-tegra' to 'verification-failed-noble-linux-nvidia-tegra'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-nvidia-tegra-v2 verification-needed-noble-linux-nvidia-tegra

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-08-01:

#16

This bug is awaiting verification that the linux-fips/6.8.0-72.72+fips1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-fips' to 'verification-done-noble-linux-fips'. If the problem still exists, change the tag 'verification-needed-noble-linux-fips' to 'verification-failed-noble-linux-fips'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-fips-v2 verification-needed-noble-linux-fips

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-08-05:

#17

This bug is awaiting verification that the linux-aws-fips/6.8.0-1034.36+fips1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-aws-fips' to 'verification-done-noble-linux-aws-fips'. If the problem still exists, change the tag 'verification-needed-noble-linux-aws-fips' to 'verification-failed-noble-linux-aws-fips'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-aws-fips-v2 verification-needed-noble-linux-aws-fips

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-08-05:

#18

This bug is awaiting verification that the linux-gcp-fips/6.8.0-1035.37+fips1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-gcp-fips' to 'verification-done-noble-linux-gcp-fips'. If the problem still exists, change the tag 'verification-needed-noble-linux-gcp-fips' to 'verification-failed-noble-linux-gcp-fips'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-gcp-fips-v2 verification-needed-noble-linux-gcp-fips

Revision history for this message

Matthew Ruffell (mruffell) wrote on 2025-08-07:

#19

This was included in 6.14-rc2 and is included in all plucky kernels.

Changed in linux (Ubuntu Plucky):
status:	In Progress → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-08-14:

#20

This bug is awaiting verification that the linux-xilinx/6.8.0-1017.18 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-xilinx' to 'verification-done-noble-linux-xilinx'. If the problem still exists, change the tag 'verification-needed-noble-linux-xilinx' to 'verification-failed-noble-linux-xilinx'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-xilinx-v2 verification-needed-noble-linux-xilinx

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-08-14:

#21

This bug is awaiting verification that the linux-azure-fips/6.8.0-1034.39+fips1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-azure-fips' to 'verification-done-noble-linux-azure-fips'. If the problem still exists, change the tag 'verification-needed-noble-linux-azure-fips' to 'verification-failed-noble-linux-azure-fips'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-azure-fips-v2 verification-needed-noble-linux-azure-fips

Ubuntu
linux package

iBFT iSCSI out-of-bounds shift UBSAN warning

Bug Description

CVE References

Duplicates of this bug

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
linux (Ubuntu)	In Progress	Undecided	Chengen Du
Focal	Won't Fix	Undecided	Chengen Du
Jammy	Fix Released	Medium	Chengen Du
Noble	Fix Released	Medium	Chengen Du
Oracular	Fix Released	Medium	Chengen Du
Plucky	Fix Released	Undecided	Chengen Du

Ubuntulinux package

iBFT iSCSI out-of-bounds shift UBSAN warning

Bug Description

CVE References

Duplicates of this bug

Other bug subscribers

Remote bug watches

Ubuntu
linux package