Ubuntu
linux package

linux 5.15.0-140.150 source package in Ubuntu

Changelog

linux (5.15.0-140.150) jammy; urgency=medium

  * jammy/linux: 5.15.0-140.150 -proposed tracker (LP: #2106996)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2025.04.14)

  * NFS, overlay, fstab issue after update to kernel 5.15.0-133-generic and -134
    (LP: #2103598)
    - udf: Fix directory iteration for longer tail extents

  * Remove floppy kernel module causes null pointer deference (LP: #2104326)
    - floppy: fix add_disk() assumption on exit due to new developments

  * CVE-2025-21971
    - net_sched: Prevent creation of classes with TC_H_ROOT

  * CVE-2024-56599
    - wifi: ath10k: avoid NULL pointer error during sdio remove

  * CVE-2024-56721
    - x86/CPU/AMD: Terminate the erratum_1386_microcode array

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026)
    - afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
    - afs: Fix directory format encoding struct
    - hung_task: move hung_task sysctl interface to hung_task.c
    - sysctl: use const for typically used max/min proc sysctls
    - sysctl: share unsigned long const values
    - fs: move inode sysctls to its own file
    - fs: move fs stat sysctls to file_table.c
    - fs: fix proc_handler for sysctl_nr_open
    - block: deprecate autoloading based on dev_t
    - block: retry call probe after request_module in blk_request_module
    - pstore/blk: trivial typo fixes
    - nvme: Add error check for xa_store in nvme_get_effects_log
    - partitions: ldm: remove the initial kernel-doc notation
    - select: Fix unbalanced user_access_end()
    - afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
    - sched/psi: Use task->psi_flags to clear in CPU migration
    - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
    - drm/etnaviv: Fix page property being used for non writecombine buffers
    - genirq: Make handle_enforce_irqctx() unconditionally available
    - wifi: rtlwifi: do not complete firmware loading needlessly
    - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
    - wifi: rtlwifi: wait for firmware loading before releasing memory
    - wifi: rtlwifi: fix init_sw_vars leak when probe fails
    - wifi: rtlwifi: usb: fix workqueue leak when probe fails
    - spi: zynq-qspi: Add check for clk_enable()
    - dt-bindings: mmc: controller: clarify the address-cells description
    - spi: dt-bindings: add schema listing peripheral-specific properties
    - dt-bindings: Another pass removing cases of 'allOf' containing a '$ref'
    - dt-bindings: leds: Add Qualcomm Light Pulse Generator binding
    - dt-bindings: leds: Optional multi-led unit address
    - dt-bindings: leds: Add multicolor PWM LED bindings
    - dt-bindings: leds: class-multicolor: reference class directly in multi-led
      node
    - dt-bindings: leds: class-multicolor: Fix path to color definitions
    - rtlwifi: replace usage of found with dedicated list iterator variable
    - wifi: rtlwifi: remove unused timer and related code
    - wifi: rtlwifi: remove unused dualmac control leftovers
    - wifi: rtlwifi: destroy workqueue at rtl_deinit_core
    - wifi: rtlwifi: pci: wait for firmware loading before releasing memory
    - HID: multitouch: Add support for lenovo Y9000P Touchpad
    - Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad"
    - HID: multitouch: fix support for Goodix PID 0x01e9
    - regulator: dt-bindings: mt6315: Drop regulator-compatible property
    - ACPI: fan: cleanup resources in the error path of .probe()
    - cpupower: fix TSC MHz calculation
    - dt-bindings: mfd: bd71815: Fix rsense and typos
    - leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
    - cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
    - clk: imx8mp: Fix clkout1/2 support
    - regulator: of: Implement the unwind path of of_regulator_match()
    - samples/landlock: Fix possible NULL dereference in parse_path()
    - wifi: wlcore: fix unbalanced pm_runtime calls
    - net/smc: fix data error when recvmsg with MSG_PEEK flag
    - landlock: Move filesystem helpers and add a new one
    - wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
    - cpufreq: ACPI: Fix max-frequency computation
    - selftests: harness: fix printing of mismatch values in __EXPECT()
    - wifi: cfg80211: Handle specific BSSID in 6GHz scanning
    - wifi: cfg80211: adjust allocation of colocated AP data
    - clk: analogbits: Fix incorrect calculation of vco rate delta
    - selftests/landlock: Fix error message
    - net/mlxfw: Drop hard coded max FW flash image size
    - netfilter: nft_flow_offload: update tcp state flags under lock
    - tcp_cubic: fix incorrect HyStart round start detection
    - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
    - libbpf: Fix segfault due to libelf functions not setting errno
    - ASoC: sun4i-spdif: Add clock multiplier settings
    - perf header: Fix one memory leakage in process_bpf_btf()
    - perf header: Fix one memory leakage in process_bpf_prog_info()
    - perf bpf: Fix two memory leakages when calling
      perf_env__insert_bpf_prog_info()
    - ASoC: renesas: rz-ssi: Use only the proper amount of dividers
    - ktest.pl: Remove unused declarations in run_bisect_test function
    - crypto: hisilicon/sec - add some comments for soft fallback
    - crypto: hisilicon/sec - delete redundant blank lines
    - crypto: hisilicon/sec2 - optimize the error return process
    - crypto: hisilicon/sec2 - fix for aead icv error
    - crypto: hisilicon/sec2 - fix for aead invalid authsize
    - crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
    - padata: fix sysfs store callback check
    - perf top: Don't complain about lack of vmlinux when not resolving some
      kernel samples
    - perf report: Fix misleading help message about --demangle
    - padata: add pd get/put refcnt helper
    - ARM: at91: pm: change BU Power Switch to automatic mode
    - arm64: dts: mt8183: set DMIC one-wire mode on Damu
    - arm64: dts: mediatek: mt8516: fix GICv2 range
    - arm64: dts: mediatek: mt8516: fix wdt irq type
    - arm64: dts: mediatek: mt8516: remove 2 invalid i2c clocks
    - arm64: dts: mediatek: mt8516: add i2c clock-div property
    - arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A
    - RDMA/mlx4: Avoid false error about access to uninitialized gids array
    - arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
    - arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property
    - arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
    - arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
    - arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen
    - arm64: dts: mediatek: mt8183: willow: Support second source touchscreen
    - memory: Add LPDDR2-info helpers
    - memory: tegra20-emc: Support matching timings by LPDDR2 configuration
    - arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage
      settings
    - arm64: dts: qcom: msm8996: Fix up USB3 interrupts
    - arm64: dts: qcom: msm8994: Describe USB interrupts
    - arm64: dts: qcom: msm8916: correct sleep clock frequency
    - arm64: dts: qcom: msm8994: correct sleep clock frequency
    - arm64: dts: qcom: sc7280: correct sleep clock frequency
    - arm64: dts: qcom: sm6125: correct sleep clock frequency
    - arm64: dts: qcom: sm8250: correct sleep clock frequency
    - arm64: dts: qcom: sm8350: correct sleep clock frequency
    - arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280
      properties
    - arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts
    - ARM: dts: mediatek: mt7623: fix IR nodename
    - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
    - RDMA/mlx5: Remove iova from struct mlx5_core_mkey
    - RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults
    - RDMA/mlx5: Fix indirect mkey ODP page count
    - xen/x86: free_p2m_page: use memblock_free_ptr() to free a virtual pointer
    - memblock: drop memblock_free_early_nid() and memblock_free_early()
    - of: reserved-memory: Do not make kmemleak ignore freed address
    - efi: sysfb_efi: fix W=1 warnings when EFI is not set
    - media: rc: iguanair: handle timeouts
    - media: lmedm04: Handle errors for lme2510_int_read
    - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
    - media: marvell: Add check for clk_enable()
    - media: i2c: imx412: Add missing newline to prints
    - media: i2c: ov9282: Correct the exposure offset
    - media: mipi-csis: Add check for clk_enable()
    - media: camif-core: Add check for clk_enable()
    - media: uvcvideo: Propagate buf->error to userspace
    - mtd: hyperbus: Make hyperbus_unregister_device() return void
    - mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning
      void
    - mtd: hyperbus: hbmc-am654: fix an OF node reference leak
    - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
    - scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
    - scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
    - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
    - module: Extend the preempt disabled section in
      dereference_symbol_descriptor().
    - NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
    - NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
    - tools/bootconfig: Fix the wrong format specifier
    - xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
    - dmaengine: ti: edma: fix OF node reference leaks in edma_driver
    - gpio: mxc: remove dead code after switch to DT-only
    - net: fec: implement TSO descriptor cleanup
    - PM: hibernate: Add error handling for syscore_suspend()
    - net: netdevsim: try to close UDP port harness races
    - ptp: Properly handle compat ioctls
    - perf trace: Fix runtime error of index out of bounds
    - vsock: Allow retrying on connect() failure
    - bgmac: reduce max frame size to support just MTU 1500
    - net: sh_eth: Fix missing rtnl lock in suspend/resume path
    - net: hsr: fix fill_frame_info() regression vs VLAN packets
    - genksyms: fix memory leak when the same symbol is added from source
    - genksyms: fix memory leak when the same symbol is read from *.symref file
    - kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
    - kconfig: add warn-unknown-symbols sanity check
    - kconfig: require a space after '#' for valid input
    - kconfig: remove unused code for S_DEF_AUTO in conf_read_simple()
    - kconfig: deduplicate code in conf_read_simple()
    - kconfig: WERROR unmet symbol dependency
    - kconfig: fix memory leak in sym_warn_unmet_dep()
    - hexagon: fix using plain integer as NULL pointer warning in cmpxchg
    - hexagon: Fix unbalanced spinlock in die()
    - f2fs: Introduce linear search for dentries
    - ktest.pl: Check kernelrelease return in get_version
    - ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
    - drivers/card_reader/rtsx_usb: Restore interrupt based detection
    - usb: gadget: f_tcm: Fix Get/SetInterface return value
    - usb: dwc3: core: Defer the probe until USB power supply ready
    - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
    - usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS
    - btrfs: output the reason for open_ctree() failure
    - btrfs: fix data race when accessing the inode's disk_i_size at
      btrfs_drop_extents()
    - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling
    - sched: Don't try to catch up excess steal time.
    - lockdep: Fix upper limit for LOCKDEP_*_BITS configs
    - x86/amd_nb: Restrict init function to AMD-based systems
    - tun: fix group permission check
    - mmc: core: Respect quirk_max_rate for non-UHS SDIO card
    - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id
    - HID: Wacom: Add PCI Wacom device support
    - net/mlx5: use do_aux_work for PHC overflow checks
    - wifi: iwlwifi: avoid memory leak
    - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz
    - APEI: GHES: Have GHES honor the panic= setting
    - net: wwan: iosm: Fix hibernation by re-binding the driver around it
    - mmc: sdhci-msm: Correctly set the load for the regulator
    - tipc: re-order conditions in tipc_crypto_key_rcv()
    - selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack()
    - Input: allocate keycode for phone linking
    - platform/x86: acer-wmi: Ignore AC events
    - x86/mm: Don't disable PCID when INVLPG has been fixed by microcode
    - usb: chipidea: ci_hdrc_imx: use dev_err_probe()
    - usb: chipidea/ci_hdrc_imx: Convert to platform remove callback returning
      void
    - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in
      the error path of .probe()
    - net/ncsi: Add NC-SI 1.2 Get MC MAC Address command
    - net/ncsi: fix locking in Get MAC Address handling
    - xfs: report realtime block quota limits on realtime directories
    - xfs: don't over-report free space or inodes in statvfs
    - usb: xhci: Add timeout argument in address_device USB HCD callback
    - nvme: handle connectivity loss in nvme_set_queue_count
    - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry
    - gpu: drm_dp_cec: fix broken CEC adapter properties check
    - tg3: Disable tg3 PCIe AER on system reboot
    - udp: gso: do not drop small packets when PMTU reduces
    - gpio: pca953x: Improve interrupt support
    - net: atlantic: fix warning during hot unplug
    - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx
    - x86/xen: add FRAME_END to xen_hypercall_hvm()
    - tun: revert fix group permission check
    - cpufreq: s3c64xx: Fix compilation warning
    - leds: lp8860: Write full EEPROM, not only half of it
    - drm/modeset: Handle tiled displays in pan_display_atomic.
    - s390/futex: Fix FUTEX_OP_ANDN implementation
    - m68k: vga: Fix I/O defines
    - arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma
    - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages
    - drm/amd/pm: Mark MM activity as unsupported
    - drm/komeda: Add check for komeda_get_layer_fourcc_list()
    - drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes
    - Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection
    - clk: sunxi-ng: a100: enable MMC clock reparenting
    - clk: qcom: clk-alpha-pll: fix alpha mode configuration
    - clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg
    - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate
    - efi: libstub: Use '-std=gnu11' to fix build with GCC 15
    - perf bench: Fix undefined behavior in cmpworker()
    - of: Correct child specifier used as input of the 2nd nexus node
    - of: Fix of_find_node_opts_by_path() handling of alias+path+options
    - of: reserved-memory: Fix using wrong number of cells to get property
      'alignment'
    - HID: hid-sensor-hub: don't use stale platform-data on remove
    - wifi: rtlwifi: rtl8821ae: Fix media status report
    - usb: gadget: f_tcm: Translate error to sense
    - usb: gadget: f_tcm: Decrement command ref count on cleanup
    - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint
    - usb: gadget: f_tcm: Don't prepare BOT write request twice
    - serial: sh-sci: Drop __initdata macro for port_cfg
    - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is
      in use
    - MIPS: Loongson64: remove ROM Size unit in boardinfo
    - powerpc/pseries/eeh: Fix get PE state translation
    - dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit()
    - dm-crypt: track tag_offset in convert_context
    - mips/math-emu: fix emulation of the prefx instruction
    - ALSA: hda/realtek: Enable headset mic on Positivo C6400
    - PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf()
    - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk
    - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk
    - scsi: qla2xxx: Move FCE Trace buffer allocation to user control
    - scsi: storvsc: Set correct data length for sending SCSI command without
      payload
    - kbuild: Move -Wenum-enum-conversion to W=2
    - x86/boot: Use '-std=gnu11' to fix build with GCC 15
    - arm64: dts: qcom: sm8350: Fix MPSS memory length
    - crypto: qce - fix priority to be less than ARMv8 CE
    - xfs: Add error handling for xfs_reflink_cancel_cow_range
    - media: ccs: Clean up parsed CCS static data on parse failure
    - iio: light: as73211: fix channel handling in only-color triggered buffer
    - soc: qcom: smem_state: fix missing of_node_put in error path
    - media: mc: fix endpoint iteration
    - media: ov5640: fix get_light_freq on auto
    - media: ccs: Fix CCS static data parsing for large block sizes
    - media: ccs: Fix cleanup order in ccs_probe()
    - media: uvcvideo: Fix event flags in uvc_ctrl_send_events
    - media: uvcvideo: Remove redundant NULL assignment
    - crypto: qce - fix goto jump in error path
    - crypto: qce - unregister previously registered algos in error path
    - nvmem: qcom-spmi-sdam: Set size in struct nvmem_config
    - nvmem: core: improve range check for nvmem_cell_write()
    - vfio/platform: check the bounds of read/write syscalls
    - pnfs/flexfiles: retry getting layout segment for reads
    - ocfs2: fix incorrect CPU endianness conversion causing mount failure
    - mtd: onenand: Fix uninitialized retlen in do_otp_read()
    - misc: fastrpc: Fix registered buffer page address
    - net/ncsi: wait for the last response to Deselect Package before configuring
      channel
    - net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset
    - MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static
    - net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling
    - gpio: xilinx: remove excess kernel doc
    - memory: tegra20-emc: Correct memory device mask
    - ocfs2: check dir i_size in ocfs2_find_entry
    - mptcp: prevent excessive coalescing on receive
    - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu()
    - drm/i915/selftests: avoid using uninitialized context
    - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0
    - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ
    - gpio: bcm-kona: Add missing newline to dev_err format string
    - xen: remove a confusing comment on auto-translated guest I/O
    - x86/xen: allow larger contiguous memory regions in PV guests
    - media: cxd2841er: fix 64-bit division on gcc-9
    - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P
    - vfio/pci: Enable iowrite64 and ioread64 for vfio pci
    - Grab mm lock before grabbing pt lock
    - x86/mm/tlb: Only trim the mm_cpumask once a second
    - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V
    - batman-adv: Ignore neighbor throughput metrics in error case
    - perf/x86/intel: Ensure LBRs are disabled when a CPU is starting
    - usb: roles: set switch registered flag early on
    - usb: gadget: udc: renesas_usb3: Fix compiler warning
    - usb: dwc2: gadget: remove of_node reference upon udc_stop
    - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI
    - usb: core: fix pipe creation for get_bMaxPacketSize0
    - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist
    - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone
    - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk
    - usb: cdc-acm: Fix handling of oversized fragments
    - USB: serial: option: add MeiG Smart SLM828
    - USB: serial: option: add Telit Cinterion FN990B compositions
    - USB: serial: option: fix Telit Cinterion FN990A name
    - USB: serial: option: drop MeiG Smart defines
    - can: c_can: fix unbalanced runtime PM disable in error path
    - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data
      length zero
    - alpha: make stack 16-byte aligned (most cases)
    - efi: Avoid cold plugged memory for placing the kernel
    - cgroup: fix race between fork and cgroup.kill
    - serial: 8250: Fix fifo underflow on flush
    - alpha: align stack for page fault and user unaligned trap handlers
    - gpio: stmpe: Check return value of stmpe_reg_read in
      stmpe_gpio_irq_sync_unlock
    - regmap-irq: Add missing kfree()
    - arm64: Handle .ARM.attributes section in linker scripts
    - mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw()
    - btrfs: fix hole expansion when writing at an offset beyond EOF
    - clocksource: Replace cpumask_weight() with cpumask_empty()
    - clocksource: Use pr_info() for "Checking clocksource synchronization"
      message
    - ipv4: add RCU protection to ip4_dst_hoplimit()
    - net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu()
    - net: add dev_net_rcu() helper
    - ipv4: use RCU protection in rt_is_expired()
    - ipv4: use RCU protection in inet_select_addr()
    - Namespaceify min_pmtu sysctl
    - Namespaceify mtu_expires sysctl
    - selftest: net: Test IPv4 PMTU exceptions with DSCP and ECN
    - net: ipv4: Cache pmtu for all packet paths if multipath enabled
    - neighbour: delete redundant judgment statements
    - drm/tidss: Fix issue in irq handling causing irq-flood issue
    - drm/tidss: Clear the interrupt status for interrupts being disabled
    - kdb: Do not assume write() callback available
    - alpha: replace hardcoded stack offsets with autogenerated ones
    - nilfs2: do not output warnings when clearing dirty buffers
    - can: ems_pci: move ASIX AX99100 ids to pci_ids.h
    - serial: 8250_pci: add support for ASIX AX99100
    - parport_pc: add support for ASIX AX99100
    - netdevsim: print human readable IP address
    - selftests: rtnetlink: update netdevsim ipsec output format
    - ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus
    - x86/i8253: Disable PIT timer 0 when not in use
    - Revert "btrfs: avoid monopolizing a core when activating a swap file"
    - btrfs: avoid monopolizing a core when activating a swap file
    - arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings
    - crypto: testmgr - fix wrong key length for pkcs1pad
    - crypto: testmgr - Fix wrong test case of RSA
    - crypto: testmgr - fix version number of RSA tests
    - crypto: testmgr - populate RSA CRT parameters in RSA test vectors
    - crypto: testmgr - some more fixes to RSA test vectors
    - mm: update mark_victim tracepoints fields
    - drm/probe-helper: Create a HPD IRQ event helper for a single connector
    - drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event()
    - ASoC: renesas: rz-ssi: Add a check for negative sample_space
    - arm64: dts: mediatek: mt8183: Disable DSI display output by default
    - tpm: Use managed allocation for bios event log
    - kfence: allow use of a deferrable timer
    - [Config] updateconfigs to disable new KFENCE_DEFERRABLE
    - kfence: enable check kfence canary on panic via boot param
    - kfence: skip __GFP_THISNODE allocations on NUMA systems
    - soc: mediatek: mtk-devapc: Switch to devm_clk_get_enabled()
    - soc: mediatek: mtk-devapc: Fix leaking IO map on error paths
    - soc/mediatek: mtk-devapc: Convert to platform remove callback returning void
    - soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove
    - media: uvcvideo: Set error_idx during ctrl_commit errors
    - media: uvcvideo: Refactor iterators
    - media: uvcvideo: Only save async fh if success
    - batman-adv: Drop initialization of flexible ethtool_link_ksettings
    - usb: dwc3: Increase DWC3 controller halt timeout
    - usb: dwc3: Fix timeout issue during controller enter/exit from halt state
    - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h
    - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline
    - ALSA: hda/realtek: Fixup ALC225 depop procedure
    - geneve: Suppress list corruption splat in geneve_destroy_tunnels().
    - net: extract port range fields from fl_flow_key
    - flow_dissector: Fix handling of mixed port and port-range keys
    - flow_dissector: Fix port range key handling in BPF conversion
    - net: Add non-RCU dev_getbyhwaddr() helper
    - arp: switch to dev_getbyhwaddr() in arp_req_set_public()
    - power: supply: da9150-fg: fix potential overflow
    - nvme/ioctl: add missing space in err message
    - bpf: skip non exist keys in generic_map_lookup_batch
    - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED
    - acct: block access to kernel internal filesystems
    - mtd: rawnand: cadence: fix error code in cadence_nand_init()
    - mtd: rawnand: cadence: use dma_map_resource for sdma address
    - mtd: rawnand: cadence: fix incorrect device in dma_unmap_single
    - x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit
    - IB/mlx5: Set and get correct qp_num for a DCT QP
    - ovl: use wrappers to all vfs_*xattr() calls
    - ovl: pass ofs to creation operations
    - scsi: core: Don't memset() the entire scsi_cmnd in scsi_init_command()
    - scsi: core: Clear driver private data when retrying request
    - RDMA/mlx5: Fix bind QP error cleanup flow
    - sunrpc: suppress warnings for unused procfs functions
    - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports
    - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response
    - afs: remove variable nr_servers
    - afs: Make it possible to find the volumes that are using a server
    - afs: Fix the server_list to unuse a displaced server rather than putting it
    - net: loopback: Avoid sending IP packets without an Ethernet header
    - net: cadence: macb: Synchronize stats calculations
    - ASoC: es8328: fix route from DAC to output
    - ipvs: Always clear ipvs_property flag in skb_scrub_packet()
    - tcp: Defer ts_recent changes until req is owned
    - net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination.
    - net/mlx5: IRQ, Fix null string in debug print
    - seg6: add support for SRv6 H.Encaps.Red behavior
    - seg6: add support for SRv6 H.L2Encaps.Red behavior
    - include: net: add static inline dst_dev_overhead() to dst.h
    - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue
    - net: ipv6: fix dst ref loop on input in seg6 lwt
    - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue
    - net: ipv6: fix dst ref loop on input in rpl lwt
    - x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems
    - ftrace: Avoid potential division by zero in function_stat_show()
    - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2
    - perf/core: Fix low freq setting via IOC_PERIOD
    - drm/amd/display: Fix HPD after gpu reset
    - net: enetc: fix the off-by-one issue in enetc_map_tx_buffs()
    - net: enetc: update UDP checksum when updating originTimestamp field
    - net: enetc: correct the xdp_tx statistics
    - phy: tegra: xusb: reset VBUS & ID OVERRIDE
    - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk
    - vmlinux.lds: Ensure that const vars with relocations are mapped R/O
    - intel_idle: Handle older CPUs, which stop the TSC in deeper C states,
      correctly
    - drm/amdgpu: Check extended configuration space register when system uses
      large bar
    - drm/amdgpu: disable BAR resize on Dell G5 SE
    - Revert "of: reserved-memory: Fix using wrong number of cells to get property
      'alignment'"
    - HID: appleir: Fix potential NULL dereference at raw event handle
    - gpio: rcar: Use raw_spinlock to protect register access
    - gpio: aggregator: protect driver attr handlers against module unload
    - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist
    - ALSA: hda/realtek: update ALC222 depop optimize
    - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M
    - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e
    - x86/cacheinfo: Validate CPUID leaf 0x2 EDX output
    - x86/cpu: Validate CPUID leaf 0x2 EDX output
    - x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63
    - wifi: cfg80211: regulatory: improve invalid hints checking
    - wifi: nl80211: reject cooked mode if it is set along with other flags
    - rapidio: add check for rio_add_net() in rio_scan_alloc_net()
    - rapidio: fix an API misues when rio_add_net() fails
    - s390/traps: Fix test_monitor_call() inline assembly
    - block: fix conversion of GPT partition name to 7-bit
    - mm/page_alloc: fix uninitialized variable
    - mm: don't skip arch_sync_kernel_mappings() in error paths
    - wifi: iwlwifi: limit printed string from FW file
    - HID: google: fix unused variable warning under !CONFIG_ACPI
    - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()
    - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch
    - net: gso: fix ownership in __udp_gso_segment
    - caif_virtio: fix wrong pointer check in cfv_probe()
    - hwmon: (pmbus) Initialise page count in pmbus_identify()
    - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table
    - hwmon: (ad7314) Validate leading zero bits and return error
    - ALSA: usx2y: validate nrpacks module parameter on probe
    - llc: do not use skb_get() before dev_queue_xmit()
    - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe()
    - drm/sched: Fix preprocessor guard
    - be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink
    - net: hns3: make sure ptp clock is unregister and freed if
      hclge_ptp_get_cycle returns an error
    - ppp: Fix KMSAN uninit-value warning with bpf
    - vlan: enforce underlying device type
    - x86/sgx: Support loading enclave page without VMA permissions check
    - x86/sgx: Move PTE zap code to new sgx_zap_enclave_ptes()
    - x86/sgx: Export sgx_encl_{grow,shrink}()
    - x86/sgx: Support VA page allocation without reclaiming
    - x86/sgx: Fix size overflows in sgx_encl_create()
    - exfat: fix soft lockup in exfat_clear_bitmap
    - net-timestamp: support TCP GSO case for a few missing flags
    - sched/fair: Fix potential memory corruption in child_cfs_rq_on_list
    - net: ipv6: fix dst ref loop in ila lwtunnel
    - net: ipv6: fix missing dst ref drop in ila lwtunnel
    - gpio: rcar: Fix missing of_node_put() call
    - Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection"
    - usb: renesas_usbhs: Call clk_put()
    - usb: renesas_usbhs: Use devm_usb_get_phy()
    - usb: hub: lack of clearing xHC resources
    - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader
    - usb: renesas_usbhs: Flush the notify_hotplug_work
    - usb: atm: cxacru: fix a flaw in existing endpoint checks
    - usb: dwc3: Set SUSPENDENABLE soon after phy init
    - usb: dwc3: gadget: Prevent irq storm when TH re-executes
    - usb: typec: ucsi: increase timeout for PPM reset operations
    - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality
    - usb: gadget: Set self-powered based on MaxPower and bmAttributes
    - usb: gadget: Fix setting self-powered state on suspend
    - usb: gadget: Check bmAttributes only if configuration is valid
    - xhci: pci: Fix indentation in the PCI device ID definitions
    - usb: xhci: Enable the TRB overfetch quirk on VIA VL805
    - mei: me: add panther lake P DID
    - intel_th: pci: Add Arrow Lake support
    - intel_th: pci: Add Panther Lake-H support
    - intel_th: pci: Add Panther Lake-P/U support
    - slimbus: messaging: Free transaction ID in delayed interrupt scenario
    - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock
    - eeprom: digsy_mtc: Make GPIO lookup table match the device
    - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl
    - media: uvcvideo: Avoid invalid memory access
    - media: uvcvideo: Avoid returning invalid controls
    - md: select BLOCK_LEGACY_AUTOLOAD
    - [Config] updateconfigs to select BLOCK_LEGACY_AUTOLOAD
    - mtd: rawnand: cadence: fix unchecked dereference
    - spi-mxs: Fix chipselect glitch
    - nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link
    - nilfs2: eliminate staggered calls to kunmap in nilfs_rename
    - bpf, vsock: Invoke proto::close on close()
    - kbuild: userprogs: use correct lld when linking through clang
    - net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels
    - Linux 5.15.179

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21647
    - sched: sch_cake: add bounds checks to host bulk flow fairness counts

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58002
    - media: uvcvideo: Remove dangling pointers

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58079
    - media: uvcvideo: Fix crash during unbind if gpio unit is in use

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21721
    - nilfs2: handle errors that nilfs_prepare_chunk() may return

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-26982
    - Squashfs: check the inode number is not the invalid value of zero

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21844
    - smb: client: Add check for next_buffer in receive_encrypted_standard()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58090
    - sched/core: Prevent rescheduling when interrupts are disabled

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21875
    - mptcp: always handle address removal under msk socket lock

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21877
    - usbnet: gl620a: fix endpoint checking in genelink_bind()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21878
    - i2c: npcm: disable interrupt enable bit before devm_request_irq

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21887
    - ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21846
    - acct: perform last write from workqueue

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21848
    - nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21862
    - drop_monitor: fix incorrect initialization order

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21871
    - tee: optee: Fix supplicant wait loop

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21865
    - gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21858
    - geneve: Fix use-after-free in geneve_find_dev().

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21866
    - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as
      VM_ALLOC

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21859
    - USB: gadget: f_midi: f_midi_complete to call queue_work

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21823
    - batman-adv: Drop unmanaged ELP metric worker

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58005
    - tpm: Change to kvalloc() in eventlog/acpi.c

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21748
    - ksmbd: fix integer overflows on 32 bit systems

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-57977
    - memcg: fix soft lockup in the OOM process

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-57978
    - media: imx-jpeg: Fix potential error pointer dereference in detach_pm()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-57979
    - pps: Fix a use-after-free

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-47726
    - f2fs: fix to wait dio completion

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21811
    - nilfs2: protect access to buffers with no active references

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21722
    - nilfs2: do not force clear folio if buffer is referenced

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58086
    - drm/v3d: Stop active perfmon if it is being destroyed

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21758
    - ipv6: mcast: add RCU protection to mld_newpack()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21760
    - ndisc: extend RCU protection in ndisc_send_skb()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21761
    - openvswitch: use RCU protection in ovs_vport_cmd_fill_info()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21762
    - arp: use RCU protection in arp_xmit()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21763
    - neighbour: use RCU protection in __neigh_notify()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21764
    - ndisc: use RCU protection in ndisc_alloc_skb()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21765
    - ipv6: use RCU protection in ip6_default_advmss()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21766
    - ipv4: use RCU protection in __ip_rt_update_pmtu()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21767
    - clocksource: Use migrate_disable() to avoid calling get_random_u32() in
      atomic context

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21772
    - partitions: mac: fix handling of bogus partition table

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21704
    - usb: cdc-acm: Check control transfer buffer size before access

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21776
    - USB: hub: Ignore non-compliant devices with too many configs or interfaces

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21835
    - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21779
    - KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21781
    - batman-adv: fix panic during interface removal

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21782
    - orangefs: fix a oob in orangefs_debug_write

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-57834
    - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21785
    - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21787
    - team: better TEAM_OPTION_TYPE_STRING validation

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21791
    - vrf: use RCU protection in l3mdev_l3_out()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58020
    - HID: multitouch: Add NULL check in mt_input_configured

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21795
    - NFSD: fix hang in nfsd4_shutdown_callback

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21796
    - nfsd: clear acl_access/acl_default after releasing them

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21820
    - tty: xilinx_uartps: split sysrq handling

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21814
    - ptp: Ensure info->enable callback is always set

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21735
    - NFC: nci: Add bounds checking in nci_hci_create_pipe()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21736
    - nilfs2: fix possible int overflows in nilfs_fiemap()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58001
    - ocfs2: handle a symlink read error correctly

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58007
    - soc: qcom: socinfo: Avoid out of bounds read of serial number

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21744
    - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21745
    - blk-cgroup: Fix class @block_class's subsystem refcount leakage

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58076
    - clk: qcom: gcc-sm6350: Add missing parent_map for two clocks

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58083
    - KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58010
    - binfmt_flat: Fix integer overflow bug on 32 bit systems

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21749
    - net: rose: lock the socket in rose_bind()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-57981
    - usb: xhci: Fix NULL pointer dereference on certain command aborts

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21684
    - gpio: xilinx: Convert gpio_lock to raw spinlock

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58085
    - tomoyo: don't emit warning in tomoyo_write_control()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58014
    - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58016
    - safesetid: check size of policy writes

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58017
    - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21753
    - btrfs: fix use-after-free when attempting to join an aborted transaction

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58055
    - usb: gadget: f_tcm: Don't free command immediately

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-57980
    - media: uvcvideo: Fix double free in error path

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21707
    - mptcp: consolidate suboption status

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21708
    - net: usb: rtl8150: enable basic endpoint checking

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21826
    - netfilter: nf_tables: reject mismatching sum of field_len with set key
      length

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21715
    - net: davicom: fix UAF in dm9000_drv_remove

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21718
    - net: rose: fix timer races against user threads

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21719
    - ipmr: do not call mr_mfc_uses_dev() for unres entries

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21802
    - net: hns3: fix oops when unload drivers paralleling

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58058
    - ubifs: skip dumping tnc tree when zroot is null

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58069
    - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21804
    - PCI: rcar-ep: Fix incorrect variable used when calling
      devm_request_mem_region()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58034
    - memory: tegra20-emc: fix an OF node reference bug in
      tegra_emc_find_node_by_ram_code()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-57973
    - rdma/cxgb4: Prevent potential integer overflow on 32bit

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21726
    - padata: avoid UAF for reorder_work

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21727
    - padata: fix UAF in padata_reorder

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21728
    - bpf: Send signals asynchronously if !preemptible

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21711
    - net/rose: prevent integer overflows in rose_setsockopt()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21799
    - net: ethernet: ti: am65-cpsw: fix freeing IRQ in
      am65_cpsw_nuss_remove_tx_chns()

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21806
    - net: let net.core.dev_weight always be non-zero

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21830
    - landlock: Handle weird files

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58071
    - team: prevent adding a device which is already a team device lower

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58063
    - wifi: rtlwifi: fix memory leaks and invalid access at probe error path

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58072
    - wifi: rtlwifi: remove unused check_buddy_priv

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58051
    - ipmi: ipmb: Add check devm_kasprintf() returned value

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-58052
    - drm/amdgpu: Fix potential NULL pointer dereference in
      atomctrl_get_smc_sclk_range_table

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2024-57986
    - HID: core: Fix assumption that Resolution Multipliers must be in Logical
      Collections

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
    CVE-2025-21731
    - nbd: don't allow reconnect after disconnect

  * Fix bugs preventing boot on Intel TDX-enabled hosts (LP: #2097811)
    - x86/mtrr: Remove physical address size calculation

  * Build failure when CONFIG_NET_SWITCHDEV=n due to CVE-2024-26837 fix backport
    (LP: #2104380)
    - SAUCE: net: switchdev: fix compilation error for CONFIG_NET_SWITCHDEV=n

  * nfsd hangs and never recovers after NFS4ERR_DELAY and a connection loss
    (LP: #2103564)
    - NFSD: Reset cb_seq_status after NFS4ERR_DELAY

  * kernel hard lockup in cgroups during eBPF workload (LP: #2089318)
    - cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id
    - cgroup: Homogenize cgroup_get_from_id() return value
    - cgroup: Make cgroup_get_from_id() prettier
    - cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes
    - cgroup: Reorganize css_set_lock and kernfs path processing

  * CVE-2023-52664
    - net: atlantic: eliminate double free in error handling logic

  * CVE-2023-52927
    - netfilter: allow exp not to be removed in nf_ct_find_expectation

 -- Mehmet Basaran <email address hidden>  Sat, 12 Apr 2025 08:33:00 +0300

Upload details

Uploaded by:
Mehmet Basaran
Uploaded to:
Jammy
Original maintainer:
Ubuntu Kernel Team
Architectures:
all amd64 armhf arm64 ppc64el s390x i386 riscv64
Section:
devel
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Jammy security main devel
Jammy updates main devel

Downloads

File Size SHA-256 Checksum
linux_5.15.0.orig.tar.gz 185.9 MiB 4d7908da75ad50a70a0141721e259c2589b7bdcc317f7bd885b80c2ffa689211
linux_5.15.0-140.150.diff.gz 11.1 MiB 7fa4039229012cbc8ce88d82f4b04db884b314b38015f072272fe6e02c96325c
linux_5.15.0-140.150.dsc 7.6 KiB e47ebae34502a6e2ec146ea553495c3615380d6f68e73925840569089dd623f4

View changes file

Binary packages built by this source

linux-buildinfo-5.15.0-140-generic: Linux kernel buildinfo for version 5.15.0 on ARMv8 SMP

 This package contains the Linux kernel buildinfo for version 5.15.0 on
 ARMv8 SMP.
 .
 You likely do not want to install this package.

linux-buildinfo-5.15.0-140-generic-64k: Linux kernel buildinfo for version 5.15.0 on ARMv8 SMP

 This package contains the Linux kernel buildinfo for version 5.15.0 on
 ARMv8 SMP.
 .
 You likely do not want to install this package.

linux-buildinfo-5.15.0-140-generic-lpae: Linux kernel buildinfo for version 5.15.0 on ARM (hard float) SMP

 This package contains the Linux kernel buildinfo for version 5.15.0 on
 ARM (hard float) SMP.
 .
 You likely do not want to install this package.

linux-cloud-tools-5.15.0-140: Linux kernel version specific cloud tools for version 5.15.0-140

 This package provides the architecture dependant parts for kernel
 version locked tools for cloud tools for version 5.15.0-140 on
 64 bit x86.
 You probably want to install linux-cloud-tools-5.15.0-140-<flavour>.

linux-cloud-tools-5.15.0-140-generic: Linux kernel version specific cloud tools for version 5.15.0-140

 This package provides the architecture dependant parts for kernel
 version locked tools for cloud for version 5.15.0-140 on
 64 bit x86.

linux-cloud-tools-common: Linux kernel version specific cloud tools for version 5.15.0

 This package provides the architecture independent parts for kernel
 version locked tools for cloud tools for version 5.15.0.

linux-doc: Linux kernel specific documentation for version 5.15.0

 This package provides the various documents in the 5.15.0 kernel
 Documentation/ subdirectory. These document kernel subsystems, APIs, device
 drivers, and so on. See
 /usr/share/doc/linux-doc/00-INDEX for a list of what is
 contained in each file.

linux-headers-5.15.0-140: Header files related to Linux kernel version 5.15.0

 This package provides kernel header files for version 5.15.0, for sites
 that want the latest kernel headers. Please read
 /usr/share/doc/linux-headers-5.15.0-140/debian.README.gz for details

linux-headers-5.15.0-140-generic: Linux kernel headers for version 5.15.0 on ARMv8 SMP

 This package provides kernel header files for version 5.15.0 on
 ARMv8 SMP.
 .
 This is for sites that want the latest kernel headers. Please read
 /usr/share/doc/linux-headers-5.15.0-140/debian.README.gz for details.

linux-headers-5.15.0-140-generic-64k: Linux kernel headers for version 5.15.0 on ARMv8 SMP

 This package provides kernel header files for version 5.15.0 on
 ARMv8 SMP.
 .
 This is for sites that want the latest kernel headers. Please read
 /usr/share/doc/linux-headers-5.15.0-140/debian.README.gz for details.

linux-headers-5.15.0-140-generic-lpae: Linux kernel headers for version 5.15.0 on ARM (hard float) SMP

 This package provides kernel header files for version 5.15.0 on
 ARM (hard float) SMP.
 .
 This is for sites that want the latest kernel headers. Please read
 /usr/share/doc/linux-headers-5.15.0-140/debian.README.gz for details.

linux-image-5.15.0-140-generic: Signed kernel image generic

 A kernel image for generic. This version of it is signed with
 Canonical's signing key.

linux-image-5.15.0-140-generic-dbgsym: Signed kernel image generic

 A link to the debugging symbols for the generic signed kernel.

linux-image-5.15.0-140-generic-lpae: Linux kernel image for version 5.15.0 on ARM (hard float) SMP

 This package contains the Linux kernel image for version 5.15.0 on
 ARM (hard float) SMP.
 .
 Supports Generic LPAE processors.
 .
 Geared toward desktop and server systems.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-generic-lpae meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-image-5.15.0-140-generic-lpae-dbgsym: Linux kernel debug image for version 5.15.0 on ARM (hard float) SMP

 This package provides the kernel debug image for version 5.15.0 on
 ARM (hard float) SMP.
 .
 This is for sites that wish to debug the kernel.
 .
 The kernel image contained in this package is NOT meant to boot from. It
 is uncompressed, and unstripped. This package also includes the
 unstripped modules.

linux-image-unsigned-5.15.0-140-generic: Linux kernel image for version 5.15.0 on ARMv8 SMP

 This package contains the unsigned Linux kernel image for version 5.15.0 on
 ARMv8 SMP.
 .
 Supports Generic processors.
 .
 Geared toward desktop and server systems.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-generic meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-image-unsigned-5.15.0-140-generic-64k: Linux kernel image for version 5.15.0 on ARMv8 SMP

 This package contains the unsigned Linux kernel image for version 5.15.0 on
 ARMv8 SMP.
 .
 Supports Generic 64K pages processors.
 .
 Geared toward desktop and server systems.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-generic-64k meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-image-unsigned-5.15.0-140-generic-64k-dbgsym: Linux kernel debug image for version 5.15.0 on ARMv8 SMP

 This package provides the unsigned kernel debug image for version 5.15.0 on
 ARMv8 SMP.
 .
 This is for sites that wish to debug the kernel.
 .
 The kernel image contained in this package is NOT meant to boot from. It
 is uncompressed, and unstripped. This package also includes the
 unstripped modules.

linux-image-unsigned-5.15.0-140-generic-dbgsym: Linux kernel debug image for version 5.15.0 on ARMv8 SMP

 This package provides the unsigned kernel debug image for version 5.15.0 on
 ARMv8 SMP.
 .
 This is for sites that wish to debug the kernel.
 .
 The kernel image contained in this package is NOT meant to boot from. It
 is uncompressed, and unstripped. This package also includes the
 unstripped modules.

linux-libc-dev: Linux Kernel Headers for development

 This package provides headers from the Linux kernel. These headers
 are used by the installed headers for GNU glibc and other system
 libraries. They are NOT meant to be used to build third-party modules for
 your kernel. Use linux-headers-* packages for that.

linux-modules-5.15.0-140-generic: Linux kernel extra modules for version 5.15.0 on ARMv8 SMP

 Contains the corresponding System.map file, the modules built by the
 packager, and scripts that try to ensure that the system is not left in an
 unbootable state after an update.
 .
 Supports Generic processors.
 .
 Geared toward desktop and server systems.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-generic meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-modules-5.15.0-140-generic-64k: Linux kernel extra modules for version 5.15.0 on ARMv8 SMP

 Contains the corresponding System.map file, the modules built by the
 packager, and scripts that try to ensure that the system is not left in an
 unbootable state after an update.
 .
 Supports Generic 64K pages processors.
 .
 Geared toward desktop and server systems.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-generic-64k meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-modules-5.15.0-140-generic-lpae: Linux kernel extra modules for version 5.15.0 on ARM (hard float) SMP

 Contains the corresponding System.map file, the modules built by the
 packager, and scripts that try to ensure that the system is not left in an
 unbootable state after an update.
 .
 Supports Generic LPAE processors.
 .
 Geared toward desktop and server systems.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-generic-lpae meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-modules-extra-5.15.0-140-generic: Linux kernel extra modules for version 5.15.0 on ARMv8 SMP

 This package contains the Linux kernel extra modules for version 5.15.0 on
 ARMv8 SMP.
 .
 Also includes the corresponding System.map file, the modules built by the
 packager, and scripts that try to ensure that the system is not left in an
 unbootable state after an update.
 .
 Supports Generic processors.
 .
 Geared toward desktop and server systems.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-generic meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-modules-iwlwifi-5.15.0-140-generic: Linux kernel iwlwifi modules for version 5.15.0-140

 This package provides the Linux kernel iwlwifi modules for version
 5.15.0-140.
 .
 You likely do not want to install this package directly. Instead, install the
 one of the linux-modules-iwlwifi-generic* meta-packages,
 which will ensure that upgrades work correctly, and that supporting packages are
 also installed.

linux-source-5.15.0: Linux kernel source for version 5.15.0 with Ubuntu patches

 This package provides the source code for the Linux kernel version
 5.15.0.
 .
 This package is mainly meant for other packages to use, in order to build
 custom flavours.
 .
 If you wish to use this package to create a custom Linux kernel, then it
 is suggested that you investigate the package kernel-package, which has
 been designed to ease the task of creating kernel image packages.
 .
 If you are simply trying to build third-party modules for your kernel,
 you do not want this package. Install the appropriate linux-headers
 package instead.

linux-tools-5.15.0-140: Linux kernel version specific tools for version 5.15.0-140

 This package provides the architecture dependant parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 5.15.0-140 on
 ARMv8.
 You probably want to install linux-tools-5.15.0-140-<flavour>.

linux-tools-5.15.0-140-generic: Linux kernel version specific tools for version 5.15.0-140

 This package provides the architecture dependant parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 5.15.0-140 on
 ARMv8.

linux-tools-5.15.0-140-generic-64k: Linux kernel version specific tools for version 5.15.0-140

 This package provides the architecture dependant parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 5.15.0-140 on
 ARMv8.

linux-tools-5.15.0-140-generic-lpae: Linux kernel version specific tools for version 5.15.0-140

 This package provides the architecture dependant parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 5.15.0-140 on
 ARM (hard float).

linux-tools-common: Linux kernel version specific tools for version 5.15.0

 This package provides the architecture independent parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 5.15.0.

linux-tools-host: Linux kernel VM host tools

 This package provides kernel tools useful for VM hosts.