SRU Justification Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The following upstream stable patches should be included in the Ubuntu kernel: v6.8.10 upstream stable release from git://git.kernel.org/ Linux 6.8.10 keys: Fix overwrite of key expiration on instantiation dmaengine: idxd: add a write() method for applications to submit work dmaengine: idxd: add a new security check to deal with a hardware erratum VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist Bluetooth: qca: fix firmware check error path Bluetooth: qca: fix info leak when fetching fw build id Bluetooth: qca: fix info leak when fetching board id Bluetooth: qca: generalise device address check Bluetooth: qca: fix NVM configuration parsing Bluetooth: qca: add missing firmware sanity checks Bluetooth: qca: fix wcn3991 device address check Bluetooth: qca: fix invalid device address check eventfs: Do not treat events directory different than other directories tracefs: Still use mount point as default permissions for instances tracefs: Reset permissions on remount if permissions are options ksmbd: do not grant v2 lease if parent lease key and epoch are not set ksmbd: avoid to send duplicate lease break notifications ksmbd: off ipv6only for both ipv4/ipv6 binding spi: microchip-core-qspi: fix setting spi bus clock rate regulator: core: fix debugfs creation regression nvme-pci: Add quirk for broken MSIs fs/proc/task_mmu: fix uffd-wp confusion in pagemap_scan_pmd_entry() fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan iommu/amd: Enhance def_domain_type to handle untrusted device mm/userfaultfd: reset ptes when close() for wr-protected ones mm: use memalloc_nofs_save() in page_cache_ra_order() selftests/mm: fix powerpc ARCH check x86/apic: Don't access the APIC when disabling x2APIC misc/pvpanic-pci: register attributes via pci_driver hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us net: fix out-of-bounds access in ops_init iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration drm/amd/display: Fix incorrect DSC instance for MST drm/amd/display: Handle Y carry-over in VCP X.Y calculation drm/i915/bios: Fix parsing backlight BDB data drm/i915/gt: Automate CCS Mode setting during engine resets drm/i915/audio: Fix audio time stamp programming for DP drm/nouveau/gsp: Use the sg allocator for level 2 of radix3 drm/amd/display: Fix idle optimization checks for multi-display and dual eDP drm/imagination: Ensure PVR_MIPS_PT_PAGE_COUNT is never zero drm/vmwgfx: Fix invalid reads in fence signaled events drm/vmwgfx: Fix Legacy Display Unit drm/ttm: Print the memory decryption status just once drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Revert "drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()" drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() mei: me: add lunar lake point M DID clk: sunxi-ng: a64: Set minimum and maximum rate for PLL-MIPI clk: sunxi-ng: common: Support minimum and maximum rate clk: samsung: Revert "clk: Use device_get_match_data()" slimbus: qcom-ngd-ctrl: Add timeout for wait operation dyndbg: fix old BUG_ON in >control parser ASoC: ti: davinci-mcasp: Fix race condition during probe ASoC: tegra: Fix DSPK 16-bit playback net: bcmgenet: synchronize UMAC_CMD access net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access xtensa: fix MAKE_PC_FROM_RA second argument tipc: fix UAF in error path e1000e: change usleep_range to udelay in PHY mdic access kmsan: compiler_types: declare __no_sanitize_or_inline iio: accel: mxc4005: Reset chip on probe() and resume() iio: accel: mxc4005: Interrupt handling fixes iio: pressure: Fixes SPI support for BMP3xx devices iio: pressure: Fixes BME280 SPI driver data iio:imu: adis16475: Fix sync mode setting dt-bindings: iio: health: maxim,max30102: fix compatible check workqueue: Fix selection of wake_cpu in kick_pool() mptcp: only allow set existing scheduler for net.mptcp.scheduler mptcp: ensure snd_nxt is properly initialized on connect mm/slab: make __free(kfree) accept error pointers maple_tree: fix mas_empty_area_rev() null pointer dereference btrfs: make sure that WRITTEN is set on all metadata blocks btrfs: qgroup: do not check qgroup inherit if qgroup is disabled btrfs: set correct ram_bytes when splitting ordered extent btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() mm/slub: avoid zeroing outside-object freepointer for single free firewire: ohci: fulfill timestamp for some local asynchronous transaction ALSA: hda/realtek: Fix conflicting PCI SSID 17aa:386f for Lenovo Legion models ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU usb: typec: tcpm: Check for port partner validity before consuming it usb: typec: tcpm: unregister existing source caps before re-registration usb: typec: tcpm: clear pd_event queue in PORT_RESET usb: dwc3: core: Prevent phy suspend during init usb: xhci-plat: Don't include xhci.h usb: gadget: f_fs: Fix a race condition when processing setup packets. usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete usb: gadget: uvc: use correct buffer size when parsing configfs lists usb: gadget: composite: fix OS descriptors w_value logic USB: core: Fix access violation during port device removal usb: ohci: Prevent missed ohci interrupts usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device usb: typec: ucsi: Fix connector check on init usb: typec: ucsi: Check for notifications after init Reapply "drm/qxl: simplify qxl_fence_wait" firewire: nosy: ensure user_length is taken into account when fetching packet contents drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible drm/amd/display: Atom Integrated System Info v2_2 for DCN35 gpiolib: cdev: fix uninitialised kfifo gpiolib: cdev: Fix use after free in lineinfo_changed_notify dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users drm/connector: Add \n to message about demoting connector force-probes drm/meson: dw-hdmi: add bandgap setting for g12 drm/meson: dw-hdmi: power up phy on device init net: dsa: mv88e6xxx: add phylink_get_caps for the mv88e6320/21 family net: hns3: fix kernel crash when devlink reload during initialization net: hns3: fix port vlan filter not disabled issue net: hns3: use appropriate barrier function after setting a bit value net: hns3: release PTP resources if pf initialization failed net: hns3: change type of numa_node_mask as nodemask_t net: hns3: direct return when receive a unknown mailbox message net: hns3: using user configure after hardware reset net/smc: fix neighbour and rtable leak in smc_ib_find_route() ipv6: prevent NULL dereference in ip6_output() ipv6: annotate data-races around cnf.disable_ipv6 hsr: Simplify code for announcing HSR nodes timer setup net-sysfs: convert dev->operstate reads to lockless ones ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() dt-bindings: net: mediatek: remove wrongly added clocks and SerDes rxrpc: Only transmit one ACK per jumbo packet received rxrpc: Fix congestion control algorithm rxrpc: Fix the names of the fields in the ACK trailer struct selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC ipv6: Fix potential uninit-value access in __ip6_make_skb() net: bridge: fix corrupted ethernet header on multicast-to-unicast nfc: nci: Fix kcov check in nci_rx_work() netlink: specs: Add missing bridge linkinfo attrs phonet: fix rtm_phonet_notify() skb allocation hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() hwmon: (corsair-cpro) Use a separate buffer for sending commands rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Bluetooth: HCI: Fix potential null-ptr-deref arm64: dts: mediatek: mt8183-pico6: Fix bluetooth node Bluetooth: msft: fix slab-use-after-free in msft_do_close() Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets ARM: 9381/1: kasan: clear stale stack poison xfrm: Preserve vlan tags for transport mode software GRO qibfs: fix dentry leak SUNRPC: add a missing rpc_stat for TCP TLS blk-iocost: do not WARN if iocg was already offlined net:usb:qmi_wwan: support Rolling modules drm/radeon: silence UBSAN warning (v3) platform/x86: ISST: Add Granite Rapids-D to HPM CPU list platform/x86/amd: pmf: Decrease error message to debug drm/nouveau/dp: Don't probe eDP ports twice harder gpio: lpc32xx: fix module autoloading fs/9p: drop inodes immediately on non-.L too fs/9p: remove erroneous nlink init from legacy stat2inode clk: Don't hold prepare_lock when calling kref_put() gpio: crystalcove: Use -ENOTSUPP consistently gpio: wcove: Use -ENOTSUPP consistently powerpc/crypto/chacha-p10: Fix failure on non Power10 9p: explicitly deny setlease attempts fs/9p: fix the cache always being enabled on files with qid flags fs/9p: translate O_TRUNC into OTRUNC fs/9p: only translate RWX permissions for plain 9P2000 iommu: mtk: fix module autoloading smb3: fix broken reconnect when password changing on the server by allowing password rotation drm/xe: Label RING_CONTEXT_CONTROL as masked drm/xe/xe_migrate: Cast to output precision before multiplying operands Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted uio_hv_generic: Don't free decrypted memory hv_netvsc: Don't free decrypted memory Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior amd/amdkfd: sync all devices to wait all processes being evicted drm/amdgpu: Fix VCN allocation in CPX partition drm/amd/pm: fix the high voltage issue after unload drm/amd/display: Skip on writeback when it's not applicable drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 drm/amdgpu: add smu 14.0.1 discovery support drm/amd/display: add DCN 351 version for microcode load drm/amdgpu: Refine IB schedule error logging nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies net: add copy_safe_from_sockptr() helper tools/power/turbostat: Fix uncore frequency file string MIPS: scall: Save thread_info.syscall unconditionally on entry gpu: host1x: Do not setup DMA for virtual devices platform/x86: acer-wmi: Add support for Acer PH18-71 accel/ivpu: Fix missed error message after VPU rename accel/ivpu: Improve clarity of MMU error messages accel/ivpu: Remove d3hot_after_power_off WA blk-iocost: avoid out of bounds shift scsi: hisi_sas: Handle the NCQ error returned by D2H frame scsi: target: Fix SELinux error when systemd-modules loads the target module nouveau/gsp: Avoid addressing beyond end of rpc->entries memblock tests: fix undefined reference to `BIT' memblock tests: fix undefined reference to `panic' memblock tests: fix undefined reference to `early_pfn_to_nid' btrfs: always clear PERTRANS metadata during commit btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve tools/power turbostat: Fix warning upon failed /dev/cpu_dma_latency read tools/power turbostat: Print ucode revision only if valid tools/power turbostat: Expand probe_intel_uncore_frequency() tools/power turbostat: Do not print negative LPI residency tools/power turbostat: Fix Bzy_MHz documentation typo tools/power turbostat: Increase the limit for fd opened tools/power turbostat: Fix added raw MSR output firewire: ohci: mask bus reset interrupts between ISR and bottom half ata: sata_gemini: Check clk_enable() result vboxsf: explicitly deny setlease attempts net: bcmgenet: Reset RBUF on first open ASoC: codecs: ES8326: modify clock table ASoC: codecs: ES8326: Solve error interruption issue block: fix overflow in blk_ioctl_discard() ALSA: line6: Zero-initialize message buffers scsi: ufs: core: Fix MCQ mode dev command timeout scsi: libsas: Align SMP request allocation to ARCH_DMA_MINALIGN scsi: ufs: core: WLUN suspend dev/link state error recovery OSS: dmasound/paula: Mark driver struct with __refdata to prevent section mismatch regulator: tps65132: Add of_match table ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries selftests/ftrace: Fix event filter target_func selection bpf: Check bloom filter map value size drm/amdkfd: range check cp bad op exception interrupts drm/amdkfd: Check cgroup when returning DMABuf info btrfs: return accurate error code on open failure in open_fs_devices() scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload scsi: mpi3mr: Avoid memcpy field-spanning write WARNING drm/xe: Fix END redefinition net: mark racy access on sk->sk_rcvbuf wifi: iwlwifi: mvm: guard against invalid STA ID on removal wifi: iwlwifi: read txq->read_ptr under lock wifi: mac80211: fix prep_connection error path wifi: cfg80211: fix rdev_dump_mpp() arguments order wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc fs/9p: fix uninitialized values during inode evict gfs2: Fix invalid metadata access in punch_hole scsi: lpfc: Use a dedicated lock for ras_fwlog state scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling scsi: lpfc: Move NPIV's transport unregistration to after resource clean up scsi: ufs: core: Fix MCQ MAC configuration firmware: microchip: don't unconditionally print validation success exfat: fix timing of synchronizing bitmap and inode KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y EDAC/versal: Do not log total error counts powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE powerpc/pseries: make max polling consistent for longer H_CALLs clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change clk: qcom: smd-rpm: Restore msm8976 num_clk drm/xe/display: Fix ADL-N detection net: gro: add flush check in udp_gro_receive_segment net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb ipv4: Fix uninit-value access in __ip_make_skb() drm/panel: ili9341: Use predefined error codes drm/panel: ili9341: Respect deferred probe drm/panel: ili9341: Correct use of device property APIs s390/qeth: Fix kernel panic after setting hsuid vxlan: Pull inner IP header in vxlan_rcv(). tipc: fix a possible memleak in tipc_buf_append rxrpc: Clients must accept conn from any address net: core: reject skb_copy(_expand) for fraglist GSO skbs net: bridge: fix multicast-to-unicast with fraglist GSO spi: fix null pointer dereference within spi_sync drm/amdgpu: fix doorbell regression net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 cxgb4: Properly lock TX queue for the selftest. s390/cio: Ensure the copied buf is NUL terminated ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() ASoC: meson: cards: select SND_DYNAMIC_MINORS ASoC: meson: axg-tdm-interface: manage formatters in trigger ASoC: meson: axg-card: make links nonatomic ASoC: meson: axg-fifo: use threaded irq to check periods ASoC: meson: axg-fifo: use FIELD helpers vxlan: Add missing VNI filter counter update in arp_reduce(). vxlan: Fix racy device stats updates. net: qede: use return from qede_parse_actions() net: qede: use return from qede_parse_flow_attr() for flow_spec net: qede: use return from qede_parse_flow_attr() for flower net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() ALSA: emu10k1: fix E-MU dock initialization ALSA: emu10k1: move the whole GPIO event handling to the workqueue ALSA: emu10k1: factor out snd_emu1010_load_dock_firmware() ALSA: emu10k1: fix E-MU card dock presence monitoring Fix a potential infinite loop in extract_user_to_sg() s390/vdso: Add CFI for RA register to asm macro vdso_func thermal/debugfs: Prevent use-after-free from occurring after cdev removal net l2tp: drop flow hash on forward nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). thermal/debugfs: Fix two locking issues with thermal zone debug thermal/debugfs: Free all thermal zone debug memory on zone removal octeontx2-af: avoid off-by-one read from userspace bna: ensure the copied buf is NUL terminated ice: ensure the copied buf is NUL terminated efi/unaccepted: touch soft lockup during memory accept xdp: use flags field to disambiguate broadcast redirect arm32, bpf: Reimplement sign-extension mov instruction s390/mm: Fix clearing storage keys for huge pages s390/mm: Fix storage key clearing for guest huge pages ASoC: codecs: wsa881x: set clk_stop_mode1 flag ASoC: Intel: avs: Set name of control as in topology riscv, bpf: Fix incorrect runtime stats bpf, arm64: Fix incorrect runtime stats spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs spi: axi-spi-engine: fix version format string spi: axi-spi-engine: use common AXI macros bpf: Fix a verifier verbose message nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH ASoC: SOF: Intel: add default firmware library path for LNL regmap: Add regmap_read_bypassed() bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition regulator: change devm_regulator_get_enable_optional() stub to return Ok regulator: change stubbed devm_regulator_get_enable to return Ok regulator: mt6360: De-capitalize devicetree regulator subnodes NFSD: Fix nfsd4_encode_fattr4() crasher NFSD: add support for CB_GETATTR callback nfsd: make all of the nfsd stats per-network namespace nfsd: expose /proc/net/sunrpc/nfsd in net namespaces nfsd: rename NFSD_NET_* to NFSD_STATS_* pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator power: rt9455: hide unused rt9455_boost_voltage_values pinctrl: baytrail: Fix selecting gpio pinctrl state nfs: Handle error of rpc_proc_register() in nfs_net_init(). nfs: make the rpc_stat per net namespace nfs: expose /proc/net/sunrpc/nfs in net namespaces sunrpc: add a struct rpc_stats arg to rpc_create_args pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback pinctrl: core: delete incorrect free in pinctrl_enable() pinctrl/meson: fix typo in PDM's pin name pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T wifi: nl80211: don't free NULL coalescing rule rust: macros: fix soundness issue in `module!` macro rust: module: place generated init_module() function in .init.text