{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "linux-headers-6.11.0-29", "linux-headers-6.11.0-29-generic", "linux-image-6.11.0-29-generic", "linux-modules-6.11.0-29-generic", "linux-tools-6.11.0-29", "linux-tools-6.11.0-29-generic" ], "removed": [ "linux-headers-6.11.0-26", "linux-headers-6.11.0-26-generic", "linux-image-6.11.0-26-generic", "linux-modules-6.11.0-26-generic", "linux-tools-6.11.0-26", "linux-tools-6.11.0-26-generic" ], "diff": [ "fwupd", "libarchive13t64:ppc64el", "libfwupd2:ppc64el", "libopeniscsiusr", "linux-headers-generic", "linux-headers-virtual", "linux-image-virtual", "linux-libc-dev:ppc64el", "linux-tools-common", "linux-virtual", "open-iscsi", "sudo" ] } }, "diff": { "deb": [ { "name": "fwupd", "from_version": { "source_package_name": "fwupd", "source_package_version": "1.9.29-0ubuntu1~24.10.1ubuntu1", "version": "1.9.29-0ubuntu1~24.10.1ubuntu1" }, "to_version": { "source_package_name": "fwupd", "source_package_version": "1.9.30-0ubuntu1~24.10.1", "version": "1.9.30-0ubuntu1~24.10.1" }, "cves": [], "launchpad_bugs_fixed": [ 2110209, 2104109 ], "changes": [ { "cves": [], "log": [ "", " * New upstream version (1.9.30)", " - Fix dell dock RMM FW info missing on some devices (LP: #2110209)", "" ], "package": "fwupd", "version": "1.9.30-0ubuntu1~24.10.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2110209 ], "author": "Mario Limonciello ", "date": "Thu, 08 May 2025 10:43:11 -0500" }, { "cves": [], "log": [ "", " * New upstream version (1.9.29)", " - Fix updating dell dock RMM F/W (LP: #2104109)", "" ], "package": "fwupd", "version": "1.9.29-0ubuntu1~24.04.1ubuntu1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2104109 ], "author": "Mario Limonciello ", "date": "Tue, 25 Mar 2025 12:48:06 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libarchive13t64:ppc64el", "from_version": { "source_package_name": "libarchive", "source_package_version": "3.7.4-1ubuntu0.2", "version": "3.7.4-1ubuntu0.2" }, "to_version": { "source_package_name": "libarchive", "source_package_version": "3.7.4-1ubuntu0.3", "version": "3.7.4-1ubuntu0.3" }, "cves": [ { "cve": "CVE-2025-5914", "url": "https://ubuntu.com/security/CVE-2025-5914", "cve_description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "cve_priority": "medium", "cve_public_date": "2025-06-09 20:15:00 UTC" }, { "cve": "CVE-2025-5915", "url": "https://ubuntu.com/security/CVE-2025-5915", "cve_description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cve_priority": "medium", "cve_public_date": "2025-06-09 20:15:00 UTC" }, { "cve": "CVE-2025-5916", "url": "https://ubuntu.com/security/CVE-2025-5916", "cve_description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.", "cve_priority": "medium", "cve_public_date": "2025-06-09 20:15:00 UTC" }, { "cve": "CVE-2025-5917", "url": "https://ubuntu.com/security/CVE-2025-5917", "cve_description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.", "cve_priority": "medium", "cve_public_date": "2025-06-09 20:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-5914", "url": "https://ubuntu.com/security/CVE-2025-5914", "cve_description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "cve_priority": "medium", "cve_public_date": "2025-06-09 20:15:00 UTC" }, { "cve": "CVE-2025-5915", "url": "https://ubuntu.com/security/CVE-2025-5915", "cve_description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cve_priority": "medium", "cve_public_date": "2025-06-09 20:15:00 UTC" }, { "cve": "CVE-2025-5916", "url": "https://ubuntu.com/security/CVE-2025-5916", "cve_description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.", "cve_priority": "medium", "cve_public_date": "2025-06-09 20:15:00 UTC" }, { "cve": "CVE-2025-5917", "url": "https://ubuntu.com/security/CVE-2025-5917", "cve_description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.", "cve_priority": "medium", "cve_public_date": "2025-06-09 20:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: double free issue ", " - debian/patches/CVE-2025-5914.patch: rar: Fix double free with over ", " 4 billion nodes ", " - CVE-2025-5914 ", " * SECURITY UPDATE: heap-based buffer overflow ", " - debian/patches/CVE-2025-5915.patch: rar: Fix heap-buffer-overflow ", " - CVE-2025-5915 ", " * SECURITY UPDATE: integer overflow ", " - debian/patches/CVE-2025-5916.patch: warc: Prevent signed integer ", " overflow ", " - CVE-2025-5916 ", " * SECURITY UPDATE: out-of-bound write overflow ", " - debian/patches/CVE-2025-5917.patch: Fix overflow in build_ustar_entry", " - CVE-2025-5917", "" ], "package": "libarchive", "version": "3.7.4-1ubuntu0.3", "urgency": "medium", "distributions": "oracular-security", "launchpad_bugs_fixed": [], "author": "Nishit Majithia ", "date": "Wed, 25 Jun 2025 15:19:39 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "libfwupd2:ppc64el", "from_version": { "source_package_name": "fwupd", "source_package_version": "1.9.29-0ubuntu1~24.10.1ubuntu1", "version": "1.9.29-0ubuntu1~24.10.1ubuntu1" }, "to_version": { "source_package_name": "fwupd", "source_package_version": "1.9.30-0ubuntu1~24.10.1", "version": "1.9.30-0ubuntu1~24.10.1" }, "cves": [], "launchpad_bugs_fixed": [ 2110209, 2104109 ], "changes": [ { "cves": [], "log": [ "", " * New upstream version (1.9.30)", " - Fix dell dock RMM FW info missing on some devices (LP: #2110209)", "" ], "package": "fwupd", "version": "1.9.30-0ubuntu1~24.10.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2110209 ], "author": "Mario Limonciello ", "date": "Thu, 08 May 2025 10:43:11 -0500" }, { "cves": [], "log": [ "", " * New upstream version (1.9.29)", " - Fix updating dell dock RMM F/W (LP: #2104109)", "" ], "package": "fwupd", "version": "1.9.29-0ubuntu1~24.04.1ubuntu1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2104109 ], "author": "Mario Limonciello ", "date": "Tue, 25 Mar 2025 12:48:06 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libopeniscsiusr", "from_version": { "source_package_name": "open-iscsi", "source_package_version": "2.1.10-1ubuntu1.1", "version": "2.1.10-1ubuntu1.1" }, "to_version": { "source_package_name": "open-iscsi", "source_package_version": "2.1.10-1ubuntu1.2", "version": "2.1.10-1ubuntu1.2" }, "cves": [], "launchpad_bugs_fixed": [ 2098515 ], "changes": [ { "cves": [], "log": [ "", " * d/extra/initramfs/local-top/iscsi: add a flag to skip network", " configuration when iscsi is set to 'auto' but no iBFT data is present.", " Thanks to Alec Warren . (LP: #2098515)", "" ], "package": "open-iscsi", "version": "2.1.10-1ubuntu1.2", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2098515 ], "author": "Renan Rodrigo ", "date": "Wed, 04 Jun 2025 09:17:02 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-headers-generic", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.11.0-26.26", "version": "6.11.0-26.26" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.11.0-29.29", "version": "6.11.0-29.29" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.11.0-29.29", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", "" ], "package": "linux-meta", "version": "6.11.0-29.29", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 1786013 ], "author": "Manuel Diewald ", "date": "Fri, 13 Jun 2025 17:26:12 +0200" }, { "cves": [], "log": [ "", " * Main version: 6.11.0-28.28", "" ], "package": "linux-meta", "version": "6.11.0-28.28", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [], "author": "Stefan Bader ", "date": "Mon, 19 May 2025 15:11:17 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-headers-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.11.0-26.26", "version": "6.11.0-26.26" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.11.0-29.29", "version": "6.11.0-29.29" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.11.0-29.29", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", "" ], "package": "linux-meta", "version": "6.11.0-29.29", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 1786013 ], "author": "Manuel Diewald ", "date": "Fri, 13 Jun 2025 17:26:12 +0200" }, { "cves": [], "log": [ "", " * Main version: 6.11.0-28.28", "" ], "package": "linux-meta", "version": "6.11.0-28.28", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [], "author": "Stefan Bader ", "date": "Mon, 19 May 2025 15:11:17 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.11.0-26.26", "version": "6.11.0-26.26" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.11.0-29.29", "version": "6.11.0-29.29" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.11.0-29.29", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", "" ], "package": "linux-meta", "version": "6.11.0-29.29", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 1786013 ], "author": "Manuel Diewald ", "date": "Fri, 13 Jun 2025 17:26:12 +0200" }, { "cves": [], "log": [ "", " * Main version: 6.11.0-28.28", "" ], "package": "linux-meta", "version": "6.11.0-28.28", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [], "author": "Stefan Bader ", "date": "Mon, 19 May 2025 15:11:17 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-libc-dev:ppc64el", "from_version": { "source_package_name": "linux", "source_package_version": "6.11.0-26.26", "version": "6.11.0-26.26" }, "to_version": { "source_package_name": "linux", "source_package_version": "6.11.0-29.29", "version": "6.11.0-29.29" }, "cves": [ { "cve": "CVE-2025-37890", "url": "https://ubuntu.com/security/CVE-2025-37890", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted the class in the vttree or eltree (which is not true for the netem duplicate case). This patch checks the n_active class variable to make sure that the code won't insert the class in the vttree or eltree twice, catering for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/", "cve_priority": "medium", "cve_public_date": "2025-05-16 13:15:00 UTC" }, { "cve": "CVE-2025-37798", "url": "https://ubuntu.com/security/CVE-2025-37798", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdisc_dequeue().", "cve_priority": "medium", "cve_public_date": "2025-05-02 15:15:00 UTC" }, { "cve": "CVE-2025-37997", "url": "https://ubuntu.com/security/CVE-2025-37997", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_region() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage collector and adding new elements when a hash type of set is defined with timeouts.", "cve_priority": "medium", "cve_public_date": "2025-05-29 14:15:00 UTC" }, { "cve": "CVE-2025-2312", "url": "https://ubuntu.com/security/CVE-2025-2312", "cve_description": "A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache.", "cve_priority": "medium", "cve_public_date": "2025-03-25 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2114305, 1786013, 2112519, 2110681, 2110173, 2099914, 2109634, 2109530, 2104876, 2103617, 2109301, 2106394, 2107522, 2107437, 1786013 ], "changes": [ { "cves": [ { "cve": "CVE-2025-37890", "url": "https://ubuntu.com/security/CVE-2025-37890", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted the class in the vttree or eltree (which is not true for the netem duplicate case). This patch checks the n_active class variable to make sure that the code won't insert the class in the vttree or eltree twice, catering for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/", "cve_priority": "medium", "cve_public_date": "2025-05-16 13:15:00 UTC" }, { "cve": "CVE-2025-37798", "url": "https://ubuntu.com/security/CVE-2025-37798", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdisc_dequeue().", "cve_priority": "medium", "cve_public_date": "2025-05-02 15:15:00 UTC" }, { "cve": "CVE-2025-37997", "url": "https://ubuntu.com/security/CVE-2025-37997", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_region() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage collector and adding new elements when a hash type of set is defined with timeouts.", "cve_priority": "medium", "cve_public_date": "2025-05-29 14:15:00 UTC" } ], "log": [ "", " * oracular/linux: 6.11.0-29.29 -proposed tracker (LP: #2114305)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", " - [Packaging] update annotations scripts", "", " * CVE-2025-37890", " - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child", " qdisc", " - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()", " - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice", "", " * raid1: Fix NULL pointer dereference in process_checks() (LP: #2112519)", " - md/raid1: Add check for missing source disk in process_checks()", "", " * CVE-2025-37798", " - sch_htb: make htb_qlen_notify() idempotent", " - sch_htb: make htb_deactivate() idempotent", " - sch_drr: make drr_qlen_notify() idempotent", " - sch_hfsc: make hfsc_qlen_notify() idempotent", " - sch_qfq: make qfq_qlen_notify() idempotent", " - sch_ets: make est_qlen_notify() idempotent", " - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()", "", " * CVE-2025-37997", " - netfilter: ipset: fix region locking in hash types", "" ], "package": "linux", "version": "6.11.0-29.29", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2114305, 1786013, 2112519 ], "author": "Manuel Diewald ", "date": "Fri, 13 Jun 2025 18:31:19 +0200" }, { "cves": [ { "cve": "CVE-2025-2312", "url": "https://ubuntu.com/security/CVE-2025-2312", "cve_description": "A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache.", "cve_priority": "medium", "cve_public_date": "2025-03-25 18:15:00 UTC" } ], "log": [ "", " * oracular/linux: 6.11.0-28.28 -proposed tracker (LP: #2110681)", "", " * Oracular update: upstream stable patchset 2025-05-07 (LP: #2110173)", " - drm/dp_mst: Factor out function to queue a topology probe work", " - drm/dp_mst: Add a helper to queue a topology probe", " - drm/amd/display: Don't write DP_MSTM_CTRL after LT", " - watch_queue: fix pipe accounting mismatch", " - x86/mm/pat: cpa-test: fix length for CPA_ARRAY test", " - cpufreq: scpi: compare kHz instead of Hz", " - smack: dont compile ipv6 code unless ipv6 is configured", " - smack: ipv4/ipv6: tcp/dccp/sctp: fix incorrect child socket label", " - sched: Cancel the slice protection of the idle entity", " - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()", " - EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald Rapids", " - x86/fpu: Fix guest FPU state buffer allocation size", " - x86/fpu: Avoid copying dynamic FP state from init_task in", " arch_dup_task_struct()", " - x86/platform: Only allow CONFIG_EISA for 32-bit", " - [Config] updateconfigs for EISA", " - x86/sev: Add missing RIP_REL_REF() invocations during sme_enable()", " - lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock", " - PM: sleep: Adjust check before setting power.must_resume", " - cpufreq: tegra194: Allow building for Tegra234", " - RISC-V: KVM: Disable the kernel perf counter during configure", " - kunit/stackinit: Use fill byte different from Clang i386 pattern", " - watchdog/hardlockup/perf: Fix perf_event memory leak", " - selinux: Chain up tool resolving errors in install_policy.sh", " - EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer", " - EDAC/ie31200: Fix the DIMM size mask for several SoCs", " - EDAC/ie31200: Fix the error path order of ie31200_init()", " - x86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors", " - thermal: int340x: Add NULL check for adev", " - PM: sleep: Fix handling devices with direct_complete set on errors", " - lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()", " - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll", " - x86/traps: Make exc_double_fault() consistently noreturn", " - x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures", " - x86/entry: Add __init to ia32_emulation_override_cmdline()", " - regulator: pca9450: Fix enable register for LDO5", " - auxdisplay: MAX6959 should select BITREVERSE", " - media: verisilicon: HEVC: Initialize start_bit field", " - media: platform: allgro-dvt: unregister v4l2_device on the error path", " - auxdisplay: panel: Fix an API misuse in panel.c", " - platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: Make symbol static", " - platform/x86: dell-uart-backlight: Make dell_uart_bl_serdev_driver static", " - platform/x86: dell-ddv: Fix temperature calculation", " - ASoC: cs35l41: check the return value from spi_setup()", " - ASoC: amd: acp: Fix for enabling DMIC on acp platforms via _DSD entry", " - HID: remove superfluous (and wrong) Makefile entry for", " CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER", " - dt-bindings: vendor-prefixes: add GOcontroll", " - ALSA: hda/realtek: Always honor no_shutup_pins", " - ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio", " compatible", " - ALSA: timer: Don't take register_mutex with copy_from/to_user()", " - drm/bridge: ti-sn65dsi86: Fix multiple instances", " - drm/ssd130x: Set SPI .id_table to prevent an SPI core warning", " - drm/ssd130x: fix ssd132x encoding", " - drm/ssd130x: ensure ssd132x pitch is correct", " - drm/dp_mst: Fix drm RAD print", " - drm/bridge: it6505: fix HDCP V match check is not performed correctly", " - drm: xlnx: zynqmp: Fix max dma segment size", " - drm/vkms: Fix use after free and double free on init error", " - gpu: cdns-mhdp8546: fix call balance of mhdp->clk handling routines", " - drm/amdgpu: refine smu send msg debug log format", " - drm/amdgpu/umsch: fix ucode check", " - PCI: Use downstream bridges for distributing resources", " - PCI: Remove add_align overwrite unrelated to size0", " - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure", " - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member", " - PCI/ASPM: Fix link state exit during switch upstream function removal", " - drm/panel: ilitek-ili9882t: fix GPIO name in error message", " - PCI/ACS: Fix 'pci=config_acs=' parameter", " - drm/amd/display: fix an indent issue in DML21", " - drm/msm/dpu: don't use active in atomic_check()", " - drm/msm/dsi/phy: Program clock inverters in correct register", " - drm/msm/dsi: Use existing per-interface slice count in DSC timing", " - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host", " - drm/amdkfd: Fix Circular Locking Dependency in", " 'svm_range_cpu_invalidate_pagetables'", " - PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data", " payload", " - PCI: brcmstb: Set generation limit before PCIe link up", " - PCI: brcmstb: Use internal register to change link capability", " - PCI: brcmstb: Fix error path after a call to regulator_bulk_get()", " - PCI: brcmstb: Fix potential premature regulator disabling", " - PCI/portdrv: Only disable pciehp interrupts early when needed", " - drm/panthor: Update CS_STATUS_ defines to correct values", " - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters()", " - drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump", " - crypto: powerpc: Mark ghashp8-ppc.o as an OBJECT_FILES_NON_STANDARD", " - powerpc/kexec: fix physical address calculation in clear_utlb_entry()", " - PCI: Remove stray put_device() in pci_register_host_bridge()", " - PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe", " - drm/mediatek: Fix config_updating flag never false when no mbox channel", " - drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr", " - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()", " - drm/amd/display: avoid NPD when ASIC does not support DMUB", " - PCI: dwc: ep: Return -ENOMEM for allocation failures", " - PCI: histb: Fix an error handling path in histb_pcie_probe()", " - PCI: Fix BAR resizing when VF BARs are assigned", " - PCI: pciehp: Don't enable HPIE when resuming in poll mode", " - fbdev: au1100fb: Move a variable assignment behind a null pointer check", " - dummycon: fix default rows/cols", " - mdacon: rework dependency list", " - fbdev: sm501fb: Add some geometry checks.", " - crypto: iaa - Test the correct request flag", " - crypto: qat - set parity error mask for qat_420xx", " - crypto: tegra - Use separate buffer for setkey", " - crypto: tegra - check return value for hash do_one_req", " - crypto: bpf - Add MODULE_DESCRIPTION for skcipher", " - crypto: tegra - Use HMAC fallback when keyslots are full", " - clk: amlogic: gxbb: drop incorrect flag on 32k clock", " - crypto: hisilicon/sec2 - fix for aead authsize alignment", " - crypto: hisilicon/sec2 - fix for sec spec check", " - remoteproc: core: Clear table_sz when rproc_shutdown", " - of: property: Increase NR_FWNODE_REFERENCE_ARGS", " - pinctrl: renesas: rzg2l: Suppress binding attributes", " - remoteproc: qcom_q6v5_pas: Make single-PD handling more robust", " - libbpf: Fix hypothetical STT_SECTION extern NULL deref case", " - selftests/bpf: Fix string read in strncmp benchmark", " - x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()", " - clk: renesas: r8a08g045: Check the source of the CPU PLL settings", " - remoteproc: qcom: pas: add minidump_id to SC7280 WPSS", " - clk: samsung: Fix UBSAN panic in samsung_clk_init()", " - pinctrl: nuvoton: npcm8xx: Fix error handling in npcm8xx_gpio_fw()", " - crypto: tegra - Fix CMAC intermediate result handling", " - clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock", " - s390: Remove ioremap_wt() and pgprot_writethrough()", " - RDMA/mana_ib: Ensure variable err is initialized", " - crypto: tegra - Set IV to NULL explicitly for AES ECB", " - remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8226", " - clk: qcom: gcc-x1e80100: Unregister GCC_GPU_CFG_AHB_CLK/GCC_DISP_XO_CLK", " - bpf: Use preempt_count() directly in bpf_send_signal_common()", " - lib: 842: Improve error handling in sw842_compress()", " - pinctrl: renesas: rza2: Fix missing of_node_put() call", " - pinctrl: renesas: rzg2l: Fix missing of_node_put() call", " - RDMA/mlx5: Fix MR cache initialization error flow", " - clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent", " - RDMA/core: Don't expose hw_counters outside of init net namespace", " - RDMA/mlx5: Fix calculation of total invalidated pages", " - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()", " - remoteproc: qcom_q6v5_mss: Handle platforms with one power domain", " - power: supply: bq27xxx_battery: do not update cached flags prematurely", " - IB/mad: Check available slots before posting receive WRs", " - pinctrl: tegra: Set SFIO mode to Mux Register", " - clk: amlogic: g12b: fix cluster A parent data", " - clk: amlogic: gxbb: drop non existing 32k clock parent", " - selftests/bpf: Select NUMA_NO_NODE to create map", " - pinctrl: npcm8xx: Fix incorrect struct npcm8xx_pincfg assignment", " - crypto: qat - remove access to parity register for QAT GEN4", " - clk: clk-imx8mp-audiomix: fix dsp/ocram_a clock parents", " - clk: amlogic: g12a: fix mmc A peripheral clock", " - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1", " - power: supply: max77693: Fix wrong conversion of charge input threshold", " value", " - crypto: nx - Fix uninitialised hv_nxc on error", " - clk: qcom: gcc-sm8650: Do not turn off USB GDSCs during gdsc_disable()", " - bpf: Fix array bounds error with may_goto", " - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow", " - pinctrl: renesas: rzv2m: Fix missing of_node_put() call", " - mfd: sm501: Switch to BIT() to mitigate integer overflows", " - leds: Fix LED_OFF brightness race", " - x86/dumpstack: Fix inaccurate unwinding from exception stacks due to", " misplaced assignment", " - crypto: hisilicon/sec2 - fix for aead auth key length", " - pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm()", " - clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock", " - perf stat: Fix find_stat for mixed legacy/non-legacy events", " - perf: Always feature test reallocarray", " - w1: fix NULL pointer dereference in probe", " - isofs: fix KMSAN uninit-value bug in do_isofs_readdir()", " - soundwire: slave: fix an OF node reference leak in soundwire slave device", " - perf report: Switch data file correctly in TUI", " - coresight: catu: Fix number of pages while using 64k pages", " - vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint", " - coresight-etm4x: add isb() before reading the TRCSTATR", " - perf pmu: Don't double count common sysfs and json events", " - ucsi_ccg: Don't show failed to get FW build information error", " - iio: accel: mma8452: Ensure error return on failure to matching oversampling", " ratio", " - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim", " fails.", " - perf arm-spe: Fix load-store operation checking", " - perf bench: Fix perf bench syscall loop count", " - usb: xhci: correct debug message page size calculation", " - fs/ntfs3: Fix a couple integer overflows on 32bit systems", " - fs/ntfs3: Prevent integer overflow in hdr_first_de()", " - dmaengine: fsl-edma: cleanup chan after dma_async_device_unregister", " - dmaengine: fsl-edma: free irq correctly in remove path", " - iio: adc: ad4130: Fix comparison of channel setups", " - iio: adc: ad7124: Fix comparison of channel configs", " - iio: adc: ad7173: Fix comparison of channel configs", " - iio: light: Add check for array bounds in veml6075_read_int_time_ms", " - perf debug: Avoid stack overflow in recursive error message", " - perf evlist: Add success path to evlist__create_syswide_maps", " - perf units: Fix insufficient array space", " - kernel/events/uprobes: handle device-exclusive entries correctly in", " __replace_page()", " - kexec: initialize ELF lowest address to ULONG_MAX", " - ocfs2: validate l_tree_depth to avoid out-of-bounds access", " - arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig", " - NFSv4: Don't trigger uneccessary scans for return-on-close delegations", " - NFSv4: Avoid unnecessary scans of filesystems for returning delegations", " - NFSv4: Avoid unnecessary scans of filesystems for expired delegations", " - NFSv4: Avoid unnecessary scans of filesystems for delayed delegations", " - NFS: fix open_owner_id_maxsz and related fields.", " - fuse: fix dax truncate/punch_hole fault path", " - selftests/mm/cow: fix the incorrect error handling", " - um: Pass the correct Rust target and options with gcc", " - um: remove copy_from_kernel_nofault_allowed", " - um: hostfs: avoid issues on inode number reuse by host", " - i3c: master: svc: Fix missing the IBI rules", " - perf python: Fixup description of sample.id event member", " - perf python: Decrement the refcount of just created event on failure", " - perf python: Don't keep a raw_data pointer to consumed ring buffer space", " - perf python: Check if there is space to copy all the event", " - perf dso: fix dso__is_kallsyms() check", " - staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES", " - staging: vchiq_arm: Register debugfs after cdev", " - staging: vchiq_arm: Fix possible NPR of keep-alive thread", " - tty: n_tty: use uint for space returned by tty_write_room()", " - perf vendor events arm64 AmpereOneX: Fix frontend_bound calculation", " - fs/procfs: fix the comment above proc_pid_wchan()", " - perf tools: annotate asm_pure_loop.S", " - thermal: core: Remove duplicate struct declaration", " - objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show()", " - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()", " - NFS: Shut down the nfs_client only after all the superblocks", " - exfat: fix the infinite loop in exfat_find_last_cluster()", " - rtnetlink: Allocate vfinfo size for VF GUIDs when supported", " - rndis_host: Flag RNDIS modems as WWAN devices", " - ksmbd: use aead_request_free to match aead_request_alloc", " - ksmbd: fix multichannel connection failure", " - ksmbd: fix r_count dec/increment mismatch", " - net/mlx5e: SHAMPO, Make reserved size independent of page size", " - ring-buffer: Fix bytes_dropped calculation issue", " - objtool: Fix segfault in ignore_unreachable_insn()", " - LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig", " - LoongArch: Fix device node refcount leak in fdt_cpu_clk_init()", " - LoongArch: Rework the arch_kgdb_breakpoint() implementation", " - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are", " invalid", " - net: phy: broadcom: Correct BCM5221 PHY model detection", " - octeontx2-af: Fix mbox INTR handler when num VFs > 64", " - octeontx2-af: Free NIX_AF_INT_VEC_GEN irq", " - objtool: Fix verbose disassembly if CROSS_COMPILE isn't set", " - sched/smt: Always inline sched_smt_active()", " - context_tracking: Always inline ct_{nmi,irq}_{enter,exit}()", " - rcu-tasks: Always inline rcu_irq_work_resched()", " - objtool/loongarch: Add unwind hints in prepare_frametrace()", " - nfs: Add missing release on error in nfs_lock_and_join_requests()", " - wifi: mac80211: Cleanup sta TXQs on flush", " - wifi: mac80211: remove debugfs dir for virtual monitor", " - wifi: iwlwifi: fw: allocate chained SG tables for dump", " - wifi: iwlwifi: mvm: use the right version of the rate API", " - nvme-tcp: fix possible UAF in nvme_tcp_poll", " - nvme-pci: clean up CMBMSC when registering CMB fails", " - nvme-pci: skip CMB blocks incompatible with PCI P2P DMA", " - wifi: brcmfmac: keep power during suspend if board requires it", " - affs: generate OFS sequence numbers starting at 1", " - affs: don't write overlarge OFS data block size fields", " - ALSA: hda/realtek: Fix Asus Z13 2025 audio", " - ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0", " - perf/core: Fix perf_pmu_register() vs. perf_init_event()", " - smb: common: change the data type of num_aces to le16", " - cifs: fix incorrect validation for num_aces field of smb_acl", " - platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet", " - platform/x86/intel/vsec: Add Diamond Rapids support", " - HID: i2c-hid: improve i2c_hid_get_report error message", " - platform/x86/amd/pmf: Propagate PMF-TA return codes", " - platform/x86/amd/pmf: Update PMF Driver for Compatibility with new PMF-TA", " - exfat: add a check for invalid data size", " - ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41", " HDA", " - ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using", " CS35L41 HDA", " - ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41", " HDA", " - ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA", " - ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using", " CS35L41 HDA", " - ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using", " CS35L41 HDA", " - ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using", " CS35L41 HDA", " - sched/deadline: Use online cpus for validating runtime", " - x86/hyperv/vtl: Stop kernel from probing VTL0 low memory", " - ASoC: rt1320: set wake_capable = 0 explicitly", " - wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state", " - wifi: mac80211: fix SA Query processing in MLO", " - locking/semaphore: Use wake_q to wake up processes outside lock critical", " section", " - x86/hyperv: Fix output argument to hypercall that changes page visibility", " - x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled", " - nvme-pci: fix stuck reset on concurrent DPC and HP", " - drm/amd: Keep display off while going into S4", " - selftests: netfilter: skip br_netfilter queue tests if kernel is tainted", " - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx", " - can: statistics: use atomic access in hot path", " - memory: omap-gpmc: drop no compatible check", " - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}", " - spufs: fix a leak on spufs_new_file() failure", " - spufs: fix gang directory lifetimes", " - spufs: fix a leak in spufs_create_context()", " - fs/9p: fix NULL pointer dereference on mkdir", " - riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and", " make_call_ra", " - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans", " - ntb: intel: Fix using link status DB's", " - firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success", " - ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA", " - RISC-V: errata: Use medany for relocatable builds", " - x86/uaccess: Improve performance by aligning writes to 8 bytes in", " copy_user_generic(), on non-FSRM/ERMS CPUs", " - ublk: make sure ubq->canceling is set when queue is frozen", " - s390/entry: Fix setting _CIF_MCCK_GUEST with lowcore relocation", " - ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe()", " - riscv: Fix hugetlb retrieval of number of ptes in case of !present pte", " - riscv/kexec_file: Handle R_RISCV_64 in purgatory relocator", " - riscv/purgatory: 4B align purgatory_start", " - ASoC: imx-card: Add NULL check in imx_card_probe()", " - spi: bcm2835: Do not call gpiod_put() on invalid descriptor", " - ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model", " - spi: bcm2835: Restore native CS probing when pinctrl-bcm2835 is absent", " - e1000e: change k1 configuration on MTP and later platforms", " - idpf: fix adapter NULL pointer dereference on reboot", " - netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets", " only", " - netfilter: nf_tables: don't unregister hook when table is dormant", " - netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets", " - net_sched: skbprio: Remove overly strict queue assertions", " - sctp: add mutual exclusion in proc_sctp_do_udp_port()", " - net: mvpp2: Prevent parser TCAM memory corruption", " - udp: Fix multiple wraparounds of sk->sk_rmem_alloc.", " - udp: Fix memory accounting leak.", " - vsock: avoid timeout during connect() if the socket is closing", " - tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().", " - net: decrease cached dst counters in dst_release", " - netfilter: nft_tunnel: fix geneve_opt type confusion addition", " - ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS", " - net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy", " - net: fix geneve_opt length integer overflow", " - ipv6: Start path selection from the first nexthop", " - ipv6: Do not consider link down nexthops in path selection", " - arcnet: Add NULL check in com20020pci_probe()", " - net: ibmveth: make veth_pool_store stop hanging", " - kbuild: deb-pkg: don't set KBUILD_BUILD_VERSION unconditionally", " - drm/amdgpu/gfx11: fix num_mec", " - drm/amdgpu/gfx12: fix num_mec", " - perf/core: Fix child_total_time_enabled accounting bug at task exit", " - tools/power turbostat: report CoreThr per measurement interval", " - tracing: Switch trace_events_hist.c code over to use guard()", " - tracing/hist: Add poll(POLLIN) support on hist file", " - tracing/hist: Support POLLPRI event for poll on histogram", " - tracing: Correct the refcount if the hist/hist_debug file fails to open", " - cgroup/rstat: Tracking cgroup-level niced CPU time", " - cgroup/rstat: Fix forceidle time in cpu.stat", " - tty: serial: fsl_lpuart: Use u32 and u8 for register variables", " - tty: serial: fsl_lpuart: use port struct directly to simply code", " - tty: serial: fsl_lpuart: Fix unused variable 'sport' build warning", " - tty: serial: lpuart: only disable CTS instead of overwriting the whole", " UARTMODIR register", " - wifi: mac80211: Fix sparse warning for monitor_sdata", " - usbnet:fix NPE during rx_complete", " - rust: Fix enabling Rust and building with GCC for LoongArch", " - LoongArch: Increase ARCH_DMA_MINALIGN up to 16", " - LoongArch: Increase MAX_IO_PICS up to 8", " - LoongArch: BPF: Fix off-by-one error in build_prologue()", " - LoongArch: BPF: Don't override subprog's return value", " - LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC", " - x86/hyperv: Fix check of return value from snp_set_vmsa()", " - KVM: x86: block KVM_CAP_SYNC_REGS if guest state is protected", " - x86/microcode/AMD: Fix __apply_microcode_amd()'s return value", " - x86/mce: use is_copy_from_user() to determine copy-from-user context", " - x86/tdx: Fix arch_safe_halt() execution for TDX VMs", " - ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers", " - platform/x86: ISST: Correct command storage data length", " - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()", " - perf/x86/intel: Apply static call for drain_pebs", " - perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read", " - uprobes/x86: Harden uretprobe syscall trampoline check", " - idpf: Don't hard code napi_struct size", " - x86/Kconfig: Add cmpxchg8b support back to Geode CPUs", " - x86/tsc: Always save/restore TSC sched_clock() on suspend/resume", " - x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs", " - wifi: mt76: mt7925: remove unused acpi function for clc", " - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl", " - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP", " - ARM: 9444/1: add KEEP() keyword to ARM_VECTORS", " - media: omap3isp: Handle ARM dma_iommu_mapping", " - Remove unnecessary firmware version check for gc v9_4_2", " - mmc: omap: Fix memory leak in mmc_omap_new_slot", " - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability", " - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD", " - KVM: SVM: Don't change target vCPU state on AP Creation VMGEXIT error", " - ksmbd: add bounds check for durable handle context", " - ksmbd: add bounds check for create lease context", " - ksmbd: fix use-after-free in ksmbd_sessions_deregister()", " - ksmbd: fix session use-after-free in multichannel connection", " - ksmbd: fix overflow in dacloffset bounds check", " - ksmbd: validate zero num_subauth before sub_auth is accessed", " - ksmbd: fix null pointer dereference in alloc_preauth_hash()", " - exfat: fix potential wrong error return from get_block", " - tracing: Fix use-after-free in print_graph_function_flags during tracer", " switching", " - tracing: Ensure module defining synth event cannot be unloaded while tracing", " - tracing: Fix synth event printk format for str fields", " - tracing/osnoise: Fix possible recursive locking for cpus_read_lock()", " - mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs", " - arm64: Don't call NULL in do_compat_alignment_fixup()", " - wifi: mt76: mt7921: fix kernel panic due to null pointer dereference", " - ext4: don't over-report free space or inodes in statvfs", " - ext4: fix OOB read when checking dotdot dir", " - jfs: fix slab-out-of-bounds read in ea_get()", " - jfs: add index corruption check to DT_GETPAGE()", " - mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead()", " - exec: fix the racy usage of fs_struct->in_exec", " - media: vimc: skip .s_stream() for stopped entities", " - media: streamzap: fix race between device disconnection and urb callback", " - nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid()", " - nfsd: put dl_stid if fail to queue dl_recall", " - nfsd: fix management of listener transports", " - NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up", " - ARM: 9443/1: Require linker to support KEEP within OVERLAY for DCE", " - [Config] updateconfigs for LD_CAN_USE_KEEP_IN_OVERLAY", " - tracing: Do not use PERF enums when perf is not defined", " - platform/x86/amd/pmf: fix cleanup in amd_pmf_init_smart_pc()", " - Upstream stable to v6.6.86, v6.12.23", "", " * CVE-2025-2312 cifs.upcall could access incorrect kerberos credentials cache", " (LP: #2099914) // CVE-2025-2312", " - CIFS: New mount option for cifs.upcall namespace resolution", "", " * Oracular update: upstream stable patchset 2025-04-29 (LP: #2109634)", " - wifi: iwlwifi: support BIOS override for 5G9 in CA also in LARI version 8", " - netfilter: nft_counter: Use u64_stats_t for statistic.", " - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names", " - HID: hid-plantronics: Add mic mute mapping and generalize quirks", " - atm: Fix NULL pointer dereference", " - nfsd: fix legacy client tracking initialization", " - netfilter: socket: Lookup orig tuple for IPv6 SNAT", " - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx", " - counter: stm32-lptimer-cnt: fix error handling when enabling", " - counter: microchip-tcb-capture: Fix undefined counter channel state on probe", " - tty: serial: 8250: Add some more device IDs", " - tty: serial: 8250: Add Brainboxes XC devices", " - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related", " registers", " - net: usb: qmi_wwan: add Telit Cinterion FN990B composition", " - net: usb: qmi_wwan: add Telit Cinterion FE990B composition", " - net: usb: usbnet: restore usb%d name exception for local mac addresses", " - usb: xhci: Don't skip on Stopped - Length Invalid", " - usb: xhci: Apply the link chain quirk on NEC isoc endpoints", " - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove", " - perf tools: Fix up some comments and code to properly use the event_source", " bus", " - serial: stm32: do not deassert RS485 RTS GPIO prematurely", " - serial: 8250_dma: terminate correct DMA in tx_dma_flush()", " - bcachefs: bch2_ioctl_subvolume_destroy() fixes", " - Upstream stable to v6.6.85, v6.12.22", "", " * Oracular update: upstream stable patchset 2025-04-28 (LP: #2109530)", " - Revert \"mm/page_alloc: fix memory accept before watermarks gets initialized\"", " - mm/page_alloc: fix memory accept before watermarks gets initialized", " - Revert \"hrtimer: Use and report correct timerslack values for realtime", " tasks\"", " - hrtimer: Use and report correct timerslack values for realtime tasks", "", " * [SRU] Fix jack detection of rt712 on intel soundwire (LP: #2104876)", " - soundwire: mipi_disco: add MIPI-specific property_read_bool() helpers", "", " * [SRU] Fix screen flickering in inverted display mode (LP: #2103617)", " - drm/xe/display: Re-use display vmas when possible", " - drm/xe/display: Fix fbdev GGTT mapping handling.", "", " * Oracular update: upstream stable patchset 2025-04-24 (LP: #2109301)", " - clockevents/drivers/i8253: Fix stop sequence for timer 0", " - zram: fix NULL pointer in comp_algorithm_show()", " - hrtimer: Use and report correct timerslack values for realtime tasks", " - rust: init: fix `Zeroable` implementation for `Option>` and", " `Option>`", " - lib/buildid: Handle memfd_secret() files in build_id_parse()", " - mm: split critical region in remap_file_pages() and invoke LSMs in between", " - firmware: qcom: scm: Fix error code in probe()", " - firmware: imx-scu: fix OF node leak in .probe()", " - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply", " - arm64: dts: rockchip: remove supports-cqe from rk3588 jaguar", " - arm64: dts: rockchip: remove supports-cqe from rk3588 tiger", " - xfrm: fix tunnel mode TX datapath in packet offload mode", " - xfrm_output: Force software GSO only in tunnel mode", " - soc: imx8m: Remove global soc_uid", " - soc: imx8m: Use devm_* to simplify probe failure handling", " - soc: imx8m: Unregister cpufreq and soc dev in cleanup path", " - ARM: dts: bcm2711: Fix xHCI power-domain", " - ARM: dts: bcm2711: PL011 UARTs are actually r1p5", " - arm64: dts: rockchip: Remove undocumented sdmmc property from lubancat-1", " - RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex()", " tests", " - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx", " - RDMA/mlx5: Handle errors returned from mlx5r_ib_rate()", " - ARM: OMAP1: select CONFIG_GENERIC_IRQ_CHIP", " - ARM: dts: bcm2711: Don't mark timer regs unconfigured", " - ARM: dts: BCM5301X: Fix switch port labels of ASUS RT-AC5300", " - ARM: dts: BCM5301X: Fix switch port labels of ASUS RT-AC3200", " - dma-mapping: fix missing clear bdr in check_ram_in_range_map()", " - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path", " - RDMA/hns: Fix soft lockup during bt pages loop", " - RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db()", " - RDMA/hns: Fix invalid sq params not being blocked", " - RDMA/hns: Fix a missing rollback in error path of", " hns_roce_create_qp_common()", " - RDMA/hns: Fix missing xa_destroy()", " - RDMA/hns: Fix wrong value of max_sge_rd", " - Bluetooth: Fix error code in chan_alloc_skb_cb()", " - Bluetooth: hci_event: Fix connection regression between LE and non-LE", " adapters", " - accel/qaic: Fix possible data corruption in BOs > 2G", " - ARM: davinci: da850: fix selecting ARCH_DAVINCI_DA8XX", " - net: ipv6: fix TCP GSO segmentation with NAT", " - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().", " - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create().", " - devlink: fix xa_alloc_cyclic() error handling", " - dpll: fix xa_alloc_cyclic() error handling", " - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU", " - net: atm: fix use after free in lec_send()", " - net: ti: icssg-prueth: Add lock to stats", " - net: lwtunnel: fix recursion loops", " - net: ipv6: ioam6: fix lwtunnel_output() loop", " - libfs: Fix duplicate directory entry in offset_dir_lookup", " - net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES", " - i2c: omap: fix IRQ storms", " - net: mana: Support holes in device list reply msg", " - can: rcar_canfd: Fix page entries in the AFL list", " - can: ucan: fix out of bound read in strscpy() source", " - can: flexcan: only change CAN state when link up in system PM", " - can: flexcan: disable transceiver during system PM", " - drm/xe: Fix exporting xe buffers multiple times", " - drm/v3d: Don't run jobs that have errors flagged in its fence", " - io_uring/net: don't clear REQ_F_NEED_CLEANUP unconditionally", " - riscv: dts: starfive: Fix a typo in StarFive JH7110 pin function definitions", " - netfs: Call `invalidate_cache` only if implemented", " - regulator: dummy: force synchronous probing", " - regulator: check that dummy regulator has been probed before using it", " - accel/qaic: Fix integer overflow in qaic_validate_req()", " - arm64: dts: freescale: imx8mp-verdin-dahlia: add Microphone Jack to sound", " card", " - arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to sound", " card", " - arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou", " - arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou", " - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops", " - mmc: atmel-mci: Add missing clk_disable_unprepare()", " - selftests/mm: run_vmtests.sh: fix half_ufd_size_MB calculation", " - mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT", " - mm/migrate: fix shmem xarray update during migration", " - mm/page_alloc: fix memory accept before watermarks gets initialized", " - proc: fix UAF in proc_get_inode()", " - memcg: drain obj stock on cpu hotplug teardown", " - ARM: dts: imx6qdl-apalis: Fix poweroff on Apalis iMX6", " - ARM: shmobile: smp: Enforce shmobile_smp_* alignment", " - firmware: qcom: uefisecapp: fix efivars registration race", " - efi/libstub: Avoid physical address 0x0 when doing random allocation", " - keys: Fix UAF in key_put()", " - xsk: fix an integer overflow in xp_create_and_assign_umem()", " - batman-adv: Ignore own maximum aggregation size during RX", " - soc: qcom: pdr: Fix the potential deadlock", " - pmdomain: amlogic: fix T7 ISP secpower", " - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()", " - drm/sched: Fix fence reference count leak", " - drm/amdgpu/gfx12: correct cleanup of 'me' field with gfx_v12_0_me_fini()", " - drm/amd/display: Fix message for support_edp0_on_dp1", " - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP", " - drm/amd/pm: add unique_id for gfx12", " - drm/amdgpu: Restore uncached behaviour on GFX12", " - drm/amdgpu/pm: wire up hwmon fan speed for smu 14.0.2", " - drm/amdgpu: Remove JPEG from vega and carrizo video caps", " - drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size", " - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven", " - ksmbd: fix incorrect validation for num_aces field of smb_acl", " - io_uring/net: fix sendzc double notif flush", " - KVM: arm64: Fix __pkvm_init_vcpu cptr_el2 error path", " - KVM: arm64: Calculate cptr_el2 traps on activating traps", " - KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state", " - KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN", " - KVM: arm64: Remove VHE host restore of CPACR_EL1.SMEN", " - KVM: arm64: Refactor exit handlers", " - KVM: arm64: Mark some header functions as inline", " - Revert \"sched/core: Reduce cost of sched_move_task when config autogroup\"", " - libsubcmd: Silence compiler warning", " - arm64: dts: rockchip: fix u2phy1_host status for NanoPi R4S", " - mm/huge_memory: drop beyond-EOF folios with the right number of refs", " - mptcp: Fix data stream corruption in the address announcement", " - Upstream stable to v6.6.84, v6.12.21", "", " * [SRU] enable cs42l43 and cs35l56 audio on Intel LNL (LP: #2106394)", " - ASoC: Intel: soc-acpi: arl: Add match entries for new cs42l43 laptops", " - ASoC: Intel: soc-acpi: adl: Add match entries for new cs42l43 laptops", " - ASoC: Intel: soc-acpi: lnl: Add match entries for new cs42l43 laptops", " - ASoC: Intel: soc-acpi: arl: Fix some missing empty terminators", "", " * Oracular update: upstream stable patchset 2025-04-17 (LP: #2107522)", " - ibmvnic: Perform tx CSO during send scrq direct", " - ibmvnic: Inspect header requirements before using scrq direct", " - net: enetc: Remove setting of RX software timestamp", " - net: enetc: Replace ifdef with IS_ENABLED", " - net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC", " - mm: fix kernel BUG when userfaultfd_move encounters swapcache", " - userfaultfd: fix PTE unmapping stack-allocated PTE copies", " - fbdev: hyperv_fb: iounmap() the correct memory when removing a device", " - pinctrl: bcm281xx: Fix incorrect regmap max_registers value", " - pinctrl: nuvoton: npcm8xx: Add NULL check in npcm8xx_gpio_fw", " - netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template.", " - ice: do not configure destination override for switchdev", " - ice: fix memory leak in aRFS after reset", " - netfilter: nf_conncount: garbage collection is not skipped when jiffies wrap", " around", " - netfilter: nf_tables: make destruction work queue pernet", " - sched: address a potential NULL pointer dereference in the GRED scheduler.", " - wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms", " - wifi: mac80211: don't queue sdata::work for a non-running sdata", " - wifi: cfg80211: cancel wiphy_work before freeing wiphy", " - Bluetooth: hci_event: Fix enabling passive scanning", " - Revert \"Bluetooth: hci_core: Fix sleeping function called from invalid", " context\"", " - net/mlx5: Fill out devlink dev info only for PFs", " - net: dsa: mv88e6xxx: Verify after ATU Load ops", " - net: mctp i3c: Copy headers if cloned", " - net: mctp i2c: Copy headers if cloned", " - netpoll: hold rcu read lock in __netpoll_send_skb()", " - drm/hyperv: Fix address space leak when Hyper-V DRM device is removed", " - fbdev: hyperv_fb: Fix hang in kdump kernel when on Hyper-V Gen 2 VMs", " - fbdev: hyperv_fb: Simplify hvfb_putmem", " - Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio()", " - net/mlx5: handle errors in mlx5_chains_create_table()", " - eth: bnxt: fix truesize for mb-xdp-pass case", " - eth: bnxt: return fail if interface is down in bnxt_queue_mem_alloc()", " - eth: bnxt: do not update checksum in bnxt_xdp_build_skb()", " - eth: bnxt: fix kernel panic in the bnxt_get_queue_stats{rx | tx}", " - eth: bnxt: use page pool for head frags",