dwww Home | Show directory contents | Find package

linux (6.8.0-134.134) noble; urgency=medium

  * noble/linux: 6.8.0-134.134 -proposed tracker (LP: #2158432)

  * ext4: writeback causes kernel oops when low on space (LP: #2158377)
    - ext4: get rid of ppath in get_ext_path()

 -- Manuel Diewald <manuel.diewald@canonical.com>  Fri, 26 Jun 2026 17:31:04 +0200

linux (6.8.0-131.131) noble; urgency=medium

  * noble/linux: 6.8.0-131.131 -proposed tracker (LP: #2157196)

  * Packaging resync (LP: #1786013)
    - [Packaging] update annotations scripts

  * CVE-2026-46244
    - netfilter: nft_inner: Fix IPv6 inner_thoff desync

  * CVE-2026-43185
    - ksmbd: fix signededness bug in smb_direct_prepare_negotiation()

  * CVE-2026-46289
    - lib/scatterlist: fix length calculations in extract_kvec_to_sg

  * CVE-2026-46119
    - libceph: Fix slab-out-of-bounds access in auth message processing

  * CVE-2026-46135
    - nvmet-tcp: fix race between ICReq handling and queue teardown

  * CVE-2026-46185
    - smb/client: fix out-of-bounds read in symlink_data()

  * CVE-2026-46195
    - smb: client: validate dacloffset before building DACL pointers

  * CVE-2026-46115
    - block: add pgmap check to biovec_phys_mergeable

  * CVE-2026-43501
    - ipv6: rpl: reserve mac_len headroom when recompressed SRH grows

  * CVE-2026-45988
    - rxrpc: Fix re-decryption of RESPONSE packets

  * CVE-2026-46043
    - RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv

  * CVE-2026-43493
    - crypto: pcrypt - Fix handling of MAY_BACKLOG requests

  * CVE-2026-43071
    - dcache: Limit the minimal number of bucket to two

  * CVE-2026-31685
    - netfilter: ip6t_eui64: reject invalid MAC header for all packets

  * CVE-2026-43117
    - btrfs: tracepoints: get correct superblock from dentry in event
      btrfs_sync_file()

  * CVE-2026-43114
    - netfilter: nft_set_pipapo_avx2: don't return non-matching entry on
      expiry

  * CVE-2026-31607
    - usbip: validate number_of_packets in usbip_pack_ret_submit()

  * CVE-2026-31659
    - batman-adv: reject oversized global TT response buffers

  * CVE-2026-31649
    - net: stmmac: fix integer underflow in chain mode

  * CVE-2026-31657
    - batman-adv: hold claim backbone gateways by reference

  * CVE-2026-31637
    - rxrpc: reject undecryptable rxkad response tickets

  * CVE-2026-31669
    - mptcp: fix slab-use-after-free in __inet_lookup_established

  * CVE-2026-31668
    - seg6: separate dst_cache for input and output paths in seg6 lwtunnel

  * CVE-2026-43011
    - net/x25: Fix potential double free of skb

  * CVE-2026-43037
    - ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

  * CVE-2026-43341
    - net/ipv6: ioam6: prevent schema length wraparound in trace fill

  * CVE-2026-43038
    - ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()

  * CVE-2026-31682
    - bridge: br_nd_send: linearize skb before parsing ND options

  * CVE-2026-31436
    - dmaengine: idxd: fix possible wrong descriptor completion in
      llist_abort_desc()

  * CVE-2026-43384
    - net/tcp-ao: Fix MAC comparison to be constant-time

  * CVE-2026-31448
    - ext4: get rid of ppath in ext4_find_extent()
    - ext4: get rid of ppath in ext4_ext_create_new_leaf()
    - ext4: get rid of ppath in ext4_ext_insert_extent()
    - ext4: avoid infinite loops caused by residual data

  * CVE-2026-31478
    - ksmbd: replace hardcoded hdr2_len with offsetof() in
      smb2_calc_max_out_buf_len()

  * CVE-2026-23428
    - ksmbd: fix use-after-free of share_conf in compound request

  * CVE-2026-23450
    - net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock()

  * CVE-2026-23455
    - netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()

  * CVE-2026-31402
    - nfsd: fix heap overflow in NFSv4.0 LOCK replay cache

  * CVE-2026-43383
    - net/tcp-md5: Fix MAC comparison to be constant-time

  * CVE-2026-43378
    - smb: server: fix use-after-free in smb2_open()

  * CVE-2026-46243
    - smb: client: reject userspace cifs.spnego descriptions

  * CVE-2026-43414
    - scsi: qla2xxx: Completely fix fcport double free

  * CVE-2026-43407
    - libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply()

  * CVE-2026-43406
    - libceph: prevent potential out-of-bounds reads in
      process_message_header()

 -- Manuel Diewald <manuel.diewald@canonical.com>  Fri, 19 Jun 2026 16:39:35 +0200

linux (6.8.0-130.130) noble; urgency=medium

  * noble/linux: 6.8.0-130.130 -proposed tracker (LP: #2154560)

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465)
    - Revert "UBUNTU: SAUCE: Fix skb_vlan_inet_prepare() usage"

  * Kernel regression (6.8.0-117.generic) (LP: #2153556)
    - net: bonding: update the slave array for broadcast mode
    - bonding: do not set usable_slaves for broadcast mode

  * perf_cpu_map__merge fails to compile on ppc46el, s390x on noble linux
    (LP: #2152194)
    - SAUCE: temporary fix attempt for size eceed

  * Some powerpc test from ubuntu_kernel_selftests timeout with 45 seconds
    (LP: #2141536)
    - selftests/powerpc: Lower run time of count_stcx_fail test
    - selftests/powerpc: Give all tests 2 minutes timeout

  * Noble update: upstream stable patchset 2026-05-01 (LP: #2150809)
    - auxdisplay: arm-charlcd: fix release_mem_region() size
    - hfsplus: return error when node already exists in hfs_bnode_create
    - rcu: s/boost_kthread_mutex/kthread_mutex
    - rcu/exp: Move expedited kthread worker creation functions above
      rcutree_prepare_cpu()
    - rcu: Refactor expedited handling check in rcu_read_unlock_special()
    - rcu: Remove local_irq_save/restore() in
      rcu_preempt_deferred_qs_handler()
    - rcu: Fix rcu_read_unlock() deadloop due to softirq
    - audit: move the compat_xxx_class[] extern declarations to audit_arch.h
    - i3c: Move device name assignment after i3c_bus_init
    - fs: add <linux/init_task.h> for 'init_fs'
    - i3c: master: Update hot-join flag only on success
    - gfs2: Retries missing in gfs2_{rename,exchange}
    - gfs2: Fix use-after-free in iomap inline data write path
    - i3c: dw: Initialize spinlock to avoid upsetting lockdep
    - tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure
    - tpm: st33zp24: Fix missing cleanup on get_burstcount() error
    - btrfs: qgroup: return correct error when deleting qgroup relation item
    - btrfs: fix block_group_tree dirty_list corruption
    - smb: client: fix potential UAF and double free in smb2_open_file()
    - xen/virtio: Don't use grant-dma-ops when running as Dom0
    - ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch()
    - io_uring/sync: validate passed in offset
    - cpuidle: menu: Cleanup after loadavg removal
    - cpuidle: governors: menu: Always check timers with tick stopped
    - md/raid10: fix any_working flag handling in raid10_sync_request
    - iomap: fix submission side handling of completion side errors
    - ublk: Validate SQE128 flag before accessing the cmd
    - x86/xen: make some functions static
    - Partial revert "x86/xen: fix balloon target initialization for PVH dom0"
    - PM: wakeup: Handle empty list in wakeup_sources_walk_start()
    - perf: arm_spe: Properly set hw.state on failures
    - PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races
    - s390/cio: Fix device lifecycle handling in css_alloc_subchannel()
    - crypto: qat - fix warning on adf_pfvf_pf_proto.c
    - selftests/bpf: veristat: fix printing order in output_stats()
    - libbpf: Fix OOB read in btf_dump_get_bitfield_value
    - ARM: VDSO: Patch out __vdso_clock_getres() if unavailable
    - crypto: cavium - fix dma_free_coherent() size
    - crypto: octeontx - fix dma_free_coherent() size
    - crypto: hisilicon/zip - adjust the way to obtain the req in the callback
      function
    - crypto: hisilicon/sec2 - support skcipher/aead fallback for hardware
      queue unavailable
    - hrtimer: Fix trace oddity
    - bpf, sockmap: Fix incorrect copied_seq calculation
    - bpf, sockmap: Fix FIONREAD for sockmap
    - crypto: hisilicon/trng - modifying the order of header files
    - crypto: hisilicon/trng - support tfms sharing the device
    - bpf: Fix bpf_xdp_store_bytes proto for read-only arg
    - scsi: efct: Use IRQF_ONESHOT and default primary handler
    - EDAC/altera: Remove IRQF_ONESHOT
    - mfd: wm8350-core: Use IRQF_ONESHOT
    - sched/rt: Skip currently executing CPU in rto_next_cpu()
    - pstore/ram: fix buffer overflow in persistent_ram_save_old()
    - soc: qcom: smem: handle ENOMEM error during probe
    - EDAC/i5000: Fix snprintf() size calculation in calculate_dimm_size()
    - EDAC/i5400: Fix snprintf() limit calculation in calculate_dimm_size()
    - arm64: dts: tqma8mpql-mba8mpxl: Fix HDMI CEC pad control settings
    - clk: qcom: Return correct error code in qcom_cc_probe_by_index()
    - arm64: dts: qcom: sdm630: fix gpu_speed_bin size
    - arm64: dts: qcom: sdm845-oneplus: Don't mark ts supply boot-on
    - ARM: dts: allwinner: sun5i-a13-utoo-p66: delete "power-gpios" property
    - powerpc/uaccess: Move barrier_nospec() out of
      allow_read_{from/write}_user()
    - soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in
      cmd_db_dev_probe
    - soc: mediatek: svs: Fix memory leak in svs_enable_debug_write()
    - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event
      handling
    - ARM: dts: lpc32xx: Set motor PWM #pwm-cells property value to 3 cells
    - arm: dts: lpc32xx: add clocks property to Motor Control PWM device tree
      node
    - arm64: dts: amlogic: axg: assign the MMC signal clocks
    - arm64: dts: amlogic: gx: assign the MMC signal clocks
    - arm64: dts: amlogic: g12: assign the MMC B and C signal clocks
    - arm64: dts: amlogic: g12: assign the MMC A signal clock
    - arm64: dts: qcom: sdm845-db845c: drop CS from SPIO0
    - arm64: dts: qcom: sdm845-db845c: specify power for WiFi CH1
    - arm64: dts: qcom: sm6115: Add CX_MEM/DBGC GPU regions
    - workqueue: Factor out assign_rescuer_work()
    - workqueue: Only assign rescuer work when really needed
    - workqueue: Process rescuer work items one-by-one using a cursor
    - smack: /smack/doi must be > 0
    - smack: /smack/doi: accept previously used values
    - ASoC: nau8821: Consistently clear interrupts before unmasking
    - ASoC: nau8821: Avoid unnecessary blocking in IRQ handler
    - ASoC: nau8821: Fixup nau8821_enable_jack_detect()
    - drm/amdgpu: Use explicit VCN instance 0 in SR-IOV init
    - drm/msm/disp/dpu: add merge3d support for sc7280
    - regulator: core: move supply check earlier in set_machine_constraints()
    - HID: playstation: Add missing check for input_ff_create_memless
    - drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x
    - media: ccs: Accommodate C-PHY into the calculation
    - drm/msm/a2xx: fix pixel shader start on A225
    - platform/chrome: cros_typec_switch: Don't touch struct
      fwnode_handle::dev
    - media: uvcvideo: Fix allocation for small frame sizes
    - platform/chrome: cros_ec_lightbar: Fix response size initialization
    - spi: tools: Add include folder to .gitignore
    - Revert "hwmon: (ibmpex) fix use-after-free in high/low store"
    - PCI: mediatek: Fix IRQ domain leak when MSI allocation fails
    - Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors
    - PCI/PM: Avoid redundant delays on D3hot->D3cold
    - PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails
    - Documentation: tracing: Add ring-buffer mapping
    - docs: fix WARNING document not included in any toctree
    - Documentation: trace: Refactor toctree
    - Documentation: tracing: Add PCI tracepoint documentation
    - PCI: Do not attempt to set ExtTag for VFs
    - PCI/portdrv: Fix potential resource leak
    - quota: fix livelock between quotactl and freeze_super
    - net: mctp-i2c: fix duplicate reception of old data
    - mctp i2c: initialise event handler read bytes
    - wifi: cfg80211: stop NAN and P2P in cfg80211_leave
    - netfilter: nf_tables: reset table validation state on abort
    - netfilter: nf_conncount: make nf_conncount_gc_list() to disable BH
    - netfilter: nf_conncount: increase the connection clean up limit to 64
    - netfilter: nft_compat: add more restrictions on netlink attributes
    - netfilter: nf_conncount: fix tracking of connections from localhost
    - module: add helper function for reading module_buildid()
    - kallsyms/ftrace: set module buildid in ftrace_mod_address_lookup()
    - PCI: Mark 3ware-9650SA Root Port Extended Tags as broken
    - iommu/vt-d: Flush cache for PASID table before using it
    - dm: use bio_clone_blkg_association
    - nfsd: never defer requests during idmap lookup
    - fat: avoid parent link count underflow in rmdir
    - tcp: tcp_tx_timestamp() must look at the rtx queue
    - wifi: ath10k: sdio: add missing lock protection in
      ath10k_sdio_fw_crashed_dump()
    - PCI: Initialize RCB from pci_configure_device()
    - PCI: Add PCIE_MSG_CODE_ASSERT_INTx message macros
    - PCI: Add defines for bridge window indexing
    - PCI/ACPI: Restrict program_hpx_type2() to AER bits
    - ipc: don't audit capability check in ipc_permissions()
    - ucount: check for CAP_SYS_RESOURCE using ns_capable_noaudit()
    - of: unittest: fix possible null-pointer dereferences in
      of_unittest_property_copy()
    - mptcp: fix receive space timestamp initialization
    - octeontx2-af: Fix PF driver crash with kexec kernel booting
    - bonding: only set speed/duplex to unknown, if getting speed failed
    - inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP
    - nfc: hci: shdlc: Stop timers and work before freeing context
    - netfilter: nft_set_hash: fix get operation on big endian
    - netfilter: nft_counter: fix reset of counters on 32bit archs
    - netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets
    - PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404]
    - net: hns3: fix double free issue for tx spare buffer
    - procfs: fix missing RCU protection when reading real_parent in
      do_task_stat()
    - smb: client: correct value for smbd_max_fragmented_recv_size
    - net: sunhme: Fix sbus regression
    - net: Add skb_dstref_steal and skb_dstref_restore
    - net: Switch to skb_dstref_steal/skb_dstref_restore for ip_route_input
      callers
    - xfrm: fix ip_rt_bug race in icmp_route_lookup reverse path
    - serial: caif: fix use-after-free in caif_serial ldisc_close()
    - octeon_ep: disable per ring interrupts
    - octeon_ep: ensure dbell BADDR updation
    - ionic: Rate limit unknown xcvr type messages
    - octeontx2-pf: Unregister devlink on probe failure
    - RDMA/rtrs: server: remove dead code
    - IB/cache: update gid cache on client reregister event
    - RDMA/hns: Fix WQ_MEM_RECLAIM warning
    - RDMA/hns: Notify ULP of remaining soft-WCs during reset
    - power: supply: ab8500: Fix use-after-free in power_supply_changed()
    - power: supply: act8945a: Fix use-after-free in power_supply_changed()
    - power: supply: bq256xx: Fix use-after-free in power_supply_changed()
    - power: supply: bq25980: Fix use-after-free in power_supply_changed()
    - power: supply: cpcap-battery: Fix use-after-free in
      power_supply_changed()
    - power: supply: goldfish: Fix use-after-free in power_supply_changed()
    - power: supply: rt9455: Fix use-after-free in power_supply_changed()
    - power: supply: sbs-battery: Fix use-after-free in power_supply_changed()
    - power: reset: nvmem-reboot-mode: respect cell size for nvmem_cell_write
    - power: supply: bq27xxx: fix wrong errno when bus ops are unsupported
    - power: supply: wm97xx: Fix NULL pointer dereference in
      power_supply_changed()
    - RDMA/rtrs-srv: fix SG mapping
    - RDMA/rxe: Fix double free in rxe_srq_from_init
    - tools/power/x86/intel-speed-select: Fix file descriptor leak in
      isolate_cpus()
    - mtd: rawnand: cadence: Fix return type of CDMA send-and-wait helper
    - crypto: ccp - Add an S4 restore flow
    - crypto: ccp - Factor out ring destroy handling to a helper
    - crypto: ccp - Send PSP_CMD_TEE_RING_DESTROY when PSP_CMD_TEE_RING_INIT
      fails
    - mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse()
    - RDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send
    - RDMA/rxe: Fix race condition in QP timer handlers
    - svcrdma: Increase the per-transport rw_ctx count
    - svcrdma: Reduce the number of rdma_rw contexts per-QP
    - RDMA/core: add rdma_rw_max_sge() helper for SQ sizing
    - cxl: Fix premature commit_end increment on decoder commit failure
    - mtd: parsers: ofpart: fix OF node refcount leak in
      parse_fixed_partitions()
    - mtd: spinand: Fix kernel doc
    - power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer
    - RDMA/uverbs: Add __GFP_NOWARN to ib_uverbs_unmarshall_recv() kmalloc
    - pNFS: fix a missing wake up while waiting on NFS_LAYOUT_DRAIN
    - scsi: smartpqi: Fix memory leak in pqi_report_phys_luns()
    - scsi: ufs: host: mediatek: Require CONFIG_PM
    - scsi: csiostor: Fix dereference of null pointer rn
    - nvdimm: virtio_pmem: serialize flush requests
    - fs/nfs: Fix readdir slow-start regression
    - tracing: Properly process error handling in event_hist_trigger_parse()
    - tracing: Remove duplicate ENABLE_EVENT_STR and DISABLE_EVENT_STR macros
    - fbdev: of_display_timing: Fix device node reference leak in
      of_get_display_timings()
    - fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()
    - clk: qcom: gcc-sm8550: Use floor ops for SDCC RCGs
    - clk: qcom: rcg2: compute 2d using duty fraction directly
    - clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs
    - clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops
    - clk: qcom: gcc-sdx75: Update the SDCC RCGs to use shared_floor_ops
    - clk: qcom: gcc-qdu1000: Update the SDCC RCGs to use shared_floor_ops
    - clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc
    - clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc
    - clk: qcom: gcc-ipq5018: flag sleep clock as critical
    - clk: Move clk_{save,restore}_context() to COMMON_CLK section
    - clk: qcom: dispcc-sdm845: Enable parents for pixel clocks
    - clk: qcom: gfx3d: add parent to parent request map
    - clk: mediatek: Fix error handling in runtime PM setup
    - dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX
    - dma: dma-axi-dmac: fix SW cyclic transfers
    - staging: greybus: lights: avoid NULL deref
    - serial: imx: change SERIAL_IMX_CONSOLE to bool
    - serial: SH_SCI: improve "DMA support" prompt
    - mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms
    - iio: pressure: mprls0025pa: fix scan_type struct
    - watchdog: starfive-wdt: Fix PM reference leak in probe error path
    - coresight: etm3x: Fix cpulocked warning on cpuhp
    - Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms"
    - mfd: arizona: Fix regulator resource leak on
      wm5102_clear_write_sequencer() failure
    - mfd: simple-mfd-i2c: Add MAX77705 support
    - mfd: simple-mfd-i2c: Add compatible strings for Layerscape QIXIS FPGA
    - mfd: simple-mfd-i2c: Add SpacemiT P1 support
    - mfd: simple-mfd-i2c: Keep compatible strings in alphabetical order
    - mfd: simple-mfd-i2c: Add Delta TN48M CPLD support
    - [Config] Disable new Delta TN48M CPLD support by default
    - drivers: iio: mpu3050: use dev_err_probe for regulator request
    - usb: bdc: fix sleep during atomic
    - pinctrl: equilibrium: Fix device node reference leak in pinbank_init()
    - ovl: Fix uninit-value in ovl_fill_real
    - iio: sca3000: Fix a resource leak in sca3000_probe()
    - pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition
    - pinctrl: single: fix refcount leak in pcs_add_gpio_func()
    - leds: qcom-lpg: Check the return value of regmap_bulk_write()
    - backlight: qcom-wled: Support ovp values for PMI8994
    - backlight: qcom-wled: Change PM8950 WLED configurations
    - dmaengine: fsl-edma: don't explicitly disable clocks in .remove()
    - io_uring/cancel: de-unionize file and user_data in struct io_cancel_data
    - fs/ntfs3: prevent infinite loops caused by the next valid being the same
    - fs/ntfs3: Fix slab-out-of-bounds read in DeleteIndexEntryRoot
    - ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online CPUs
    - powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version check
    - kbuild: Add objtool to top-level clean target
    - selftests/memfd: delete unused declarations
    - selftests/memfd: use IPC semaphore instead of SIGSTOP/SIGCONT
    - ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO
    - cpuidle: Skip governor when only one idle state is available
    - selftests: mlxsw: tc_restrictions: Fix test failure with new iproute2
    - net: sparx5/lan969x: fix DWRR cost max to match hardware register width
    - net: mscc: ocelot: extract ocelot_xmit_timestamp() helper
    - net: mscc: ocelot: split xmit into FDMA and register injection paths
    - net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj()
    - ipv6: Fix out-of-bound access in fib6_add_rt2node().
    - net: sparx5/lan969x: fix PTP clock max_adj value
    - net: usb: catc: enable basic endpoint checking
    - xen-netback: reject zero-queue configuration from guest
    - net/rds: rds_sendmsg should not discard payload_len
    - net: bridge: mcast: always update mdb_n_entries for vlan contexts
    - selftests: forwarding: vxlan_bridge_1d: fix test failure with
      br_netfilter enabled
    - selftests: forwarding: vxlan_bridge_1d_ipv6: fix test failure with
      br_netfilter enabled
    - netfilter: nf_conntrack_h323: don't pass uninitialised l3num value
    - net: remove WARN_ON_ONCE when accessing forward path array
    - ipv6: fix a race in ip6_sock_set_v6only()
    - bpftool: Fix truncated netlink dumps
    - ping: annotate data-races in ping_lookup()
    - icmp: move icmp_global.credit and icmp_global.stamp to per netns storage
    - icmp: icmp_msgs_per_sec and icmp_msgs_burst sysctls become per netns
    - icmp: prevent possible overflow in icmp_global_allow()
    - cache: add __cacheline_group_{begin, end}_aligned() (+ couple more)
    - inet: move icmp_global_{credit,stamp} to a separate cache line
    - octeontx2-af: Fix default entries mcam entry action
    - bonding: alb: fix UAF in rlb_arp_recv during bond up/down
    - net/mlx5: Fix multiport device check over light SFs
    - apparmor: fix NULL sock in aa_sock_file_perm
    - apparmor: return -ENOMEM in unpack_perms_table upon alloc failure
    - apparmor: fix rlimit for posix cpu timers
    - apparmor: remove apply_modes_to_perms from label_match
    - apparmor: make label_match return a consistent value
    - apparmor: fix invalid deref of rawdata when export_binary is unset
    - apparmor: fix aa_label to return state from compount and component match
    - drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc()
    - drm/amdgpu: Fix memory leak in amdgpu_ras_init()
    - drm/i915/acpi: free _DSM package when no connectors
    - ASoC: codecs: aw88261: Fix erroneous bitmask logic in Awinic init
    - drm/amdkfd: fix debug watchpoints for logical devices
    - drm/amdkfd: Fix watch_id bounds checking in debug address watch v2
    - spi: wpcm-fiu: Use devm_platform_ioremap_resource_byname()
    - spi: wpcm-fiu: Fix uninitialized res
    - spi: wpcm-fiu: Simplify with dev_err_probe()
    - spi: wpcm-fiu: Fix potential NULL pointer dereference in
      wpcm_fiu_probe()
    - s390/kexec: Make KEXEC_SIG available when CONFIG_MODULES=n
    - efi: Fix reservation of unaccepted memory table
    - btrfs: fix invalid leaf access in btrfs_quota_enable() if ref key not
      found
    - x86/hyperv: Fix error pointer dereference
    - ASoC: rockchip: i2s-tdm: Use param rate if not provided by set_sysclk
    - drm/amd/display: Use same max plane scaling limits for all 64 bpp
      formats
    - MIPS: Work around LLVM bug when gp is used as global register variable
    - ext4: don't cache extent during splitting extent
    - ext4: fix memory leak in ext4_ext_shift_extents()
    - ext4: use optimized mballoc scanning regardless of inode format
    - ata: pata_ftide010: Fix some DMA timings
    - ata: libata-scsi: refactor ata_scsi_translate()
    - SUNRPC: auth_gss: fix memory leaks in XDR decoding error paths
    - SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path
    - ASoC: dt-bindings: asahi-kasei,ak4458: Fix the supply names
    - ASoC: dt-bindings: asahi-kasei,ak5558: Fix the supply names
    - perf test stat: Update test expectations and events
    - perf test stat tests: Fix for virtualized machines
    - perf unwind-libdw: Fix invalid reference counts
    - perf callchain: Fix srcline printing with inlines
    - libsubcmd: Fix null intersection case in exclude_cmds()
    - libperf: Don't remove -g when EXTRA_CFLAGS are used
    - libperf build: Always place libperf includes first
    - rtc: interface: Alarm race handling should not discard preceding error
    - hfsplus: fix volume corruption issue for generic/498
    - fs/buffer: add alert in try_to_free_buffers() for folios without buffers
    - hfsplus: pretend special inodes as regular files
    - i3c: master: svc: Initialize 'dev' to NULL in svc_i3c_master_ibi_isr()
    - minix: Add required sanity checking to minix_check_superblock()
    - btrfs: handle user interrupt properly in btrfs_trim_fs()
    - smb: client: add proper locking around ses->iface_last_update
    - gfs2: fiemap page fault fix
    - smb: client: prevent races in ->query_interfaces()
    - tools/power cpupower: Reset errno before strtoull()
    - s390/purgatory: Add -Wno-default-const-init-unsafe to KBUILD_CFLAGS
    - perf/arm-cmn: Support CMN-600AE
    - arm64: Add support for TSV110 Spectre-BHB mitigation
    - rnbd-srv: Zero the rsp buffer before using it
    - x86/xen/pvh: Enable PAE mode for 32-bit guest only when CONFIG_X86_PAE
      is set
    - EFI/CPER: don't dump the entire memory region
    - APEI/GHES: ensure that won't go past CPER allocated record
    - EFI/CPER: don't go past the ARM processor CPER record buffer
    - ACPI: processor: Fix NULL-pointer dereference in
      acpi_processor_errata_piix4()
    - ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP
    - md-cluster: fix NULL pointer dereference in process_metadata_update
    - cpufreq: dt-platdev: Block the driver from probing on more QC platforms
    - s390/perf: Disable register readout on sampling events
    - perf/cxlpmu: Replace IRQF_ONESHOT with IRQF_NO_THREAD
    - xenbus: Use .freeze/.thaw to handle xenbus devices
    - blk-mq-debugfs: add missing debugfs_mutex in
      blk_mq_debugfs_register_hctxs()
    - sparc: Synchronize user stack on fork and clone
    - sparc: don't reference obsolete termio struct for TC* constants
    - bpf: verifier improvement in 32bit shift sign extension pattern
    - clocksource/drivers/sh_tmu: Always leave device running after probe
    - clocksource/drivers/timer-integrator-ap: Add missing Kconfig dependency
      on OF
    - PCI/MSI: Unmap MSI-X region on error
    - crypto: hisilicon/qm - move the barrier before writing to the mailbox
      register
    - mailbox: bcm-ferxrm-mailbox: Use default primary handler
    - char: tpm: cr50: Remove IRQF_ONESHOT
    - pstore: ram_core: fix incorrect success return when vmap() fails
    - arm64: tegra: smaug: Add usb-role-switch support
    - parisc: Prevent interrupts during reboot
    - drm/display/dp_mst: Add protection against 0 vcpi
    - spi-geni-qcom: initialize mode related registers to 0
    - spi-geni-qcom: use xfer->bits_per_word for can_dma()
    - media: dvb-core: dmxdevfilter must always flush bufs
    - spi: stm32: fix Overrun issue at < 8bpw
    - drm/v3d: Set DMA segment size to avoid debug warnings
    - media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes
    - media: omap3isp: isppreview: always clamp in preview_try_format()
    - media: omap3isp: set initial format
    - media: mediatek: vcodec: Don't try to decode 422/444 VP9
    - drm/amdgpu: add support for HDP IP version 6.1.1
    - drm/amdgpu: avoid a warning in timedout job handler
    - HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple keyboards
    - ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask
    - ASoC: wm8962: Don't report a microphone if it's shorted to ground on
      plug
    - spi: spi-mem: Limit octal DTR constraints to octal DTR situations
    - media: amphion: Clear last_buffer_dequeued flag for DEC_CMD_START
    - media: adv7180: fix frame interval in progressive mode
    - media: pvrusb2: fix URB leak in pvr2_send_request_ex
    - media: solo6x10: Check for out of bounds chip_id
    - media: cx25821: Fix a resource leak in cx25821_dev_setup()
    - media: v4l2-async: Fix error handling on steps after finding a match
    - drm/amdkfd: Fix GART PTE for non-4K pagesize in svm_migrate_gart_map()
    - drm: Account property blob allocations to memcg
    - hyper-v: Mark inner union in hv_kvp_exchg_msg_value as packed
    - virt: vbox: uapi: Mark inner unions in packed structs as packed
    - drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback
    - drm/atmel-hlcdc: don't reject the commit if the src rect has fractional
      parts
    - drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release
    - media: rkisp1: Fix filter mode register configuration
    - HID: multitouch: add eGalaxTouch EXC3188 support
    - HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK
    - ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie 15X Pro
    - gpio: aspeed-sgpio: Change the macro to support deferred probe
    - ASoC: sunxi: sun50i-dmic: Add missing check for devm_regmap_init_mmio
    - spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end
    - ASoC: codecs: max98390: Check return value of devm_gpiod_get_optional()
      in max98390_i2c_probe()
    - hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE
    - hwmon: (f71882fg) Add F81968 support
    - ASoC: es8328: Add error unwind in resume
    - modpost: Amend ppc64 save/restfpr symnames for -Os build
    - ALSA: usb-audio: Add iface reset and delay quirk for AB13X USB Audio
    - jfs: Add missing set_freezable() for freezable kthread
    - jfs: nlink overflow in jfs_rename
    - wifi: rtw88: fix DTIM period handling when conf->dtim_period is zero
    - wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode()
    - wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H
    - dm: replace -EEXIST with -EBUSY
    - dm: remove fake timeout to avoid leak request
    - iommu/arm-smmu-v3: Improve CMDQ lock fairness and efficiency
    - wifi: libertas: fix WARNING in usb_tx_block
    - iommu/amd: move wait_on_sem() out of spinlock
    - wifi: rtw89: wow: add reason codes for disassociation in WoWLAN mode
    - PCI: dw-rockchip: Disable BAR 0 and BAR 1 for Root Port
    - wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1
    - wifi: ath12k: fix preferred hardware mode calculation
    - ipv6: annotate data-races in ip6_multipath_hash_{policy,fields}()
    - ipv6: exthdrs: annotate data-race over multiple sysctl
    - ext4: mark group add fast-commit ineligible
    - ext4: move ext4_percpu_param_init() before ext4_mb_init()
    - ext4: mark group extend fast-commit ineligible
    - netfilter: nf_conntrack: Add allow_clash to generic protocol handler
    - netfilter: xt_tcpmss: check remaining length before reading optlen
    - openrisc: define arch-specific version of nop()
    - net: usb: r8152: fix transmit queue timeout
    - wifi: iwlwifi: mvm: check the validity of noa_len
    - net/rds: No shortcut out of RDS_CONN_ERROR
    - gro: change the BUG_ON() in gro_pull_from_frag0()
    - ipv4: igmp: annotate data-races around idev->mr_maxdelay
    - net: hns3: extend HCLGE_FD_AD_QID to 11 bits
    - wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power()
    - wifi: iwlegacy: add missing mutex protection in
      il3945_store_measurement()
    - ipv4: fib: Annotate access to struct fib_alias.fa_state.
    - Bluetooth: hci_conn: Set link_policy on incoming ACL connections
    - Bluetooth: hci_conn: use mod_delayed_work for active mode timeout
    - Bluetooth: btusb: Add new VID/PID for RTL8852CE
    - Bluetooth: btusb: Add device ID for Realtek RTL8761BU
    - octeontx2-af: Workaround SQM/PSE stalls by disabling sticky
    - wifi: rtw89: pci: restore LDO setting after device resume
    - wifi: ath10k: fix lock protection in
      ath10k_wmi_event_peer_sta_ps_state_chg()
    - net: usb: sr9700: remove code to drive nonexistent multicast filter
    - vmw_vsock: bypass false-positive Wnonnull warning with gcc-16
    - net/rds: Clear reconnect pending bit
    - PCI: Mark ASM1164 SATA controller to avoid bus reset
    - PCI: Fix pci_slot_lock () device locking
    - PCI: Enable ACS after configuring IOMMU for OF platforms
    - PCI: Add ACS quirk for Qualcomm Hamoa & Glymur
    - PCI: Mark Nvidia GB10 to avoid bus reset
    - myri10ge: avoid uninitialized variable use
    - nfc: nxp-nci: remove interrupt trigger type
    - RDMA/rtrs-clt: For conn rejection use actual err number
    - ata: libata: avoid long timeouts on hot-unplugged SATA DAS
    - hisi_acc_vfio_pci: update status after RAS error
    - scsi: buslogic: Reduce stack usage
    - vhost: fix caching attributes of MMIO regions by setting them explicitly
    - tracing: Fix false sharing in hwlat get_sample()
    - remoteproc: imx_dsp_rproc: Skip RP_MBOX_SUSPEND_SYSTEM when mailbox TX
      channel is uninitialized
    - mailbox: pcc: Remove spurious IRQF_ONESHOT usage
    - mailbox: imx: Skip the suspend flag for i.MX7ULP
    - mailbox: sprd: mask interrupts that are not handled
    - remoteproc: mediatek: Break lock dependency to `prepare_lock`
    - mailbox: sprd: clear delivery flag before handling TX done
    - clk: microchip: core: correct return value on *_get_parent()
    - m68k: nommu: fix memmove() with differently aligned src and dest for
      68000
    - soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded of
      NUC15)
    - staging: rtl8723bs: fix missing status update on sdio_alloc_irq()
      failure
    - serial: 8250_dw: handle clock enable errors in runtime_resume
    - usb: typec: ucsi: psy: Fix voltage and current max for non-Fixed PDOs
    - fpga: of-fpga-region: Fail if any bridge is missing
    - dmaengine: sun6i: Choose appropriate burst length under maxburst
    - dmaengine: stm32-mdma: initialize m2m_hw_period and ccr to fix warnings
    - misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read()
    - misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66
    - staging: rtl8723bs: fix memory leak on failure path
    - serial: 8250: 8250_omap.c: Clear DMA RX running status only after DMA
      termination is done
    - fix it87_wdt early reboot by reporting running timer
    - binder: don't use %pK through printk
    - watchdog: imx7ulp_wdt: handle the nowayout option
    - phy: mvebu-cp110-utmi: fix dr_mode property read from dts
    - phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature
    - Revert "mfd: da9052-spi: Change read-mask to write-mask"
    - iio: Use IRQF_NO_THREAD
    - iio: magnetometer: Remove IRQF_ONESHOT
    - MIPS: Loongson: Make cpumask_of_node() robust against NUMA_NO_NODE
    - fs/ntfs3: drop preallocated clusters for sparse and compressed files
    - fs/ntfs3: avoid calling run_get_entry() when run == NULL in
      ntfs_read_run_nb_ra()
    - ceph: supply snapshot context in ceph_uninline_data()
    - libceph: define and enforce CEPH_MAX_KEY_LEN
    - thermal: int340x: Fix sysfs group leak on DLVR registration failure
    - include: uapi: netfilter_bridge.h: Cover for musl libc
    - ARM: 9467/1: mm: Don't use %pK through printk
    - drm/amd/display: Avoid updating surface with the same surface under MPO
    - drm/amdgpu: Adjust usleep_range in fence wait
    - ALSA: usb-audio: Update the number of packets properly at receiving
    - drm/amdgpu: Add HAINAN clock adjustment
    - drm/radeon: Add HAINAN clock adjustment
    - ALSA: usb-audio: Add sanity check for OOB writes at silencing
    - btrfs: replace BUG() with error handling in __btrfs_balance()
    - drm/amd/display: Remove conditional for shaper 3DLUT power-on
    - rtc: zynqmp: correct frequency value
    - ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access
    - ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut
    - xfrm6: fix uninitialized saddr in xfrm6_get_saddr()
    - xfrm: skip templates check for packet offload tunnel mode
    - ipmi: ipmb: initialise event handler read bytes
    - xfrm: always flush state and policy upon NETDEV_UNREGISTER event
    - net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode
    - net: usb: lan78xx: scan all MDIO addresses on LAN7801
    - net: ixp4xx_eth: convert to ndo_hwtstamp_get() and ndo_hwtstamp_set()
    - net: ethernet: xscale: Check for PTP support properly
    - wifi: cfg80211: wext: fix IGTK key ID off-by-one
    - Remove WARN_ALL_UNSEEDED_RANDOM kernel config option
    - [Config] Remove WARN_ALL_UNSEEDED_RANDOM
    - Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ
    - Bluetooth: hci_qca: Cleanup on all setup failures
    - Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ
    - Bluetooth: L2CAP: Fix not checking output MTU is acceptable on
      L2CAP_ECRED_CONN_REQ
    - Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ
    - tipc: fix duplicate publication key in tipc_service_insert_publ()
    - RDMA/core: Fix stale RoCE GIDs during netdev events at registration
    - net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets
    - RDMA/efa: Fix typo in efa_alloc_mr()
    - net: usb: pegasus: enable basic endpoint checking
    - RDMA/umem: Fix double dma_buf_unpin in failure path
    - net/mlx5: DR, Fix circular locking dependency in dump
    - net/mlx5: Fix missing devlink lock in SRIOV enable error path
    - net: consume xmit errors of GSO frames
    - dpaa2-switch: validate num_ifs to prevent out-of-bounds write
    - netfilter: nf_conntrack_h323: fix OOB read in decode_choice()
    - rpmsg: core: fix race in driver_override_show() and use core helper
    - clk: renesas: rzg2l: Fix intin variable size
    - clk: renesas: rzg2l: Select correct div round macro
    - ASoC: SOF: ipc4-control: If there is no data do not send bytes update
    - ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls
    - ASoC: SOF: ipc4-control: Use the correct size for
      scontrol->ipc_control_data
    - ASoC: SOF: ipc4-control: Keep the payload size up to date
    - fpga: dfl: use subsys_initcall to allow built-in drivers to be added
    - dm-verity: correctly handle dm_bufio_client_create() failure
    - media: mediatek: encoder: Fix uninitialized scalar variable issue
    - media: mtk-mdp: Fix error handling in probe function
    - media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove()
    - media: verisilicon: AV1: Fix enable cdef computation
    - media: verisilicon: AV1: Fix tx mode bit setting
    - ARM: omap2: Fix reference count leaks in omap_control_init()
    - KVM: nSVM: Remove a user-triggerable WARN on nested_svm_load_cr3()
      succeeding
    - arm64: Disable branch profiling for all arm64 code
    - HID: hid-pl: handle probe errors
    - HID: magicmouse: Do not crash on missing msc->input
    - HID: prodikeys: Check presence of pm->input_ep82
    - HID: logitech-hidpp: Check maxfield in hidpp_get_report_length()
    - arm64: dts: apple: t8112-j473: Keep the HDMI port powered on
    - media: verisilicon: AV1: Set IDR flag for intra_only frame type
    - media: radio-keene: fix memory leak in error path
    - media: cx88: Add missing unmap in snd_cx88_hw_params()
    - media: cx23885: Add missing unmap in snd_cx23885_hw_params()
    - media: cx25821: Add missing unmap in snd_cx25821_hw_params()
    - media: i2c/tw9903: Fix potential memory leak in tw9903_probe()
    - media: i2c/tw9906: Fix potential memory leak in tw9906_probe()
    - media: i2c: ov01a10: Fix the horizontal flip control
    - media: i2c: ov01a10: Fix reported pixel-rate value
    - media: i2c: ov01a10: Fix analogue gain range
    - media: i2c: ov01a10: Add missing v4l2_subdev_cleanup() calls
    - media: i2c: ov01a10: Fix test-pattern disabling
    - media: qcom: camss: vfe: Fix out-of-bounds access in
      vfe_isr_reg_update()
    - media: ccs: Avoid possible division by zero
    - media: i2c: ov5647: Initialize subdev before controls
    - media: i2c: ov5647: Correct pixel array offset
    - media: i2c: ov5647: Correct minimum VBLANK value
    - media: i2c: ov5647: Sensor should report RAW color space
    - media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode
    - media: i2c: ov5647: use our own mutex for the ctrl lock
    - dm-integrity: fix a typo in the code for write/discard race
    - dm: clear cloned request bio pointer when last clone bio completes
    - soc: ti: k3-socinfo: Fix regmap leak on probe failure
    - soc: ti: pruss: Fix double free in pruss_clk_mux_setup()
    - KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation
    - clk: clk-apple-nco: Add "apple,t8103-nco" compatible
    - media: i2c: ov01a10: Fix digital gain range
    - clk: tegra: tegra124-emc: Fix potential memory leak in
      tegra124_clk_register_emc()
    - s390/pci: Handle futile config accesses of disabled devices directly
    - dm-integrity: fix recalculation in bitmap mode
    - dm-unstripe: fix mapping bug when there are multiple targets in a table
    - arm64: dts: rockchip: Do not enable hdmi_sound node on Pinebook Pro
    - media: venus: vdec: fix error state assignment for zero bytesused
    - media: venus: vdec: restrict EOS addr quirk to IRIS2 only
    - drm: of: drm_of_panel_bridge_remove(): fix device_node leak
    - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations
    - selftests/mm/charge_reserved_hugetlb: drop mount size for hugetlbfs
    - xfs: mark data structures corrupt on EIO and ENODATA
    - media: verisilicon: AV1: Fix tile info buffer size
    - iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in
      scalable mode
    - mfd: core: Add locking around 'mfd_of_node_list'
    - xfs: delete attr leaf freemap entries when empty
    - xfs: fix freemap adjustments when adding xattrs to leaf blocks
    - xfs: fix remote xattr valuelblk check
    - KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2()
    - PCI: endpoint: Fix swapped parameters in
      pci_{primary/secondary}_epc_epf_unlink() functions
    - md/bitmap: fix GPF in write_page caused by resize race
    - nfsd: fix return error code for nfsd_map_name_to_[ug]id
    - nvmem: Drop OF node reference on nvmem_add_one_cell() failure
    - usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN
    - bus: fsl-mc: fix an error handling in fsl_mc_device_add()
    - dm mpath: make pg_init_delay_msecs settable
    - tools: Fix bitfield dependency failure
    - powerpc/smp: Add check for kcalloc() failure in parse_thread_groups()
    - iio: gyro: itg3200: Fix unchecked return value in read_raw
    - mm/highmem: fix __kmap_to_page() build error
    - rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net()
    - ocfs2: fix reflink preserve cleanup issue
    - kexec: derive purgatory entry from symbol
    - Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling
      SR-IOV"
    - PCI/IOV: Fix race between SR-IOV enable/disable and hotplug
    - arm64: Fix non-atomic __READ_ONCE() with CONFIG_LTO=y
    - btrfs: continue trimming remaining devices on failure
    - remoteproc: imx_rproc: Fix invalid loaded resource table detection
    - perf/arm-cmn: Reject unsupported hardware configurations
    - scsi: ufs: core: Flush exception handling work when RPM level is zero
    - usb: dwc3: gadget: Move vbus draw to workqueue context
    - usb: dwc2: fix resume failure if dr_mode is host
    - mtd: rawnand: pl353: Fix software ECC support
    - tipc: fix RCU dereference race in tipc_aead_users_dec()
    - drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set()
    - net: cpsw_new: Fix unnecessary netdev unregistration in cpsw_probe()
      error path
    - PCI: Fix pci_slot_trylock() error handling
    - parisc: kernel: replace kfree() with put_device() in create_tree_node()
    - staging: rtl8723bs: fix null dereference in find_network
    - cifs: Fix locking usage for tcon fields
    - MIPS: rb532: Fix MMIO UART resource registration
    - ceph: supply snapshot context in ceph_zero_partial_object()
    - LoongArch: Make cpumask_of_node() robust against NUMA_NO_NODE
    - LoongArch: Prefer top-down allocation after arch_mem_init()
    - LoongArch: Guard percpu handler under !CONFIG_PREEMPT_RT
    - LoongArch: Disable instrumentation for setup_ptwalker()
    - net: ethernet: marvell: skge: remove incorrect conflicting PCI ID
    - net: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in uhdlc_memclean()
    - octeontx2-af: CGX: fix bitmap leaks
    - net: macb: Fix tx/rx malfunction after phy link down and up
    - tracing: Fix to set write permission to per-cpu buffer_size_kb
    - io_uring/filetable: clamp alloc_hint to the configured alloc range
    - net: intel: fix PCI device ID conflict between i40e and ipw2200
    - atm: fore200e: fix use-after-free in tasklets during device removal
    - ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data()
    - fbcon: check return value of con2fb_acquire_newinfo()
    - fbdev: vt8500lcdfb: fix missing dma_free_coherent()
    - fbdev: of: display_timing: fix refcount leak in of_get_display_timings()
    - fbdev: ffb: fix corrupted video output on Sun FFB1
    - fbcon: Remove struct fbcon_display.inverse
    - cifs: some missing initializations on replay
    - ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR
    - net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle
    - net/sched: act_skbedit: fix divide-by-zero in tcf_skbedit_hash()
    - x86/kexec: Copy ACPI root pointer address from config table
    - arm64: Force the use of CNTVCT_EL0 in __delay()
    - net: nfc: nci: Fix parameter validation for packet data
    - tracing: Fix checking of freed trace_event_file for hist files
    - tracing: Wake up poll waiters for hist files when removing an event
    - NTB: ntb_transport: Fix too small buffer for debugfs_name
    - drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros
    - arm64: Fix sampling the "stable" virtual counter in preemptible section
    - gfs2: Fix slab-use-after-free in qd_put
    - io_uring: use release-acquire ordering for IORING_SETUP_R_DISABLED
    - thermal: intel: x86_pkg_temp_thermal: Handle invalid temperature
    - OPP: Return correct value in dev_pm_opp_get_level
    - cpufreq: scmi: Fix device_node reference leak in scmi_cpu_domain_id()
    - perf/x86/core: Do not set bit width for unavailable counters
    - genirq: Set IRQF_COND_ONESHOT in devm_request_irq().
    - platform/x86: int0002: Remove IRQF_ONESHOT from request_irq()
    - media: pci: mg4b: Use IRQF_NO_THREAD
    - firmware: arm_ffa: Correct 32-bit response handling in
      NOTIFICATION_INFO_GET
    - arm64: dts: qcom: msm8994-octagon: Fix Analog Devices vendor prefix of
      AD7147
    - arm64: dts: mediatek: mt8183-jacuzzi-pico6: Fix typo in pinmux node
    - arm64: dts: qcom: qrb4210-rb2: Fix UART3 wakeup IRQ storm
    - arm64: dts: qcom: x1e: bus is 40-bits (fix 64GB models)
    - media: chips-media: wave5: Fix memory leak on codec_info allocation
      failure
    - drm/amd: Drop "amdgpu kernel modesetting enabled" message
    - drm/amdkfd: Fix signal_eviction_fence() bool return value
    - drm/xe: Unregister drm device on probe error
    - HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients
    - wifi: cfg80211: Fix use_for flag update on BSS refresh
    - PCI: Check parent for NULL in of_pci_bus_release_domain_nr()
    - netfilter: nfnetlink_queue: optimize verdict lookup with hash table
    - netfilter: nfnetlink_queue: do shared-unconfirmed check before
      segmentation
    - netfilter: nft_set_rbtree: fix bogus EEXIST with NLM_F_CREATE with null
      interval
    - power: supply: pm8916_bms_vm: Fix use-after-free in
      power_supply_changed()
    - power: supply: pm8916_lbc: Fix use-after-free in power_supply_changed()
    - RDMA/mlx5: Fix UMR hang in LAG error state unload
    - IB/mlx5: Fix port speed query for representors
    - platform/x86/amd/pmf: Prevent TEE errors after hibernate
    - crypto: ccp - Declare PSP dead if PSP_CMD_TEE_RING_INIT fails
    - power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler
    - clk: qcom: gcc-sm8650: Use floor ops for SDCC RCGs
    - clk: qcom: gcc-sm4450: Update the SDCC RCGs to use shared_floor_ops
    - clk: qcom: gcc-x1e80100: Update the SDCC RCGs to use shared_floor_ops
    - dma: dma-axi-dmac: fix HW scatter-gather not looking at the queue
    - iio: pressure: mprls0025pa: fix interrupt flag
    - objpool: fix the overestimation of object pooling metadata size
    - ipvs: do not keep dest_dst if dev is going down
    - net/mlx5e: Use unsigned for mlx5e_get_max_num_channels
    - AppArmor: Allow apparmor to handle unaligned dfa tables
    - apparmor: Fix & Optimize table creation from possibly unaligned memory
    - apparmor: avoid per-cpu hold underflow in aa_get_buffer
    - drm/amd/display: Fix out-of-bounds stream encoder index v3
    - btrfs: use the correct type to initialize block reserve for delayed refs
    - Drivers: hv: vmbus: Use kthread for vmbus interrupts on PREEMPT_RT
    - i3c: mipi-i3c-hci: Reset RING_OPERATION1 fields during init
    - APEI/GHES: ARM processor Error: don't go past allocated memory
    - ACPI: resource: Add JWIPC JVC9100 to irq1_level_low_skip_override[]
    - powercap: intel_rapl: Add PL4 support for Ice Lake
    - alpha: fix user-space corruption during memory compaction
    - ACPI: x86: s2idle: Invoke Microsoft _DSM Function 9 (Turn On Display)
    - ACPI: battery: fix incorrect charging status when current is zero
    - perf/x86/msr: Add Airmont NP
    - perf/x86/cstate: Add Airmont NP
    - bpf: Recognize special arithmetic shift in the verifier
    - firmware: arm_ffa: Unmap Rx/Tx buffers on init failure
    - gpu/panel-edp: add AUO panel entry for B140HAN06.4
    - drm/amdgpu: fix NULL pointer issue buffer funcs
    - ASoC: SOF: ipc4: Support for sending payload along with LARGE_CONFIG_GET
    - media: chips-media: wave5: Fix conditional in start_streaming
    - media: chips-media: wave5: Process ready frames when CMD_STOP sent to
      Encoder
    - drm/amd/display: Fix dsc eDP issue
    - drm/panel: Fix a possible null-pointer dereference in
      jdi_panel_dsi_remove()
    - media: mt9m114: Avoid a reset low spike during probe()
    - media: mt9m114: Return -EPROBE_DEFER if no endpoint is found
    - ALSA: hda/realtek: add HP Victus 16-e0xxx mute LED quirk
    - PCI: Add Intel Nova Lake audio Device ID
    - drm/amd/display: Disable FEC when powering down encoders
    - drm/amd/display: avoid dig reg access timeout on usb4 link training fail
    - hwmon: (dell-smm) Add support for Dell OptiPlex 7080
    - HID: logitech-hidpp: Add support for Logitech K980
    - ASoC: SOF: Intel: hda: Fix NULL pointer dereference
    - spi: geni-qcom: Fix abort sequence execution for serial engine errors
    - ALSA: hda/realtek - Enable mute LEDs on HP ENVY x360 15-es0xxx
    - wifi: rtw89: 8922a: set random mac if efuse contains zeroes
    - wifi: rtw89: ser: enable error IMR after recovering from L1
    - wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()
    - wifi: rtw89: mac: correct page number for CSI response
    - wifi: ath11k: Fix failure to connect to a 6 GHz AP
    - ipv6: annotate data-races over sysctl.flowlabel_reflect
    - ext4: use reserved metadata blocks when splitting extent on endio
    - Bluetooth: btusb: Add support for MediaTek7920 0489:e158
    - net: sfp: add quirk for Lantech 8330-265D
    - PCI/AER: Clear stale errors on reporting agents upon probe
    - scsi: ufs: mediatek: Fix page faults in ufs_mtk_clk_scale() trace event
    - riscv: vector: init vector context with proper vlenb
    - HID: i2c-hid: Add FocalTech FT8112
    - 9p/xen: protect xen_9pfs_front_free against concurrent calls
    - soundwire: intel_auxdevice: add cs42l45 codec to wake_capable_list
    - most: remove usage of the deprecated ida_simple_xx() API
    - most: core: fix resource leak in most_register_interface error paths
    - usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()
    - serial: 8250: 8250_omap.c: Add support for handling UART error
      conditions
    - mfd: intel-lpss: Add Intel Nova Lake-S PCI IDs
    - ACPI: x86: Force enabling of PWM2 on the Yogabook YB1-X90
    - drm/amd/display: Fix writeback on DCN 3.2+
    - drm/amd/display: Fix system resume lag issue
    - drm/amd/display: bypass post csc for additional color spaces in dal
    - spi: spidev: fix lock inversion between spi_lock and buf_lock
    - Bluetooth: L2CAP: Avoid -Wflex-array-member-not-at-end warnings
    - Bluetooth: L2CAP: Fix result of L2CAP_ECRED_CONN_RSP when MTU is too
      short
    - kcm: fix zero-frag skb in frag_list on partial sendmsg error
    - net/mlx5: E-switch, Clear legacy flag when moving to switchdev
    - net/mlx5e: Separate address related variables to be in struct
    - net/mlx5e: Support routed networks during IPsec MACs initialization
    - net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query
    - drm/tests: shmem: Swap names of export tests
    - KVM: x86: Return "unsupported" instead of "invalid" on access to
      unsupported PV MSR
    - media: amphion: Drop min_queued_buffers assignment
    - media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init()
    - media: i2c: ov01a10: Fix passing stream instead of pad to
      v4l2_subdev_state_get_format()
    - media: ccs: Fix setting initial sub-device state
    - platform/x86: ISST: Add missing write block check
    - bus: omap-ocp2scp: fix OF populate on driver rebind
    - media: stm32: dcmipp: bytecap: clear all interrupts upon stream stop
    - drm/buddy: Prevent BUG_ON by validating rounded allocation
    - xfs: remove xfs_attr_leaf_hasname
    - mfd: qcom-pm8xxx: Fix OF populate on driver rebind
    - mfd: omap-usb-host: Fix OF populate on driver rebind
    - xfs: fix the xattr scrub to detect freemap/entries array collisions
    - pinctrl: intel: Add code name documentation
    - vhost: move vdpa group bound check to vhost_vdpa
    - clk: rs9: Reserve 8 struct clk_hw slots for for 9FGV0841
    - mm/slab: use unsigned long for orig_size to ensure proper metadata align
    - drm/amd/display: Increase DCN35 SR enter/exit latency
    - drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify
    - mm: numa_memblks: Identify the accurate NUMA ID of CFMW
    - drm/amdgpu: keep vga memory on MacBooks with switchable graphics
    - most: core: fix leak on early registration failure
    - Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req
    - Upstream stable to v6.6.128, v6.12.75

  * Noble update: upstream stable patchset 2026-05-01 (LP: #2150809) //
    CVE-2026-23249
    - xfs: check for deleted cursors when revalidating two btrees

  * Noble update: upstream stable patchset 2026-05-01 (LP: #2150809) //
    CVE-2025-71267
    - fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST

  * Noble update: upstream stable patchset 2026-05-01 (LP: #2150809) //
    CVE-2025-71265
    - fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent
      metadata

  * Noble update: upstream stable patchset 2026-05-01 (LP: #2150809) //
    CVE-2025-71266
    - fs: ntfs3: check return value of indx_find to avoid infinite loop

  * Noble update: upstream stable patchset 2026-05-01 (LP: #2150809) //
    CVE-2026-23241
    - audit: add missing syscalls to read class

  * Noble update: upstream stable patchset 2026-05-01 (LP: #2150809) //
    CVE-2025-71239
    - audit: add fchmodat2() to change attributes class

  * Noble update: upstream stable patchset 2026-05-01 (LP: #2150809) //
    CVE-2026-31411
    - net: atm: fix crash due to unvalidated vcc pointer in sigd_send()

  * Noble update: upstream stable patchset 2026-05-01 (LP: #2150809) //
    CVE-2026-23243
    - RDMA/umad: Reject negative data_len in ib_umad_write

  * Noble update: upstream stable patchset 2026-05-01 (LP: #2150809) //
    CVE-2026-23242
    - RDMA/siw: Fix potential NULL pointer dereference in header processing

  * Noble update: upstream stable patchset 2026-04-17 (LP: #2148714)
    - scsi: qla2xxx: Fix bsg_done() causing double free
    - PCI: endpoint: Remove unused field in struct pci_epf_group
    - bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in sysfs show
      functions
    - bus: fsl-mc: fix use-after-free in driver_override_show()
    - ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list
    - gpio: sprd: Change sprd_gpio lock to raw_spin_lock
    - ALSA: hda/realtek: Add quirk for Inspur S14-G1
    - ASoC: cs35l45: Corrects ASP_TX5 DAPM widget channel
    - romfs: check sb_set_blocksize() return value
    - drm/tegra: hdmi: sor: Fix error: variable ā€˜j’ set but not used
    - platform/x86: classmate-laptop: Add missing NULL pointer checks
    - ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9
    - ASoC: amd: yc: Add quirk for HP 200 G2a 16
    - platform/x86/amd/pmc: Add quirk for MECHREVO Wujie 15X Pro
    - platform/x86: panasonic-laptop: Fix sysfs group leak in error path
    - ASoC: cs42l43: Correct handling of 3-pole jack load detection
    - ASoC: fsl_xcvr: fix missing lock in fsl_xcvr_mode_put()
    - gpiolib: acpi: Fix gpio count with string references
    - LoongArch: Rework KASAN initialization for PTW-enabled systems
    - Revert "wireguard: device: enable threaded NAPI"
    - mm/hugetlb: fix copy_hugetlb_page_range() to use ->pt_share_count
    - mm/hugetlb: fix hugetlb_pmd_shared()
    - mm/hugetlb: fix two comments related to huge_pmd_unshare()
    - mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using
      mmu_gather
    - cpuset: Fix missing adaptation for cpuset_is_populated
    - LoongArch: Add writecombine support for DMW-based ioremap()
    - fbdev: rivafb: fix divide error in nv3_arb()
    - fbdev: smscufx: properly copy ioctl memory to kernelspace
    - f2fs: fix to add gc count stat in f2fs_gc_range
    - f2fs: fix out-of-bounds access in sysfs attribute read/write
    - f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent
      atomic commit and checkpoint writes
    - f2fs: fix to avoid UAF in f2fs_write_end_io()
    - f2fs: fix to avoid mapping wrong physical block for swapfile
    - USB: serial: option: add Telit FN920C04 RNDIS compositions
    - bnxt_en: Change FW message timeout warning
    - bnxt_en: hide CONFIG_DETECT_HUNG_TASK specific code
    - ALSA: hda/realtek: Enable headset mic for Acer Nitro 5
    - drm/amd/display: remove assert around dpp_base replacement
    - ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put()
    - Upstream stable to v6.6.126, v6.6.127, v6.12.73, v6.12.74

  * Noble update: upstream stable patchset 2026-04-13 (LP: #2148260)
    - Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB
    - crypto: octeontx - Fix length check to avoid truncation in
      ucode_load_store
    - crypto: virtio - Remove duplicated virtqueue_kick in
      virtio_crypto_skcipher_crypt_req
    - scsi: qla2xxx: Allow recovery for tape devices
    - scsi: qla2xxx: Query FW again before proceeding with login
    - Revert "netfilter: nf_tables: missing objects with no memcg accounting"
    - netfilter: nf_tables: missing objects with no memcg accounting
    - vsock/test: verify socket options after setting them
    - selftests: mptcp: pm: ensure unknown flags are ignored
    - gpio: omap: do not register driver in probe()
    - net: tunnel: make skb_vlan_inet_prepare() return drop reasons
    - Upstream stable to v6.6.125, v6.12.71, v6.12.72

  * Noble update: upstream stable patchset 2026-04-13 (LP: #2148260) //
    CVE-2025-71233
    - PCI: endpoint: Avoid creating sub-groups asynchronously

  * Noble update: upstream stable patchset 2026-04-13 (LP: #2148260) //
    CVE-2025-71231
    - crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode

  * Noble update: upstream stable patchset 2026-04-13 (LP: #2148260) //
    CVE-2026-23169
    - mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()

  * Noble update: upstream stable patchset 2026-04-13 (LP: #2148260) //
    CVE-2025-40005
    - spi: cadence-quadspi: Implement refcount to handle unbind during busy

  * Noble update: upstream stable patchset 2026-04-13 (LP: #2148260) //
    CVE-2025-71232
    - scsi: qla2xxx: Free sp in error path to fix system crash

  * Noble update: upstream stable patchset 2026-04-13 (LP: #2148260) //
    CVE-2025-71235
    - scsi: qla2xxx: Delay module unload while fabric scan in progress

  * Noble update: upstream stable patchset 2026-04-13 (LP: #2148260) //
    CVE-2025-71236
    - scsi: qla2xxx: Validate sp before freeing associated memory

  * Noble update: upstream stable patchset 2026-04-13 (LP: #2148260) //
    CVE-2025-71229
    - wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()

  * Noble update: upstream stable patchset 2026-04-13 (LP: #2148260) //
    CVE-2025-71237
    - nilfs2: Fix potential block overflow that cause system hang

  * Noble update: upstream stable patchset 2026-04-13 (LP: #2148260) //
    CVE-2026-23229
    - crypto: virtio - Add spinlock protection with virtqueue notification

  * Noble update: upstream stable patchset 2026-04-13 (LP: #2148260) //
    CVE-2026-23222
    - crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly

  * Noble update: upstream stable patchset 2026-04-13 (LP: #2148260) //
    CVE-2026-23228
    - smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()

  * Noble update: upstream stable patchset 2026-04-13 (LP: #2148260) //
    CVE-2026-23220
    - ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error
      paths

  * Noble update: upstream stable patchset 2026-04-13 (LP: #2148260) //
    CVE-2026-23230
    - smb: client: split cached_fid bitfields to avoid shared-byte RMW races

  * CVE-2026-23272
    - netfilter: nf_tables: unconditionally bump set->nelems before insertion

  * CVE-2026-31418
    - netfilter: ipset: drop logically empty buckets in mtype_del

  * CVE-2026-23392
    - netfilter: nf_tables: release flowtable after rcu grace period on error

  * CVE-2026-23278
    - netfilter: nf_tables: always walk all pending catchall elements

  * GRO managed-frag use-after-free leading to local privilege escalation
    (LP: #2154172)
    - net: gro: don't merge zcopy skbs

  * AppArmor Vulnerabilities  (LP: #2151747)
    - apparmor: Fix incorrect profile->signal range check
    - SAUCE: apparmor: pass big_resp to handler
    - SAUCE: apparmor: remove redundant kref_init for listener->count
    - SAUCE: apparmor: fix NULL pointer dereference in unpack_pdb

  * AppArmor Vulnerabilities  (LP: #2151747) // CVE-2026-47337
    - SAUCE: apparmor: fix NULL pointer dereference in bind_map_addr

  * AppArmor Vulnerabilities  (LP: #2151747) // CVE-2026-47336
    - SAUCE: apparmor: fix use of unintialized variable in net opt level

  * AppArmor Vulnerabilities  (LP: #2151747) // CVE-2026-47335
    - SAUCE: apparmor: fix possible NULL pointer dereference by adding a NULL
      check

  * AppArmor Vulnerabilities  (LP: #2151747) // CVE-2026-47334
    - SAUCE: apparmor: fix sleep prone memory allocation under a spin_lock

  * AppArmor Vulnerabilities  (LP: #2151747) // CVE-2026-47333
    - SAUCE: apparmor: fix dfa unpacking size of the notification filter

  * AppArmor Vulnerabilities  (LP: #2151747) // CVE-2026-47332
    - SAUCE: apparmor: fix size check against type instead of pointer

  * AppArmor Vulnerabilities  (LP: #2151747) // CVE-2026-47331
    - SAUCE: apparmor: fix changing rules list without a lock

  * apparmor: LLVM/clang build failure due to uninitialized variable in
    notify.c (LP: #2148809) // CVE-2026-47330
    - SAUCE: apparmor: initialize variable used in uninitialized context

  * AppArmor Vulnerabilities  (LP: #2151747) // CVE-2026-47329
    - SAUCE: apparmor: fix name validation bypass on notification

  * AppArmor Vulnerabilities  (LP: #2151747) // CVE-2026-47327 //
    CVE-2026-47328
    - SAUCE: apparmor: fix glob memory leak after kstrdup

  * AppArmor Vulnerabilities  (LP: #2151747) // CVE-2026-47326
    - SAUCE: apparmor: fix inverted NULL check after aa_get_buffer

  * CVE-2026-46300
    - net: skbuff: preserve shared-frag marker during coalescing
    - net: skbuff: propagate shared-frag marker through frag-transfer helpers

  * net/rds: reset op_nents when zerocopy page pin fails (LP: #2153962)
    - net/rds: reset op_nents when zerocopy page pin fails

  * CVE-2026-46333
    - ptrace: slightly saner 'get_dumpable()' logic

  * CVE-2026-43500
    - rxrpc: Fix conn-level packet handling to unshare RESPONSE packets
    - rxrpc: Parse received packets before dealing with timeouts
    - rxrpc: Fix potential UAF after skb_unshare() failure
    - rxrpc: Fix rxrpc_input_call_event() to only unshare DATA packets
    - rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present

  * CVE-2026-31676 // CVE-2026-43500
    - rxrpc: only handle RESPONSE during service challenge

  * CVE-2026-43284
    - xfrm: esp: avoid in-place decrypt on shared skb frags

  * CVE-2026-31419
    - net: bonding: fix use-after-free in bond_xmit_broadcast()

  * CVE-2026-31431
    - crypto: scatterwalk - Backport memcpy_sglist()
    - crypto: algif_aead - use memcpy_sglist() instead of null skcipher
    - crypto: algif_aead - Revert to operating out-of-place
    - crypto: algif_aead - snapshot IV for async AEAD requests
    - crypto: authenc - use memcpy_sglist() instead of null skcipher
    - crypto: authencesn - Do not place hiseq at end of dst for out-of-place
      decryption
    - crypto: authencesn - Fix src offset when decrypting in-place
    - crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
    - crypto: algif_aead - Fix minimum RX size check for decryption

  * CVE-2026-31533
    - net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption

  * CVE-2026-31504
    - net: fix fanout UAF in packet_release() via NETDEV_UP race

 -- Edoardo Canepa <edoardo.canepa@canonical.com>  Fri, 29 May 2026 13:19:56 +0200

linux (6.8.0-116.116) noble; urgency=medium

  * noble/linux: 6.8.0-116.116 -proposed tracker (LP: #2150048)

  * Linux kernel  6.17.0-22.22  breaks amdxdna (LP: #2149766)
    - Revert "iommu: disable SVA when CONFIG_X86 is set"

  * Revert "netfilter: conntrack: fix erronous removal of offload bit"
    (LP: #2149762)
    - Revert "netfilter: conntrack: fix erronous removal of offload bit"

 -- Mehmet Basaran <mehmet.basaran@canonical.com>  Thu, 23 Apr 2026 00:33:23 +0300

linux (6.8.0-114.114) noble; urgency=medium

  * noble/linux: 6.8.0-114.114 -proposed tracker (LP: #2148397)

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465)
    - SAUCE: Fix skb_vlan_inet_prepare() usage

 -- Mehmet Basaran <mehmet.basaran@canonical.com>  Wed, 15 Apr 2026 13:37:36 +0300

linux (6.8.0-112.112) noble; urgency=medium

  * noble/linux: 6.8.0-112.112 -proposed tracker (LP: #2147982)

  * Canonical Kmod 2025 key rotation (LP: #2147447)
    - [Packaging] ubuntu-compatible-signing -- make Ubuntu-Compatible-Signing
      extensible
    - [Packaging] ubuntu-compatible-signing -- allow consumption of positive
      certs
    - [Packaging] ubuntu-compatible-signing -- report the livepatch:2025 key
    - [Config] prepare for Canonical Kmod key rotation
    - [Packaging] ubuntu-compatible-signing -- report the kmod:2025 key

  * Remount ext4 to readonly with data=journal mode may dump call trace
    (LP: #2147400)
    - ext4: fix stale xarray tags after writeback

  * Compile error due to nonexistent struct member with CONFIG_PCI_EPF_TEST
    (LP: #2147065)
    - SAUCE: Revert "PCI: endpoint: pci-epf-test: Limit PCIe BAR size for
      fixed BARs"

  * BUG: kernel NULL pointer dereference in amdgpu (LP: #2144577)
    - drm/amdgpu: validate the flush_gpu_tlb_pasid()
    - drm/amdgpu: Fix validating flush_gpu_tlb_pasid()

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841)
    - x86/kfence: fix booting on 32bit non-PAE systems
    - platform/x86: intel_telemetry: Fix swapped arrays in PSS output
    - pmdomain: qcom: rpmpd: fix off-by-one error in clamping to the highest
      state
    - pmdomain: imx8mp-blk-ctrl: Keep gpc power domain on for system wakeup
    - pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset
    - pmdomain: imx8mp-blk-ctrl: Keep usb phy power domain on for system
      wakeup
    - rbd: check for EOD after exclusive lock is ensured to be held
    - ARM: 9468/1: fix memset64() on big-endian
    - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
    - binder: fix BR_FROZEN_REPLY error log
    - binderfs: fix ida_alloc_max() upper bound
    - KVM: selftests: Add -U_FORTIFY_SOURCE to avoid some unpredictable test
      failures
    - tracing: Fix ftrace event field alignments
    - net: usb: sr9700: support devices with virtual driver CD
    - block,bfq: fix aux stat accumulation destination
    - LoongArch: Set correct protection_map[] for VM_NONE/VM_SHARED
    - HID: intel-ish-hid: Update ishtp bus match to support device ID table
    - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL
    - HID: intel-ish-hid: Reset enum_devices_done before enumeration
    - HID: playstation: Center initial joystick axes to prevent spurious
      events
    - ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk
    - netfilter: replace -EEXIST with -EBUSY
    - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list
    - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101)
    - ring-buffer: Avoid softlockup in ring_buffer_resize() during memory free
    - wifi: mac80211: collect station statistics earlier when disconnect
    - ASoC: davinci-evm: Fix reference leak in davinci_evm_probe
    - ASoC: amd: yc: Fix microphone on ASUS M6500RE
    - ASoC: tlv320adcx140: Propagate error codes during probe
    - spi: hisi-kunpeng: Fixed the wrong debugfs node name in hisi_spi debugfs
      initialization
    - wifi: cfg80211: Fix bitrate calculation overflow for HE rates
    - ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU
    - wifi: mac80211: correctly check if CSA is active
    - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice
    - platform/x86: intel_telemetry: Fix PSS event register mask
    - platform/x86: hp-bioscfg: Skip empty attribute names
    - net: add skb_header_pointer_careful() helper
    - net: don't touch dev->stats in BPF redirect paths
    - tipc: use kfree_sensitive() for session key material
    - net: ethernet: adi: adin1110: Check return value of
      devm_gpiod_get_optional() in adin1110_check_spi()
    - drm/mgag200: fix mgag200_bmc_stop_scanout()
    - hwmon: (occ) Mark occ_init_attribute() as __printf
    - ipv6: Fix ECMP sibling count mismatch when clearing RTF_ADDRCONF
    - gve: Correct ethtool rx_dropped calculation
    - spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed
      transfer
    - spi: tegra210-quad: Move curr_xfer read inside spinlock
    - spi: tegra210-quad: Protect curr_xfer assignment in
      tegra_qspi_setup_transfer_one
    - spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer
    - spi: tegra210-quad: Protect curr_xfer clearing in
      tegra_qspi_non_combined_seq_xfer
    - spi: tegra114: Preserve SPI mode bits in def_command1_reg
    - ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU.
    - PCI/ERR: Ensure error recoverability at all times
    - ALSA: hda/realtek: Add quirk for Acer Nitro AN517-55
    - PCI: qcom: Remove ASPM L0s support for MSM8996 SoC
    - HID: logitech: add HID++ support for Logitech MX Anywhere 3S
    - ALSA: hda/realtek: ALC269 fixup for Lenovo Yoga Book 9i 13IRU8 audio
    - net: phy: add phy_interface_weight()
    - net: phy: add phy_interface_copy()
    - net: sfp: pre-parse the module support
    - net: sfp: enhance quirk for Fibrestore 2.5G copper SFP module
    - net: sfp: convert sfp quirks to modify struct sfp_module_support
    - net: sfp: Fix quirk for Ubiquiti U-Fiber Instant SFP module
    - drm/amd/display: fix wrong color value mapping on MCM shaper LUT
    - drm/xe/query: Fix topology query pointer advance
    - ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update()
    - gpiolib-acpi: Update file references in the Documentation and
      MAINTAINERS
    - Upstream stable to v6.6.124, v6.12.70

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23214
    - btrfs: reject new transactions if the fs is fully read-only

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23213
    - drm/amd/pm: Disable MMIO access during SMU Mode 1 reset

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2025-71225
    - md: suspend array while updating raid_disks via sysfs

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2025-68823
    - ublk: fix deadlock when reading partition table

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23191
    - ALSA: aloop: Fix racy access at PCM trigger

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23215
    - x86/vmware: Fix hypercall clobbers

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23182
    - spi: tegra: Fix a memory leak in tegra_slink_probe()

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23190
    - ASoC: amd: fix memory leak in acp3x pdm dma ops

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23254
    - net: gro: fix outer network offset

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23180
    - dpaa2-switch: add bounds check for if_id in IRQ handler

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23256
    - net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23257
    - net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23258
    - net: liquidio: Initialize netdev pointer before queue setup

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23206
    - dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23204
    - net/sched: cls_u32: use skb_header_pointer_careful()

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23205
    - smb/client: fix memory leak in smb2_open_file()

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23176
    - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23216
    - scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23193
    - scsi: target: iscsi: Fix use-after-free in
      iscsit_dec_session_usage_count()

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23260
    - regmap: maple: free entry on mas_store_gfp() failure

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23179
    - nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23261
    - nvme-fc: release admin tagset if init fails

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23178
    - HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report()

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2025-71268
    - btrfs: fix reservation leak in some error paths when inserting inline
      extent

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2025-71270
    - LoongArch: Enable exception fixup for specific ADE subcode

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2025-71220
    - smb/server: call ksmbd_session_rpc_close() on error path in
      create_smb2_pipe()

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2025-71222
    - wifi: wlcore: ensure skb headroom before skb_push

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2025-71224
    - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23262
    - gve: Fix stats report corruption on queue count change

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2025-38201
    - netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23198
    - KVM: Don't clobber irqfd routing type when deassigning irqfd

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23264
    - Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem"

  * Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
    CVE-2026-23187
    - pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains

  * Noble update: upstream stable patchset 2026-04-08 (LP: #2147543)
    - net/mlx5: Fix memory leak in esw_acl_ingress_lgcy_setup()
    - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message
    - net: bcmasp: fix early exit leak with fixed phy
    - net: mvpp2: cls: Fix memory leak in mvpp2_ethtool_cls_rule_ins()
    - ipv6: use the right ifindex when replying to icmpv6 from localhost
    - ice: stop counting UDP csum mismatch as rx_errors
    - net/mlx5e: Report rx_discards_phy via rx_dropped
    - net/mlx5e: Account for netdev stats in ndo_get_stats64
    - net: bridge: fix static key check
    - net/mlx5e: Skip ESN replay window setup for IPsec crypto offload
    - scsi: firewire: sbp-target: Fix overflow in sbp_make_tpg()
    - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion
    - gpiolib: acpi: use BIT_ULL() for u64 mask in address space handler
    - dma/pool: distinguish between missing and exhausted atomic pools
    - pinctrl: meson: mark the GPIO controller as sleeping
    - riscv: compat: fix COMPAT_UTS_MACHINE definition
    - rust: kbuild: give `--config-path` to `rustfmt` in `.rsi` target
    - ASoC: fsl: imx-card: Do not force slot width to sample width
    - scsi: be2iscsi: Fix a memory leak in beiscsi_boot_get_sinfo()
    - ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO
    - gpio: pca953x: mask interrupts in irq shutdown
    - scsi: qla2xxx: edif: Fix dma_free_coherent() size
    - mptcp: only reset subflow errors when propagated
    - selftests: mptcp: check no dup close events after error
    - selftests: mptcp: check subflow errors in close events
    - selftests: mptcp: join: fix local endp not being tracked
    - scripts: generate_rust_analyzer: Add compiler_builtins -> core dep
    - drm/amdgpu/soc21: fix xclk for APUs
    - drm/amdgpu/gfx10: fix wptr reset in KGQ init
    - drm/amdgpu/gfx11: fix wptr reset in KGQ init
    - mm/kfence: randomize the freelist on initialization
    - arm64/fpsimd: signal: Mandate SVE payload for streaming-mode state
    - arm64/fpsimd: signal: Consistently read FPSIMD context
    - btrfs: prevent use-after-free on page private data in
      btrfs_subpage_clear_uptodate()
    - net/sched: act_ife: convert comma to semicolon
    - pinctrl: lpass-lpi: implement .get_direction() for the GPIO driver
    - drm/msm/a6xx: fix bogus hwcg register updates
    - writeback: fix 100% CPU usage when dirtytime_expire_interval is 0
    - mptcp: avoid dup SUB_CLOSED events after disconnect
    - ksmbd: fix recursive locking in RPC handle list access
    - bpf/selftests: test_select_reuseport_kern: Remove unused header
    - can: at91_can: Fix memory leak in at91_can_probe()
    - net: phy: micrel: fix clk warning when removing the driver
    - net/mlx5: fs, Fix inverted cap check in tx flow table root disconnect
    - net/mlx5: Initialize events outside devlink lock
    - net/mlx5: Fix vhca_id access call trace use before alloc
    - bcache: fix improper use of bi_end_io
    - bcache: use bio cloning for detached device requests
    - bcache: fix I/O accounting leak in detached_dev_do_request
    - gpio: rockchip: Stop calling pinctrl for set_direction
    - mm/memory-failure: improve memory failure action_result messages
    - mm/memory-failure: fix redundant updates for already poisoned pages
    - mm/memory-failure: fix missing ->mf_stats count in hugetlb poison
    - mm/memory-failure: teach kill_accessing_process to accept hugetlb tail
      page pfn
    - gpiolib: acpi: Fix potential out-of-boundary left shift
    - rust: kbuild: support `-Cjump-tables=n` for Rust 1.93.0
    - pinctrl: qcom: sm8350-lpass-lpi: Merge with SC7280 to fix I2S2 and SWR
      TX pins
    - [Config] remove PINCTRL_SM8350_LPASS_LPI
    - Upstream stable to v6.6.123, v6.12.69

  * Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
    CVE-2026-23148
    - nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference

  * Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
    CVE-2026-23166
    - ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues

  * Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
    CVE-2026-23151
    - Bluetooth: MGMT: Fix memory leak in set_ssp_complete

  * Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
    CVE-2026-23163
    - drm/amdgpu: fix NULL pointer dereference in
      amdgpu_gmc_filter_faults_remove

  * Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
    CVE-2026-23159
    - perf: sched: Fix perf crash with new is_user_task() helper

  * Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
    CVE-2024-58096
    - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode

  * Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
    CVE-2025-40039
    - ksmbd: Fix race condition in RPC handle list access

  * Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
    CVE-2026-23093
    - ksmbd: smbd: fix dma_unmap_sg() nents

  * Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
    CVE-2026-23102
    - arm64/fpsimd: signal: Fix restoration of SVE context

  * Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
    CVE-2026-23170
    - drm/imx/tve: fix probe device leak

  * Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
    CVE-2026-23168
    - flex_proportions: make fprop_new_period() hardirq safe

  * Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
    CVE-2026-23156
    - efivarfs: fix error propagation in efivar_entry_get()

  * Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
    CVE-2026-23167
    - nfc: nci: Fix race between rfkill and nci_unregister_device().

  * Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
    CVE-2026-23173
    - net/mlx5e: TC, delete flows only for existing peers

  * Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
    CVE-2026-23150
    - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame().

  * Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
    CVE-2026-23164
    - rocker: fix memory leak in rocker_world_port_post_fini()

  * Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
    CVE-2026-23172
    - net: wwan: t7xx: fix potential skb->frags overflow in RX path

  * Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
    CVE-2026-23212
    - bonding: annotate data-races around slave->last_rx

  * Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
    CVE-2026-23160
    - octeon_ep: Fix memory leak in octep_device_setup()

  * Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
    CVE-2026-23146
    - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work

  * CVE-2026-23394
    - af_unix: Give up GC if MSG_PEEK intervened.

  * [SRU] MIPI camera is not working after upgrading to 6.17-oem
    (LP: #2145171)
    - SAUCE: ACPI: respect items already in honor_dep before skipping

  * ADATA SU680 causes repeated SATA resets and I/O errors on Ubuntu unless
    link power management is forced to max_performance (LP: #2144060)
    - ata: libata-core: disable LPM on ADATA SU680 SSD

  *  intel_idle: add Clearwater Forest SoC support (LP: #2144006)
    - intel_idle: add Clearwater Forest SoC support

  * Noble kernel 6.8.0-108 does not compile when KASAN enabled (LP: #2144914)
    - mm/kasan: fix incorrect unpoisoning in vrealloc for KASAN

  * Generic noble linux throws warning from file tegra-i2c.c (LP: #2143152)
    - i2c: tegra: Use internal reset when reset property is not available

  * [SRU] Duplicated entries in /proc/<pid>/mountinfo (LP: #2143083)
    - namespace: fix proc mount iteration

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465)
    - firmware: imx: scu-irq: Set mu_resource_id before get handle
    - efi/cper: Fix cper_bits_to_str buffer handling and return value
    - ASoC: codecs: wsa884x: fix codec initialisation
    - xfrm: Fix inner mode lookup in tunnel mode GSO segmentation
    - net: bridge: annotate data-races around fdb->{updated,used}
    - net: update netdev_lock_{type,name}
    - vsock/test: add a final full barrier after run all tests
    - net/mlx5e: Restore destroying state bit after profile cleanup
    - btrfs: store fs_info in space_info
    - btrfs: factor out init_space_info() from create_space_info()
    - btrfs: factor out check_removing_space_info() from
      btrfs_free_block_groups()
    - btrfs: introduce btrfs_space_info sub-group
    - btrfs: fix memory leaks in create_space_info() error paths
    - selftests: drv-net: fix RPS mask handling for high CPU numbers
    - ASoC: tlv320adcx140: fix word length
    - textsearch: describe @list member in ts_ops search
    - mm, kfence: describe @slab parameter in __kfence_obj_info()
    - dmaengine: xilinx_dma: Fix uninitialized addr_width when
      "xlnx,addrwidth" property is missing
    - phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it
    - phy: phy-snps-eusb2: refactor constructs names
    - phy: drop probe registration printks
    - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again)
    - i2c: qcom-geni: make sure I2C hub controllers can't use SE DMA
    - HID: usbhid: paper over wrong bNumDescriptor field
    - scsi: core: Fix error handler encryption support
    - ALSA: pcm: Improve the fix for race of buffer access at PCM OSS layer
    - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit.
    - x86/kaslr: Recognize all ZONE_DEVICE users as physaddr consumers
    - phy: rockchip: inno-usb2: fix communication disruption in gadget mode
    - phy: freescale: imx8m-pcie: assert phy reset during power on
    - phy: rockchip: inno-usb2: fix disconnection in gadget mode
    - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7
    - usb: dwc3: Check for USB4 IP_NAME
    - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor
    - USB: OHCI/UHCI: Add soft dependencies on ehci_platform
    - USB: serial: option: add Telit LE910 MBIM composition
    - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable
    - nvme-pci: disable secondary temp for Wodposit WPBSNM8
    - hrtimer: Fix softirq base check in update_needs_ipi()
    - EDAC/x38: Fix a resource leak in x38_probe1()
    - EDAC/i3200: Fix a resource leak in i3200_probe1()
    - tcpm: allow looking for role_sw device in the main node
    - x86/resctrl: Add missing resctrl initialization for Hygon
    - x86/resctrl: Fix memory bandwidth counter width for Hygon
    - mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free
    - LoongArch: Fix PMU counter allocation for mixed-type event groups
    - drm/amd/display: Bump the HDMI clock to 340MHz
    - drm/amd: Clean up kfd node on surprise disconnect
    - drm/amdkfd: fix a memory leak in device_queue_manager_init()
    - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare
    - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add()
    - dmaengine: apple-admac: Add "apple,t8103-admac" compatible
    - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all()
    - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation
    - dmaengine: ti: k3-udma: fix device leak on udma lookup
    - io_uring: move local task_work in exit cancel loop
    - posix-clock: Store file pointer in struct posix_clock_context
    - ptp: Add PHC file mode checks. Allow RO adjtime() without FMODE_WRITE.
    - selftest/ptp: update ptp selftest to exercise the gettimex options
    - testptp: Add option to open PHC in readonly mode
    - arm64: dts: qcom: sc8280xp: Add missing VDD_MXC links
    - hyperv-tlfs: Change prefix of generic HV_REGISTER_* MSRs to HV_MSR_*
    - Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump()
    - btrfs: fix missing fields in superblock backup with BLOCK_GROUP_TREE
    - dt-bindings: power: qcom,rpmpd: document the SM8750 RPMh Power Domains
    - dt-bindings: power: qcom,rpmpd: add Turbo L5 corner
    - dt-bindings: power: qcom-rpmpd: split RPMh domains definitions
    - dt-bindings: power: qcom,rpmpd: Add SC8280XP_MXC_AO
    - pmdomain: qcom: rpmhpd: Add MXC to SC8280XP
    - ata: libata: Add cpr_log to ata_dev_print_features() early return
    - ata: libata-core: Introduce ata_dev_config_lpm()
    - ata: libata: Call ata_dev_config_lpm() for ATAPI devices
    - ata: libata: Print features also for ATAPI devices
    - ice: initialize ring_stats->syncp
    - ice: Avoid detrimental cleanup for bond during interface stop
    - igc: fix race condition in TX timestamp read for register 0
    - net: usb: dm9601: remove broken SR9700 support
    - selftests: net: fib-onlink-tests: Convert to use namespaces by default
    - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on
      usb_submit_urb() error
    - amd-xgbe: avoid misleading per-packet error log
    - tools: ynl: Specify --no-line-number in ynl-regen.sh.
    - veth: fix data race in veth_get_ethtool_stats
    - octeontx2: cn10k: fix RX flowid TCAM mask handling
    - serial: 8250_pci: Fix broken RS485 for F81504/508/512
    - comedi: dmm32at: serialize use of paged registers
    - w1: fix redundant counter decrement in w1_attach_slave_device()
    - Revert "nfc/nci: Add the inconsistency check between the input data
      length and count"
    - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro
    - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA
    - scsi: storvsc: Process unsupported MODE_SENSE_10
    - arm64: dts: rockchip: remove dangerous max-link-speed from helios64
    - arm64: dts: rockchip: Fix voltage threshold for volume keys for
      Pinephone Pro
    - x86/kfence: avoid writing L1TF-vulnerable PTEs
    - comedi: Fix getting range information for subdevices 16 to 255
    - iio: adc: ad7280a: handle spi_setup() errors in probe()
    - kconfig: fix static linking of nconf
    - riscv: clocksource: Fix stimecmp update hazard on RV32
    - ALSA: usb: Increase volume range that triggers a warning
    - net: hns3: fix data race in hns3_fetch_stats
    - be2net: fix data race in be_get_new_eqd
    - net: hns3: fix wrong GENMASK() for HCLGE_FD_AD_COUNTER_NUM_M
    - net: hns3: fix the HCLGE_FD_AD_NXT_KEY error setting issue
    - usbnet: limit max_mtu based on device's hard_mtu
    - drm/amd/pm: Don't clear SI SMC table when setting power limit
    - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2)
    - selftests: net: amt: wait longer for connection before sending packets
    - net: dsa: fix off-by-one in maximum bridge ID determination
    - octeontx2-af: Fix error handling
    - net: openvswitch: fix data race in ovs_vport_get_upcall_stats
    - vsock/test: fix seqpacket message bounds test
    - x86: make page fault handling disable interrupts properly
    - of: fix reference count leak in of_alias_scan()
    - of: platform: Use default match table for /firmware
    - iio: accel: iis328dq: fix gain values
    - iio: adc: ad9467: fix ad9434 vref mask
    - iio: chemical: scd4x: fix reported channel endianness
    - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl
    - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function
    - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize()
    - octeontx2: Fix otx2_dma_map_page() error return code
    - slimbus: core: fix runtime PM imbalance on report present
    - platform/x86: hp-bioscfg: Fix automatic module loading
    - perf/x86/intel: Do not enable BTS for guests
    - selftests/bpf: Check for timeout in perf_link test
    - mm/damon/sysfs-scheme: cleanup quotas subdirs on scheme dir setup
      failure
    - iio: core: add missing mutex_destroy in iio_dev_release()
    - iio: core: add separate lockdep class for info_exist_lock
    - mm/rmap: fix two comments related to huge_pmd_unshare()
    - arm64: dts: rockchip: remove redundant max-link-speed from nanopi-r4s
    - iio: adc: exynos_adc: fix OF populate on driver rebind
    - dmaengine: stm32: dmamux: fix OF node leak on route allocation failure
    - mm: kmsan: fix poisoning of high-order non-compound pages
    - phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path
    - ASoC: codecs: wsa881x: Drop unused version readout
    - ASoC: codecs: wsa881x: fix unnecessary initialisation
    - ASoC: codecs: wsa883x: fix unnecessary initialisation
    - nvme-fc: rename free_ctrl callback to match name pattern
    - nvme-pci: do not directly handle subsys reset fallout
    - nvme: fix PCIe subsystem reset controller state transition
    - net: phy: fix phy_uses_state_machine()
    - pnfs/blocklayout: Fix memory leak in bl_parse_scsi()
    - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions
    - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip
    - ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type
    - selftests/landlock: Fix TCP bind(AF_UNSPEC) test case
    - xfs: Fix the return value of xfs_rtcopy_summary()
    - phy: ti: gmii-sel: fix regmap leak on probe failure
    - LoongArch: dts: loongson-2k0500: Add default interrupt controller
      address cells
    - LoongArch: dts: loongson-2k1000: Add default interrupt controller
      address cells
    - LoongArch: dts: loongson-2k1000: Fix i2c-gpio node names
    - LoongArch: dts: loongson-2k2000: Add default interrupt controller
      address cells
    - HID: intel-ish-hid: Use dedicated unbound workqueues to prevent resume
      blocking
    - HID: intel-ish-hid: Fix -Wcast-function-type-strict in
      devm_ishtp_alloc_workqueue()
    - xfs: set max_agbno to allow sparse alloc of last full inode chunk
    - selftests/bpf: Test invalid narrower ctx load
    - mm/page_alloc/vmstat: simplify refresh_cpu_vm_stats change detection
    - mm/page_alloc: batch page freeing in decay_pcp_high
    - ata: libata-sata: Improve link_power_management_supported sysfs
      attribute
    - igc: Restore default Qbv schedule when changing channels
    - vsock/virtio: Coalesce only linear skb
    - platform/x86/amd: Fix memory leak in wbrf_record()
    - drm/imagination: Wait for FW trace update command completion
    - ice: Fix persistent failure in ice_get_rxfh
    - sched/fair: Fix pelt clock sync when entering idle
    - drm/nouveau: add missing DCB connector types
    - drm/nouveau: implement missing DCB connector types; gracefully handle
      unknown connectors
    - dpll: Prevent duplicate registrations
    - mei: trace: treat reg parameter as string
    - s390/ap: Fix wrong APQN fill calculation
    - net: sfp: add potron quirk to the H-COM SPP425H-GAB4 SFP+ Stick
    - gpio: cdev: Correct return code on memory allocation failure
    - dmaengine: ti: k3-udma: Enable second resource range for BCDMA and
      PKTDMA
    - exfat: fix refcount leak in exfat_find
    - accel/ivpu: Fix race condition when unbinding BOs
    - btrfs: fix racy bitfield write in btrfs_clear_space_info_full()
    - vsock/virtio: Move length check to callers of virtio_vsock_skb_rx_put()
    - vsock/virtio: Rename virtio_vsock_alloc_skb()
    - vsock/virtio: Move SKB allocation lower-bound check to callers
    - vsock/virtio: Rename virtio_vsock_skb_rx_put()
    - vhost/vsock: Allocate nonlinear SKBs for handling large receive buffers
    - vsock/virtio: Allocate nonlinear SKBs for handling large transmit
      buffers
    - net: Introduce skb_copy_datagram_from_iter_full()
    - vsock/virtio: Fix message iterator handling on transmit path
    - Upstream stable to v6.6.122, v6.12.67, v6.12.68

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2025-38591
    - bpf: Reject narrower access to pointer ctx fields

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23035
    - net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-22996
    - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23000
    - net/mlx5e: Fix crash on profile change rollback failure

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23053
    - NFS: Fix a deadlock involving nfs_release_folio()

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23050
    - pNFS: Fix a deadlock when returning a delegation during open()

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23005
    - x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2024-58097
    - wifi: ath11k: fix RCU stall while reaping monitor destination ring

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2025-68365
    - fs/ntfs3: Initialize allocated memory before use

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2025-37926
    - ksmbd: fix use-after-free in ksmbd_session_rpc_open

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23030
    - phy: rockchip: inno-usb2: Fix a double free bug in
      rockchip_usb2phy_probe()

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23025
    - mm/page_alloc: prevent pcp corruption with SMP=n

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2025-71186
    - dmaengine: stm32: dmamux: fix device leak on route allocation

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23078
    - ALSA: scarlett2: Fix buffer overflow in config retrieval

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23142
    - mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir
      setup failure

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23075
    - can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2025-68725
    - bpf: Do not let BPF test infra emit invalid GSO types to stack

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23097
    - migrate: correct lock ordering for hugetlb file folios

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23108
    - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23080
    - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23061
    - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23058
    - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23085
    - irqchip/gic-v3-its: Avoid truncating memory addresses

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23116
    - pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23098
    - netrom: fix double-free in nr_route_frame()

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23063
    - uacce: ensure safe queue release with state management

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23056
    - uacce: implement mremap in uacce_vm_ops to return -EPERM

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23094
    - uacce: fix isolate sysfs check condition

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23096
    - uacce: fix cdev handling in the cleanup path

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23091
    - intel_th: fix device leak on output open()

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23088
    - tracing: Fix crash on synthetic stacktrace field usage

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23090
    - slimbus: core: fix device reference leak on report present

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23128
    - arm64: Set __nocfi on swsusp_arch_resume()

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23107
    - arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23073
    - wifi: rsi: Fix memory corruption due to not set vif driver data size

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23135
    - wifi: ath12k: fix dma_free_coherent() pointer

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23133
    - wifi: ath10k: fix dma_free_coherent() pointer

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2025-71200
    - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400
      mode

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23089
    - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23076
    - ALSA: ctxfi: Fix potential OOB access in audio mixer handling

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2025-71199
    - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc
      driver

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23101
    - leds: led-class: Only Add LED to leds_list when it is fully ready

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23064
    - net/sched: act_ife: avoid possible NULL deref

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23086
    - vsock/virtio: cap TX credit to local buffer size

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23069
    - vsock/virtio: fix potential underflow in virtio_transport_get_credit()

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23119
    - bonding: provide a net pointer to __skb_flow_dissect()

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23084
    - be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23124
    - ipv6: annotate data-race in ndisc_router_discovery()

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23121
    - mISDN: annotate data-race around dev->work

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23126
    - netdevsim: fix a race issue related to the operation on bpf_bound_progs
      list

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23059
    - scsi: qla2xxx: Sanitize payload size to prevent member overflow

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23110
    - scsi: core: Wake up the error handler when final completions race
      against each other

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23071
    - regmap: Fix race condition in hwspinlock irqsave routine

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23068
    - spi: spi-sprd-adi: Fix double free in probe error path

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23123
    - interconnect: debugfs: initialize src_node and dst_node to empty strings

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2025-71198
    - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event
      detection

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23113
    - io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23062
    - platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23131
    - platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23087
    - scsi: xen: scsiback: Fix potential memory leak in scsiback_remove()

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2025-71197
    - w1: therm: Fix off-by-one buffer overflow in alarms_store

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23105
    - net/sched: qfq: Use cl_is_active to determine whether class is active in
      qfq_rm_from_ag

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23103
    - ipvlan: Make the addrs_lock be per port

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23120
    - l2tp: avoid one data-race in l2tp_tunnel_del_work()

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23083
    - fou: Don't allow 0 for FOU_ATTR_IPPROTO.

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23095
    - gue: Fix skb memleak with inner IP protocol 0.

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23125
    - sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23099
    - bonding: limit BOND_MODE_8023AD to Ethernet devices

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2025-71194
    - btrfs: fix deadlock in wait_current_trans() due to ignored transaction
      type

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2025-71185
    - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23026
    - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config()

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2025-71188
    - dmaengine: lpc18xx-dmamux: fix device leak on route allocation

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2025-71163
    - dmaengine: idxd: fix device leaks on compat bind and unbind

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2025-71189
    - dmaengine: dw: dmamux: fix OF node leak on route allocation failure

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2025-71190
    - dmaengine: bcm-sba-raid: fix device leak on probe

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2025-71191
    - dmaengine: at_hdmac: fix device leak on of_dma_xlate()

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23049
    - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23144
    - mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23145
    - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-22997
    - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session
      upon receiving the second rts

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23031
    - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23032
    - null_blk: fix kmemleak by releasing references to fault configfs items

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23033
    - dmaengine: omap-dma: fix dma_pool resource leak in error paths

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2025-71196
    - phy: stm32-usphyc: Fix off by one in probe()

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2025-71193
    - phy: qcom-qusb2: Fix NULL pointer dereference on early suspend

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2025-71162
    - dmaengine: tegra-adma: Fix use-after-free

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2025-71195
    - dmaengine: xilinx: xdma: Fix regmap max_register

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23006
    - ASoC: tlv320adcx140: fix null pointer

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-22999
    - net/sched: sch_qfq: do not free existing class in qfq_change_class()

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23010
    - ipv6: Fix use-after-free in inet6_addr_del().

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23054
    - net: hv_netvsc: reject RSS hash key programming without RX indirection
      table

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23011
    - ipv4: ip_gre: make ipgre_header() robust

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23001
    - macvlan: fix possible UAF in macvlan_forward_source()

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23003
    - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv()

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23141
    - btrfs: send: check for inline extents in range_is_hole_in_parent()

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-22998
    - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23037
    - can: etas_es58x: allow partial RX URB allocation to succeed

  * Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
    CVE-2026-23038
    - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node()

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058)
    - NFSD: Fix permission check for read access to executable-only files
    - atm: Fix dma_free_coherent() size
    - mei: me: add nova lake point S DID
    - lib/crypto: aes: Fix missing MMU protection for AES S-box
    - counter: 104-quad-8: Fix incorrect return value in IRQ handler
    - drm/pl111: Fix error handling in pl111_amba_probe
    - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[]
    - gpio: rockchip: mark the GPIO controller as sleeping
    - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping
    - net: Add locking to protect skb->dev access in ip_output
    - nfsd: Fix a regression in nfsd_setattr()
    - nfsd: Fix NFSv3 atomicity bugs in nfsd_setattr()
    - nfsd: set security label during create operations
    - csky: fix csky_cmpxchg_fixup not working
    - ARM: 9461/1: Disable HIGHPTE on PREEMPT_RT kernels
    - alpha: don't reference obsolete termio struct for TC* constants
    - dm-snapshot: fix 'scheduling while atomic' on real-time kernels
    - NFSv4: ensure the open stateid seqid doesn't go backwards
    - NFS: Fix up the automount fs_context to use the correct cred
    - smb/client: fix NT_STATUS_UNABLE_TO_FREE_VM value
    - smb/client: fix NT_STATUS_DEVICE_DOOR_OPEN value
    - smb/client: fix NT_STATUS_NO_DATA_DETECTED value
    - scsi: ipr: Enable/disable IRQD_NO_BALANCING during reset
    - scsi: ufs: core: Fix EH failure after W-LUN resume error
    - scsi: Revert "scsi: libsas: Fix exp-attached device scan after probe
      failure scanned in again after probe failed"
    - arm64: dts: add off-on-delay-us for usdhc2 regulator
    - ARM: dts: imx6q-ba16: fix RTC interrupt level
    - arm64: dts: imx8mp: Fix LAN8740Ai PHY reference clock on DH electronics
      i.MX8M Plus DHCOM
    - netfilter: nft_synproxy: avoid possible data-race on update operation
    - gpio: pca953x: Add support for level-triggered interrupts
    - gpio: pca953x: handle short interrupt pulses on PCAL devices
    - netfilter: nf_tables: fix memory leak in nf_tables_newrule()
    - bridge: fix C-VLAN preservation in 802.1ad vlan_tunnel egress
    - inet: ping: Fix icmp out counting
    - netdev: preserve NETIF_F_ALL_FOR_ALL across TSO updates
    - net/mlx5e: Don't print error message due to invalid module
    - net: wwan: iosm: Fix memory leak in ipc_mux_deinit()
    - bnxt_en: Fix potential data corruption with HW GRO/LRO
    - net: enetc: fix build warning when PAGE_SIZE is greater than 128K
    - arp: do not assume dev_hard_header() does not change skb->head
    - ALSA: ac97bus: Use guard() for mutex locks
    - NFS: trace: show TIMEDOUT instead of 0x6e
    - nfs_common: factor out nfs_errtbl and nfs_stat_to_errno
    - NFSD: Remove NFSERR_EAGAIN
    - bpf: Fix an issue in bpf_prog_test_run_xdp when page size greater than
      4K
    - bpf: Make variables in bpf_prog_test_run_xdp less confusing
    - bpf: Support specifying linear xdp packet data size for
      BPF_PROG_TEST_RUN
    - powercap: fix race condition in register_control_type()
    - powercap: fix sscanf() error return value handling
    - ALSA: usb-audio: Update for native DSD support quirks
    - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025
    - ASoC: fsl_sai: Add missing registers to cache default
    - scsi: sg: Fix occasional bogus elapsed time that exceeds timeout
    - bpf: test_run: Fix ctx leak in bpf_prog_test_run_xdp error path
    - ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again)
    - btrfs: tracepoints: use btrfs_root_id() to get the id of a root
    - crypto: qat - fix duplicate restarting msg during AER error
    - netfilter: nft_set_pipapo: fix range overlap detection
    - vsock: Make accept()ed sockets use custom setsockopt()
    - btrfs: only enforce free space tree if v1 cache is required for bs < ps
      cases
    - riscv: pgtable: Cleanup useless VA_USER_XXX definitions
    - idpf: keep the netdev when a reset fails
    - net: sfp: extend Potron XGSPON quirk to cover additional EEPROM variant
    - ata: libata-core: Disable LPM on ST2000DM008-2FR102
    - drm/amd/display: Fix DP no audio issue
    - ALSA: hda/realtek: enable woofer speakers on Medion NM14LNL
    - spi: cadence-quadspi: Prevent lost complete() call during indirect read
    - ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback
    - Upstream stable to v6.6.121, v6.12.66

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2025-71184
    - btrfs: fix NULL dereference on root when tracing inode eviction

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2025-71182
    - can: j1939: make j1939_session_activate() fail if device is no longer
      registered

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2025-71160
    - netfilter: nf_tables: avoid chain re-validation if possible

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2026-22994
    - bpf: Fix reference count leak in bpf_prog_test_run_xdp()

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2026-23140
    - bpf, test_run: Subtract size of xdp_frame from allowed metadata size

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2025-71192
    - ALSA: ac97: fix a double free in snd_ac97_controller_register()

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2026-23021
    - net: usb: pegasus: fix memory leak in update_eth_regs_async()

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2026-22976
    - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate
      in qfq_reset

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2026-22979
    - net: fix memory leak in skb_segment_list for GRO packets

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2026-22977
    - net: sock: fix hardened usercopy panic in sock_recv_errqueue

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2026-22982
    - net: mscc: ocelot: Fix crash when adding interface under a lag

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2026-23019
    - net: marvell: prestera: fix NULL dereference on devlink_alloc() failure

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2026-23139
    - netfilter: nf_conncount: update last_gc only when GC has been performed

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2025-40149
    - tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2025-68803
    - NFSD: NFSv4 file creation neglects setting ACL

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2026-23047
    - libceph: make calc_target() set t->paused, not just clear it

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2026-23136
    - libceph: reset sparse-read state in osd_fault()

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2026-22992
    - libceph: return the handler error from mon_handle_auth_done()

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2026-22991
    - libceph: make free_choose_arg_map() resilient to partial allocation

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2026-22990
    - libceph: replace overzealous BUG_ON in osdmap_apply_incremental()

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2026-22984
    - libceph: prevent potential out-of-bounds reads in handle_auth_done()

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2026-22978
    - wifi: avoid kernel-infoleak from struct iw_point

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2025-71180
    - counter: interrupt-cnt: Drop IRQF_NO_THREAD flag

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2025-71183
    - btrfs: always detect conflicting inodes when logging inode refs

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2026-23020
    - net: 3com: 3c59x: fix possible null dereference in vortex_probe1()

  * Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
    CVE-2026-22980
    - nfsd: provide locking for v4_end_grace

  * CVE-2024-50004
    - drm/amd/display: update DML2 policy
      EnhancedPrefetchScheduleAccelerationFinal DCN35

  * CVE-2026-23274
    - netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels

  * CVE-2026-23351
    - netfilter: nft_set_pipapo: split gc into unlink and reclaim phase

  * CVE-2026-23231
    - netfilter: nf_tables: fix use-after-free in nf_tables_addchain()

  * macvlan: observe an RCU grace period in macvlan_common_newlink() error
    path (LP: #2144380) // CVE-2026-23209
    - macvlan: observe an RCU grace period in macvlan_common_newlink() error
      path

  * CVE-2026-23112
    - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec

 -- Mehmet Basaran <mehmet.basaran@canonical.com>  Sun, 12 Apr 2026 06:19:35 +0300

linux (6.8.0-110.110) noble; urgency=medium

  * noble/linux: 6.8.0-110.110 -proposed tracker (LP: #2144887)

  * ITS mitigation is not enabled on affected CPUs (LP: #2144730)
    - x86/bugs: Rename CONFIG_RETPOLINE => CONFIG_MITIGATION_RETPOLINE
    - x86/bugs: Rename CONFIG_RETHUNK => CONFIG_MITIGATION_RETHUNK
    - [Config] rename config options RETHUNK and RETPOLINE

 -- Stefan Bader <stefan.bader@canonical.com>  Thu, 19 Mar 2026 12:44:28 +0100

linux (6.8.0-108.108) noble; urgency=medium

  * noble/linux: 6.8.0-108.108 -proposed tracker (LP: #2143478)

  * linux-riscv-6.8 is FTBFS because of missing patches (LP: #2142235)
    - riscv, bpf: Unify 32-bit sign-extension to emit_sextw
    - riscv, bpf: Unify 32-bit zero-extension to emit_zextw
    - riscv, bpf: Simplify sext and zext logics in branch instructions
    - riscv, bpf: Add necessary Zbb instructions
    - riscv, bpf: Optimize sign-extention mov insns with Zbb support
    - riscv, bpf: Optimize bswap insns with Zbb support

  * ADT test for linux package failed with "fatal: unable to connect to
    git.launchpad.net" (LP: #2143033)
    - [Packaging] d/t/ubuntu-regression-suite: use https to clone

  * Coresight fails to build on 6.8.0-102 due to missing function and arg
    definitions (LP: #2142337)
    - SAUCE: Revert "coresight: catu: Support atclk"
    - SAUCE: Revert "coresight: catu: Move ACPI support from AMBA driver to
      platform driver"
    - SAUCE: Revert "coresight: tmc: Support atclk"
    - SAUCE: Revert "coresight: tmc: Move ACPI support from AMBA driver to
      platform driver"
    - SAUCE: Revert "Coresight: Set correct cs_mode for TPDM to fix disable
      issue"
    - SAUCE: Revert "Coresight: Set correct cs_mode for dummy source to fix
      disable issue"

  * efi: Fix swapped arguments to bsearch() in efi_status_to_*() SAUCE patch
    (LP: #2141276)
    - SAUCE efi: Fix swapped arguments to bsearch() in efi_status_to_*()

  * Fix conntrack use after free when ovs hardware offload is enabled
    (LP: #2139322)
    - netfilter: conntrack: remove skb argument from nf_ct_refresh
    - netfilter: conntrack: rework offload nf_conn timeout extension logic
    - netfilter: conntrack: fix erronous removal of offload bit

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789)
    - xhci: fix stale flag preventig URBs after link state error is cleared
    - Revert "xfrm: destroy xfrm_state synchronously on net exit path"
    - xfrm: flush all states in xfrm_state_fini
    - leds: spi-byte: Use devm_led_classdev_register_ext()
    - Documentation: process: Also mention Sasha Levin as stable tree
      maintainer
    - USB: serial: option: add Foxconn T99W760
    - USB: serial: option: add Telit Cinterion FE910C04 new compositions
    - USB: serial: option: move Telit 0x10c7 composition in the right place
    - USB: serial: ftdi_sio: match on interface number for jtag
    - serial: add support of CPCI cards
    - USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC
    - USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC
    - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct()
    - spi: xilinx: increase number of retries before declaring stall
    - spi: imx: keep dma request disabled before dma transfer setup
    - drm/vmwgfx: Use kref in vmw_bo_dirty
    - Bluetooth: btrtl: Avoid loading the config file on security chips
    - smb: fix invalid username check in smb3_fs_context_parse_param()
    - ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series
    - HID: hid-input: Extend Elan ignore battery quirk to USB
    - pinctrl: qcom: msm: Fix deadlock in pinmux configuration
    - platform/x86: acer-wmi: Ignore backlight event
    - HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list
    - platform/x86: huawei-wmi: add keys for HONOR models
    - platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list
    - platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally
    - HID: elecom: Add support for ELECOM M-XT3URBK (018F)
    - LoongArch: Mask all interrupts during kexec/kdump
    - samples: work around glibc redefining some of our defines wrong
    - wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1
    - drm/panel: visionox-rm69299: Don't clear all mode flags
    - USB: Fix descriptor count when handling invalid MBIM extended descriptor
    - clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback
    - clk: renesas: Use str_on_off() helper
    - clk: renesas: Pass sub struct of cpg_mssr_priv to cpg_clk_register
    - clk: renesas: cpg-mssr: Read back reset registers to assure values
      latched
    - HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync()
    - objtool: Fix standalone --hacks=jump_label
    - objtool: Fix weak symbol detection
    - sched/fair: Forfeit vruntime on yield
    - irqchip/irq-bcm7038-l1: Fix section mismatch
    - irqchip/irq-bcm7120-l2: Fix section mismatch
    - irqchip/irq-brcmstb-l2: Fix section mismatch
    - irqchip/imx-mu-msi: Fix section mismatch
    - irqchip/qcom-irq-combiner: Fix section mismatch
    - crypto: authenc - Correctly pass EINPROGRESS back up to the caller
    - rculist: Add hlist_nulls_replace_rcu() and
      hlist_nulls_replace_init_rcu()
    - inet: Avoid ehash lookup race in inet_ehash_insert()
    - iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member
    - arm64: dts: freescale: imx8mp-venice-gw7905-2x: remove duplicate usdhc1
      props
    - arm64: dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl
    - arm64: dts: imx8mp-venice-gw702x: remove off-board uart
    - arm64: dts: imx8mp-venice-gw702x: remove off-board sdhc1
    - PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2
    - uio: uio_fsl_elbc_gpcm:: Add null pointer check to
      uio_fsl_elbc_gpcm_probe
    - clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as a parent to
      other
    - clk: qcom: camcc-sm6350: Fix PLL config of PLL2
    - crypto: hisilicon/qm - restore original qos values
    - s390/smp: Fix fallback CPU detection
    - s390/ap: Don't leak debug feature files if AP instructions are not
      available
    - arm64: dts: ti: k3-am62p: Fix memory ranges for GPU
    - firmware: imx: scu-irq: fix OF node leak in
    - arm64: dts: qcom: sdm845-oneplus: Correct gpio used for slider
    - phy: mscc: Fix PTP for VSC8574 and VSC8572
    - sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock().
    - ARM: dts: renesas: gose: Remove superfluous port property
    - ARM: dts: renesas: r9a06g032-rzn1d400-db: Drop invalid #cells properties
    - Revert "mtd: rawnand: marvell: fix layouts"
    - mtd: nand: relax ECC parameter validation check
    - mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe error and
      remove
    - task_work: Fix NMI race condition
    - x86/dumpstack: Prevent KASAN false positive warnings in __show_regs()
    - tools/nolibc/stdio: let perror work when NOLIBC_IGNORE_ERRNO is set
    - soc: qcom: smem: fix hwspinlock resource leak in probe error paths
    - pinctrl: stm32: fix hwspinlock resource leak in probe function
    - i3c: fix refcount inconsistency in i3c_master_register
    - i3c: master: svc: Prevent incomplete IBI transaction
    - interconnect: qcom: msm8996: add missing link to SLAVE_USB_HS
    - arm64: dts: qcom: msm8996: add interconnect paths to USB2 controller
    - interconnect: debugfs: Fix incorrect error handling for NULL path
    - perf lock contention: Load kernel map before lookup
    - perf record: skip synthesize event when open evsel failed
    - power: supply: cw2015: Check devm_delayed_work_autocancel() return code
    - power: supply: rt9467: Return error on failure in
      rt9467_set_value_from_ranges()
    - power: supply: rt9467: Prevent using uninitialized local variable in
      rt9467_set_value_from_ranges()
    - power: supply: wm831x: Check wm831x_set_bits() return value
    - power: supply: apm_power: only unset own apm_get_power_status
    - scsi: target: Do not write NUL characters into ASCII configfs output
    - fs/9p: Don't open remote file with APPEND mode when writeback cache is
      used
    - ARM: dts: am335x-netcom-plus-2xx: add missing GPIO labels
    - ARM: dts: omap3: beagle-xm: Correct obsolete TWL4030 power compatible
    - ARM: dts: omap3: n900: Correct obsolete TWL4030 power compatible
    - x86/boot: Fix page table access in 5-level to 4-level paging transition
    - efi/libstub: Fix page table access in 5-level to 4-level paging
      transition
    - mfd: da9055: Fix missing regmap_del_irq_chip() in error path
    - ext4: correct the checking of quota files before moving extents
    - perf/x86/intel: Correct large PEBS flag check
    - regulator: core: disable supply if enabling main regulator fails
    - scsi: stex: Fix reboot_notifier leak in probe error path
    - staging: most: i2c: Drop explicit initialization of struct
      i2c_device_id::driver_data to 0
    - [Config] remove MOST_I2C driver
    - dt-bindings: PCI: amlogic: Fix the register name of the DBI region
    - RDMA/rtrs: server: Fix error handling in get_or_create_srv
    - ARM: dts: stm32: stm32mp157c-phycore: Fix STMPE811 touchscreen node
      properties
    - ntfs3: init run lock for extend inode
    - scsi: ufs: core: fix incorrect buffer duplication in
      ufshcd_read_string_desc()
    - cpufreq/amd-pstate: Call cppc_set_auto_sel() only for online CPUs
    - powerpc/32: Fix unpaired stwcx. on interrupt exit
    - wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper()
    - coresight: etm4x: Correct polling IDLE bit
    - coresight: etm4x: Extract the trace unit controlling
    - coresight: etm4x: Add context synchronization before enabling trace
    - clk: renesas: r9a06g032: Fix memory leak in error path
    - lib/vsprintf: Check pointer before dereferencing in time_and_date()
    - ACPI: property: Fix fwnode refcount leak in
      acpi_fwnode_graph_parse_endpoint()
    - scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls
    - leds: netxbig: Fix GPIO descriptor leak in error paths
    - PCI: keystone: Exit ks_pcie_probe() for invalid mode
    - arm64: dts: rockchip: Move the EEPROM to correct I2C bus on Radxa ROCK
      5A
    - arm64: dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 5A
    - ps3disk: use memcpy_{from,to}_bvec index
    - bpf: Handle return value of ftrace_set_filter_ip in register_fentry
    - selftests/bpf: Fix failure paths in send_signal test
    - watchdog: wdat_wdt: Fix ACPI table leak in probe function
    - watchdog: starfive: Fix resource leak in probe error path
    - tracefs: fix a leak in eventfs_create_events_dir()
    - NFSD/blocklayout: Fix minlength check in proc_layoutget
    - drm/msm/a2xx: stop over-complaining about the legacy firmware
    - bpf: Improve program stats run-time calculation
    - powerpc/64s/hash: Restrict stress_hpt_struct memblock region to within
      RMA limit
    - powerpc/64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE
      format
    - fs/ntfs3: out1 also needs to put mi
    - fs/ntfs3: Prevent memory leaks in add sub record
    - drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue
    - net/ipv6: Remove expired routes with a separated list of routes.
    - ipv6: clear RA flags when adding a static route
    - perf arm-spe: Extend branch operations
    - perf arm_spe: Fix memset subclass in operation
    - pwm: bcm2835: Make sure the channel is enabled after pwm_request()
    - wifi: mac80211: fix CMAC functions not handling errors
    - mfd: mt6397-irq: Fix missing irq_domain_remove() in error path
    - mfd: mt6358-irq: Fix missing irq_domain_remove() in error path
    - phy: renesas: rcar-gen3-usb2: Fix an error handling path in
      rcar_gen3_phy_usb2_probe()
    - net: phy: adin1100: Fix software power-down ready condition
    - cpuset: Treat cpusets in attaching as populated
    - usb: chaoskey: fix locking for O_NONBLOCK
    - usb: dwc2: disable platform lowlevel hw resources during shutdown
    - usb: dwc2: fix hang during shutdown if set as peripheral
    - usb: dwc2: fix hang during suspend if set as peripheral
    - usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE
    - selftests/bpf: skip test_perf_branches_hw() on unsupported platforms
    - selftests/bpf: Improve reliability of test_perf_branches_no_hw()
    - crypto: ccree - Correctly handle return of sg_nents_for_len
    - RISC-V: KVM: Fix guest page fault within HLV* instructions
    - RDMA/bnxt_re: Fix the inline size for GenP7 devices
    - firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc
    - staging: fbtft: core: fix potential memory leak in fbtft_probe_common()
    - btrfs: fix leaf leak in an error path in btrfs_del_items()
    - PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition
    - drm/nouveau: restrict the flush page to a 32-bit address
    - iomap: factor out a iomap_dio_done helper
    - iomap: always run error completions in user context
    - wifi: ieee80211: correct FILS status codes
    - backlight: lp855x: Fix lp855x.h kernel-doc warnings
    - iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-
      metal
    - RDMA/irdma: Fix data race in irdma_sc_ccq_arm
    - RDMA/irdma: Fix data race in irdma_free_pble
    - RDMA/irdma: Do not directly rely on IB_PD_UNSAFE_GLOBAL_RKEY
    - ASoC: fsl_xcvr: clear the channel status control memory
    - drm/amd/display: Fix logical vs bitwise bug in
      get_embedded_panel_info_v2_1()
    - hwmon: sy7636a: Fix regulator_enable resource leak on error path
    - ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4
    - ublk: prevent invalid access with DEBUG
    - ext4: improve integrity checking in __mb_check_buddy by enhancing
      order-0 validation
    - virtio_vdpa: fix misleading return in void function
    - virtio: fix typo in virtio_device_ready() comment
    - virtio: fix whitespace in virtio_config_ops
    - virtio: fix virtqueue_set_affinity() docs
    - vdpa/pds: use %pe for ERR_PTR() in event handler registration
    - ASoC: Intel: catpt: Fix error path in hw_params()
    - ARM: dts: samsung: universal_c210: turn off SDIO WLAN chip during system
      suspend
    - ARM: dts: samsung: exynos4210-i9100: turn off SDIO WLAN chip during
      system suspend
    - ARM: dts: samsung: exynos4210-trats: turn off SDIO WLAN chip during
      system suspend
    - ARM: dts: samsung: exynos4412-midas: turn off SDIO WLAN chip during
      system suspend
    - resource: replace open coded resource_intersection()
    - resource: introduce is_type_match() helper and use it
    - Reinstate "resource: avoid unnecessary lookups in find_next_iomem_res()"
    - netfilter: flowtable: check for maximum number of encapsulations in
      bridge vlan
    - netfilter: nf_conncount: rework API to use sk_buff directly
    - netfilter: nft_connlimit: update the count if add was skipped
    - net: stmmac: fix rx limit check in stmmac_rx_zc()
    - mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors
    - selftests: bonding: add ipvlan over bond testing
    - selftests: bonding: add delay before each xvlan_over_bond connectivity
      check
    - mtd: lpddr_cmds: fix signed shifts in lpddr_cmds
    - remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs
    - md/raid5: fix IO hang when array is broken with IO inflight
    - clk: keystone: fix compile testing
    - perf tools: Fix split kallsyms DSO counting
    - pinctrl: single: Fix PIN_CONFIG_BIAS_DISABLE handling
    - pinctrl: single: Fix incorrect type for error return variable
    - fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe()
    - 9p: fix cache/debug options printing in v9fs_show_options
    - NFS: Avoid changing nlink when file removes and attribute updates race
    - fs/nls: Fix utf16 to utf8 conversion
    - NFS: Initialise verifiers for visible dentries in readdir and lookup
    - NFS: Initialise verifiers for visible dentries in nfs_atomic_open()
    - Revert "nfs: ignore SB_RDONLY when remounting nfs"
    - Revert "nfs: clear SB_RDONLY before getting superblock"
    - Revert "nfs: ignore SB_RDONLY when mounting nfs"
    - Expand the type of nfs_fattr->valid
    - NFS: Fix inheritance of the block sizes when automounting
    - fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8()
    - platform/x86: asus-wmi: use brightness_set_blocking() for kbd led
    - ASoC: bcm: bcm63xx-pcm-whistler: Check return value of
      of_dma_configure()
    - ASoC: ak4458: Disable regulator when error happens
    - ASoC: ak5558: Disable regulator when error happens
    - blk-mq: Abort suspend when wakeup events are pending
    - block: fix comment for op_is_zone_mgmt() to include RESET_ALL
    - nvme-auth: use kvfree() for memory allocated with kvcalloc()
    - dma/pool: eliminate alloc_pages warning in atomic_pool_expand
    - ALSA: uapi: Fix typo in asound.h comment
    - rtc: gamecube: Check the return value of ioremap()
    - ARM: 9464/1: fix input-only operand modification in
      load_unaligned_zeropad()
    - dm-raid: fix possible NULL dereference with undefined raid type
    - dm log-writes: Add missing set_freezable() for freezable kthread
    - efi/cper: Add a new helper function to print bitmasks
    - efi/cper: Adjust infopfx size to accept an extra space
    - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs
    - ocfs2: fix memory leak in ocfs2_merge_rec_left()
    - LoongArch: Add machine_kexec_mask_interrupts() implementation
    - net: lan743x: Allocate rings outside ZONE_DMA
    - usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt
    - usb: phy: Initialize struct usb_phy list_head
    - ipv6: add exception routes to GC list in rt6_insert_exception
    - btrfs: do not skip logging new dentries when logging a new name
    - btrfs: fix a potential path leak in print_data_reloc_error()
    - bpf, arm64: Do not audit capability check in do_jit()
    - btrfs: fix memory leak of fs_devices in degraded seed device path
    - iomap: account for unaligned end offsets when truncating read range
    - sched/fair: Revert max_newidle_lb_cost bump
    - x86/ptrace: Always inline trivial accessors
    - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint()
      only
    - cpufreq: dt-platdev: Add JH7110S SOC to the allowlist
    - cpufreq: s5pv210: fix refcount leak
    - cpuidle: menu: Use residency threshold in polling state override
      decisions
    - livepatch: Match old_sympos 0 and 1 in klp_find_func()
    - fs/ntfs3: Support timestamps prior to epoch
    - kbuild: Use objtree for module signing key path
    - hfsplus: fix volume corruption issue for generic/070
    - hfsplus: fix volume corruption issue for generic/073
    - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet
    - btrfs: scrub: always update btrfs_scrub_progress::last_physical
    - gfs2: fix remote evict for read-only filesystems
    - smb/server: fix return value of smb2_ioctl()
    - ksmbd: use rwsem instead of rwlock for lease break
    - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV
    - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE
    - net: fec: ERR007885 Workaround for XDP TX path
    - ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2()
    - mlxsw: spectrum_router: Fix possible neighbour reference count leak
    - broadcom: b44: prevent uninitialized value usage
    - netfilter: nf_conncount: fix leaked ct in error paths
    - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr()
    - netfilter: nf_tables: pass context structure to nft_parse_register_load
    - netfilter: nf_tables: allow loads only when register is initialized
    - netfilter: nf_tables: remove redundant chain validation on register
      store
    - net/mlx5: fw reset, clear reset requested on drain_fw_reset
    - net/mlx5: Drain firmware reset in shutdown callback
    - net/mlx5: fw_tracer, Handle escaped percent properly
    - net/mlx5: Skip HotPlug check on sync reset using hot reset
    - net/mlx5: Serialize firmware reset with devlink
    - net: enetc: do not transmit redirected XDP frames when the link is down
    - net: hns3: using the num_tqps to check whether tqp_index is out of range
      when vf get ring info from mbx
    - hwmon: (tmp401) fix overflow caused by default conversion rate value
    - MIPS: Fix a reference leak bug in ip22_check_gio()
    - drm/panel: sony-td4353-jdi: Enable prepare_prev_first
    - x86/xen: Move Xen upcall handler
    - x86/xen: Fix sparse warning in enlighten_pv.c
    - spi: cadence-quadspi: Fix clock disable on probe failure path
    - block: rnbd-clt: Fix leaked ID in init_dev()
    - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen
    - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk
      table
    - can: gs_usb: gs_can_open(): fix error handling
    - ACPI: PCC: Fix race condition by removing static qualifier
    - ACPI: CPPC: Fix missing PCC check for guaranteed_perf
    - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig
    - dt-bindings: mmc: sdhci-of-aspeed: Switch ref to sdhci-common.yaml
    - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path
    - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path
    - ipmi: Fix the race between __scan_channels() and deliver_response()
    - ipmi: Fix __scan_channels() failing to rescan channels
    - firmware: imx: scu-irq: Init workqueue before request mbox channel
    - ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx
    - clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4
    - powerpc/addnote: Fix overflow on 32-bit builds
    - scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled
    - scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive
    - scsi: qla2xxx: Use reinit_completion on mbx_intr_comp
    - fuse: Always flush the page cache before FOPEN_DIRECT_IO write
    - fuse: Invalidate the page cache after FOPEN_DIRECT_IO write
    - reset: fix BIT macro reference
    - exfat: fix remount failure in different process environments
    - usbip: Fix locking bug in RT-enabled kernels
    - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains
    - usb: xhci: limit run_graceperiod for only usb 3.0 devices
    - usb: usb-storage: No additional quirks need to be added to the EL-R12
      optical drive.
    - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready
    - libperf cpumap: Fix perf_cpu_map__max for an empty/NULL map
    - i2c: designware: Disable SMBus interrupts to prevent storms from mis-
      configured firmware
    - nvme-fc: don't hold rport lock when putting ctrl
    - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI
      quirks
    - block: rnbd-clt: Fix signedness bug in init_dev()
    - vhost/vsock: improve RCU read sections around vhost_vsock_get()
    - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition
    - lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit
    - s390/dasd: Fix gendisk parent after copy pair swap
    - block: rate-limit capacity change info log
    - floppy: fix for PAGE_SIZE != 4KB
    - kallsyms: Fix wrong "big" kernel symbol type read from procfs
    - fs/ntfs3: fix mount failure for sparse runs in run_unpack()
    - ktest.pl: Fix uninitialized var in config-bisect.pl
    - ext4: clear i_state_flags when alloc inode
    - ext4: fix incorrect group number assertion in mb_check_buddy
    - ext4: align max orphan file size with e2fsprogs limit
    - jbd2: use a per-journal lock_class_key for jbd2_trans_commit_key
    - jbd2: use a weaker annotation in journal handling
    - media: v4l2-mem2mem: Fix outdated documentation
    - mptcp: schedule rtx timer only after pushing data
    - usb: usb-storage: Maintain minimal modifications to the bcdDevice range.
    - media: pvrusb2: Fix incorrect variable used in trace message
    - phy: broadcom: bcm63xx-usbh: fix section mismatches
    - USB: lpc32xx_udc: Fix error handling in probe
    - usb: phy: isp1301: fix non-OF device reference imbalance
    - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe
    - usb: dwc3: keep susphy enabled during exit to avoid controller faults
    - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc()
    - intel_th: Fix error handling in intel_th_output_open
    - cpuidle: governors: teo: Drop misguided target residency check
    - cpufreq: nforce2: fix reference count leak in nforce2
    - NFSD: use correct reservation type in nfsd4_scsi_fence_client
    - f2fs: fix age extent cache insertion skip on counter overflow
    - tools/testing/nvdimm: Use per-DIMM device handle
    - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on
      #SMI)
    - KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with
      period=0
    - KVM: x86: Explicitly set new periodic hrtimer expiration in
      apic_timer_fn()
    - KVM: nSVM: Avoid incorrect injection of SVM_EXIT_CR0_SEL_WRITE
    - KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN
    - KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation
    - KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN
    - KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed
      VMRUN)
    - KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits
    - xfs: fix a memory leak in xfs_buf_item_init()
    - PM: runtime: Do not clear needs_force_resume with enabled runtime PM
    - r8169: fix RTL8117 Wake-on-Lan in DASH mode
    - nfsd: Mark variable __maybe_unused to avoid W=1 build break
    - svcrdma: return 0 on success from svc_rdma_copy_inline_range
    - s390/ipl: Clear SBP flag when bootprog is set
    - gpio: regmap: Fix memleak in error path in gpio_regmap_register()
    - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state()
    - selftests: openvswitch: Fix escape chars in regexp.
    - crypto: caam - Add check for kcalloc() in test_len()
    - amba: tegra-ahb: Fix device leak on SMMU enable
    - tracing: Fix fixed array of synthetic event
    - soc: qcom: ocmem: fix device leak on lookup
    - soc: amlogic: canvas: fix device leak on lookup
    - rpmsg: glink: fix rpmsg device leak
    - platform/x86: intel: chtwc_int33fe: don't dereference swnode args
    - i2c: amd-mp2: fix reference leak in MP2 PCI device
    - hwmon: (max16065) Use local variable to avoid TOCTOU
    - hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU
    - ARM: dts: microchip: sama5d2: fix spi flexcom fifo size to 32
    - wifi: rtw88: limit indirect IO under powered off for RTL8822CS
    - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result()
    - wifi: mac80211: do not use old MBSSID elements
    - i40e: fix scheduling in set_rx_mode
    - net: mdio: aspeed: add dummy read to avoid read-after-write issue
    - net: openvswitch: Avoid needlessly taking the RTNL on vport destroy
    - platform/x86: msi-laptop: add missing sysfs_remove_group()
    - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic
    - amd-xgbe: reset retries and mode on RX adapt failures
    - Revert "UBUNTU: SAUCE: selftests: net: fix "buffer overflow detected"
      for tap.c"
    - selftests: net: fix "buffer overflow detected" for tap.c
    - genalloc.h: fix htmldocs warning
    - firewire: nosy: Fix dma_free_coherent() size
    - net: dsa: b53: skip multicast entries for fdb_dump()
    - net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group
      struct
    - RDMA/efa: Remove possible negative shift
    - RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr()
    - RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db()
    - RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send
    - RDMA/bnxt_re: Fix to use correct page size for PDE table
    - RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation
    - RDMA/bnxt_re: fix dma_free_coherent() pointer
    - blk-mq: don't schedule block kworker on isolated CPUs
    - blk-mq: skip CPU offline notify on unmapped hctx
    - selftests/ftrace: traceonoff_triggers: strip off names
    - ntfs: Do not overwrite uptodate pages
    - ASoC: stm32: sai: fix device leak on probe
    - ASoC: stm32: sai: fix clk prepare imbalance on probe failure
    - ASoC: qcom: q6apm-dai: set flags to reflect correct operation of
      appl_ptr
    - ASoC: qcom: q6asm-dai: perform correct state check before closing
    - ASoC: qcom: q6adm: the the copp device only during last instance
    - ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment.
    - iommu/amd: Fix pci_segment memleak in alloc_pci_segment()
    - iommu/apple-dart: fix device leak on of_xlate()
    - iommu/exynos: fix device leak on of_xlate()
    - iommu/ipmmu-vmsa: fix device leak on of_xlate()
    - iommu/mediatek-v1: fix device leak on probe_device()
    - iommu/mediatek-v1: fix device leaks on probe()
    - iommu/mediatek: fix device leak on of_xlate()
    - iommu/omap: fix device leaks on probe_device()
    - iommu/qcom: fix device leak on of_xlate()
    - iommu/sun50i: fix device leak on of_xlate()
    - iommu/tegra: fix device leak on probe_device()
    - HID: logitech-dj: Remove duplicate error logging
    - PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths
    - SAUCE: Revert "arm64: dts: ti: k3-j721e-sk: Add DT nodes for power
      regulators"
    - arm64: dts: ti: k3-j721e-sk: Fix pinmux for pin Y1 used by power
      regulator
    - powerpc, mm: Fix mprotect on book3s 32-bit
    - leds: leds-lp50xx: Allow LED 0 to be added to module bank
    - leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs
    - leds: leds-lp50xx: Enable chip before any communication
    - mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup
    - mfd: max77620: Fix potential IRQ chip conflict when probing two devices
    - media: rc: st_rc: Fix reset control resource leak
    - parisc: entry.S: fix space adjustment on interruption for 64-bit
      userspace
    - parisc: entry: set W bit for !compat tasks in syscall_restore_rfi()
    - powerpc/pseries/cmm: call balloon_devinfo_init() also without
      CONFIG_BALLOON_COMPACTION
    - firmware: stratix10-svc: Add mutex in stratix10 memory management
    - dm-ebs: Mark full buffer dirty even on partial write
    - dm-bufio: align write boundary on physical block size
    - fbdev: gbefb: fix to use physical address instead of dma address
    - fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing
    - fbdev: tcx.c fix mem_map to correct smem_start offset
    - media: cec: Fix debugfs leak on bus_register() failure
    - media: msp3400: Avoid possible out-of-bounds array accesses in
      msp3400c_thread()
    - media: renesas: rcar_drif: fix device node reference leak in
      rcar_drif_bond_enabled
    - media: samsung: exynos4-is: fix potential ABBA deadlock on init
    - media: TDA1997x: Remove redundant cancel_delayed_work in probe
    - media: verisilicon: Protect G2 HEVC decoder against invalid DPB index
    - media: videobuf2: Fix device reference leak in vb2_dc_alloc error path
    - media: vpif_capture: fix section mismatch
    - media: vpif_display: fix section mismatch
    - media: amphion: Cancel message work before releasing the VPU core
    - media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe
    - media: i2c: adv7842: Remove redundant cancel_delayed_work in probe
    - media: mediatek: vcodec: Fix a reference leak in
      mtk_vcodec_fw_vpu_init()
    - LoongArch: Add new PCI ID for pci_fixup_vgadev()
    - LoongArch: Correct the calculation logic of thread_count
    - LoongArch: Fix build errors for CONFIG_RANDSTRUCT
    - LoongArch: Use __pmd()/__pte() for swap entry conversions
    - LoongArch: Use unsigned long for _end and _text
    - compiler_types.h: add "auto" as a macro for "__auto_type"
    - kasan: refactor pcpu kasan vmalloc unpoison
    - idr: fix idr_alloc() returning an ID out of range
    - tools/mm/page_owner_sort: fix timestamp comparison for stable sorting
    - samples/ftrace: Adjust LoongArch register restore order in direct calls
    - fjes: Add missing iounmap in fjes_hw_init()
    - LoongArch: BPF: Zero-extend bpf_tail_call() index
    - nfsd: Drop the client reference in client_states_open()
    - net: usb: sr9700: fix incorrect command used to write single register
    - net: macb: Relocate mog_init_rings() callback from macb_mac_link_up() to
      macb_open()
    - drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma
    - drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers
    - drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg()
    - drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse()
    - drm/mgag200: Fix big-endian support
    - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in
      prepare_fb
    - blk-mq: add helper for checking if one CPU is mapped to specified hctx
    - mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in
      mptcp_do_fastclose().
    - ALSA: wavefront: Use standard print API
    - ALSA: wavefront: Use guard() for spin locks
    - ALSA: wavefront: Clear substream pointers on close
    - ext4: fix string copying in parse_apply_sb_mount_options()
    - jbd2: fix the inconsistency between checksum and data in memory for
      journal sb
    - btrfs: don't rewrite ret from inode_permission
    - mm/ksm: fix exec/fork inheritance support for prctl
    - usb: ohci-nxp: Use helper function devm_clk_get_enabled()
    - usb: ohci-nxp: fix device leak on probe failure
    - scsi: ufs: core: Add ufshcd_update_evt_hist() for UFS suspend error
    - f2fs: use f2fs_err_ratelimited() to avoid redundant logs
    - ARM: dts: microchip: sama7g5: fix uart fifo size to 32
    - fuse: fix readahead reclaim deadlock
    - PCI: brcmstb: Fix disabling L0s capability
    - lockd: fix vfs_test_lock() calls
    - mm: simplify folio_expected_ref_count()
    - mm: consider non-anon swap cache folios in folio_expected_ref_count()
    - pmdomain: imx: Fix reference count leak in imx_gpc_probe()
    - net: phy: mediatek: fix nvmem cell reference leak in
      mt798x_phy_calibration
    - drm/amdgpu: Forward VMID reservation errors
    - drm/mediatek: Fix probe memory leak
    - drm/mediatek: Fix probe resource leaks
    - drm/tilcdc: request and mapp iomem with devres
    - tty: introduce and use tty_port_tty_vhangup() helper
    - xhci: dbgtty: fix device unregister: fixup
    - usb: xhci: move link chain bit quirk checks into one helper function.
    - LoongArch: Refactor register restoration in ftrace_common_return
    - f2fs: remove unused GC_FAILURE_PIN
    - f2fs: keep POSIX_FADV_NOREUSE ranges
    - f2fs: drop inode from the donation list when the last file is closed
    - f2fs: fix to propagate error from f2fs_enable_checkpoint()
    - f2fs: fix to detect recoverable inode during dryrun of
      find_fsync_dnodes()
    - media: verisilicon: Fix CPU stalls on G2 bus error
    - mm/balloon_compaction: we cannot have isolated pages in the balloon list
    - mm/balloon_compaction: convert balloon_page_delete() to
      balloon_page_finalize()
    - powerpc/pseries/cmm: adjust BALLOON_MIGRATE when migrating pages
    - KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-
      Exit
    - media: amphion: Add a frame flush mode for decoder
    - media: amphion: Make some vpu_v4l2 functions static
    - media: amphion: Remove vpu_vb_is_codecconfig
    - mm/damon/tests/vaddr-kunit: handle alloc failures in
      damon_test_split_evenly_fail()
    - mm/damon/tests/vaddr-kunit: handle alloc failures on
      damon_do_test_apply_three_regions()
    - sched/fair: Small cleanup to sched_balance_newidle()
    - sched/fair: Small cleanup to update_newidle_cost()
    - sched/fair: Proportional newidle balance
    - RDMA/rxe: Fix the failure of ibv_query_device() and
      ibv_query_device_ex() tests
    - mm/damon/tests/vaddr-kunit: handle alloc failures on
      damon_test_split_evenly_succ()
    - mm/damon/tests/core-kunit: handle alloc failres in
      damon_test_new_filter()
    - mm/damon/tests/core-kunit: handle allocation failures in
      damon_test_regions()
    - mm/damon/tests/core-kunit: handle memory failure from
      damon_test_target()
    - mm/damon/tests/core-kunit: handle alloc failures on
      damon_test_split_regions_of()
    - mm/damon/tests/core-kunit: handle alloc failures on
      damos_test_filter_out()
    - mm/damon/tests/core-kunit: handle alloc failures in
      damon_test_set_regions()
    - mm/damon/tests/core-kunit: handle alloc failures in
      damon_test_ops_registration()
    - mm/damon/tests/core-kunit: handle alloc failure on
      damon_test_set_attrs()
    - virtio_console: fix order of fields cols and rows
    - pwm: stm32: Always program polarity
    - tty: fix tty_port_tty_*hangup() kernel-doc
    - firmware: arm_scmi: Fix unused notifier-block in unregister
    - ext4: filesystems without casefold feature cannot be mounted with
      siphash
    - drm/amdkfd: Fix GPU mappings for APU after prefetch
    - wifi: rtl8xxxu: Add USB ID 2001:3328 for D-Link AN3U rev. A1
    - smack: fix bug: setting task label silently ignores input garbage
    - wifi: ath10k: Avoid vdev delete timeout when firmware is already down
    - wifi: ath10k: Add missing include of export.h
    - wifi: ath10k: move recovery check logic into a new work
    - wifi: ath11k: restore register window after global reset
    - dt-bindings: clock: qcom,x1e80100-gcc: Add missing video resets
    - dt-bindings: clock: qcom,x1e80100-gcc: Add missing USB4 clocks/resets
    - clk: qcom: gcc-x1e80100: Add missing USB4 clocks/resets
    - inet: Avoid ehash lookup race in inet_twsk_hashdance_schedule()
    - block/mq-deadline: Introduce dd_start_request()
    - block/mq-deadline: Switch back to a single dispatch list
    - perf annotate: Check return value of evsel__get_arch() properly
    - arm64: dts: exynos: gs101: fix sysreg_apm reg property
    - clk: qcom: camcc-sm8550: Specify Titan GDSC power domain as a parent to
      other
    - soc: qcom: gsbi: fix double disable caused by devm
    - wifi: ath11k: fix VHT MCS assignment
    - arm64: dts: qcom: sm8650: set ufs as dma coherent
    - perf: Remove get_perf_callchain() init_nr argument
    - bpf: Refactor stack map trace depth calculation into helper function
    - perf/x86/intel/cstate: Remove PC3 support from LunarLake
    - drm/imagination: Fix reference to
      devm_platform_get_and_ioremap_resource()
    - power: supply: rt5033_charger: Fix device node reference leaks
    - power: supply: max17040: Check iio_read_channel_processed() return code
    - libbpf: Fix parsing of multi-split BTF
    - locktorture: Fix memory leak in param_set_cpumask()
    - crypto: iaa - Fix incorrect return value in save_iaa_wq()
    - drm/msm/dpu: drop dpu_hw_dsc_destroy() prototype
    - leds: rgb: leds-qcom-lpg: Don't enable TRILED when configuring PWM
    - RAS: Report all ARM processor CPER information to userspace
    - vhost: Fix kthread worker cgroup failure handling
    - vfio/pci: Use RCU for error/request triggers to avoid circular locking
    - net: phy: aquantia: check for NVMEM deferral
    - perf tools: Mark split kallsyms DSOs as loaded
    - perf hist: In init, ensure mem_info is put on error paths
    - sched/fair: Fix unfairness caused by stalled tg_load_avg_contrib when
      the last task migrates out
    - platform/x86:intel/pmc: Update Arrow Lake telemetry GUID
    - nfs/vfs: discard d_exact_alias()
    - NFS: Initialise verifiers for visible dentries in
      _nfs4_open_and_get_state
    - drm/plane: Fix IS_ERR() vs NULL check in
      drm_plane_create_hotspot_properties()
    - regulator: fixed: Rely on the core freeing the enable GPIO
    - drm/nouveau: refactor deprecated strcpy
    - drm/amdkfd: Use huge page size to check split svm range alignment
    - block: return unsigned int from queue_dma_alignment
    - fs/ntfs3: check for shutdown in fsync
    - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU
    - wifi: cfg80211: use cfg80211_leave() in iftype change
    - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC
      load
    - gfs2: Fix "gfs2: Switch to wait_event in gfs2_quotad"
    - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170
    - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135
    - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT
    - netfilter: nf_nat: remove bogus direction check
    - iommufd/selftest: Add coverage for reporting max_pasid_log2 via
      IOMMU_HW_INFO
    - iommufd/selftest: Update hw_info coverage for an input data_type
    - iommufd/selftest: Make it clearer to gcc that the access is not out of
      bounds
    - hwmon: (dell-smm) Limit fan multiplier to avoid overflow
    - drm/xe: Restore engine registers before restarting schedulers after GT
      reset
    - mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds
    - scsi: ufs: host: mediatek: Fix shutdown/suspend race condition
    - scsi: smartpqi: Add support for Hurray Data new controller PCI device
    - exfat: zero out post-EOF page cache on file extension
    - x86/mce: Do not clear bank's poll bit in mce_poll_banks on AMD SMCA
      systems
    - perf: arm_cspmu: fix error handling in arm_cspmu_impl_unregister()
    - wifi: mt76: Fix DTS power-limits on little endian systems
    - usb: gadget: lpc32xx_udc: fix clock imbalance in error path
    - mei: gsc: add dependency on Xe driver
    - serial: sh-sci: Check that the DMA cookie is valid
    - powerpc: Add reloc_offset() to font bitmap pointer used for
      bootx_printf()
    - xfs: fix stupid compiler warning
    - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap
    - drm/amd/display: Fix scratch registers offsets for DCN35
    - drm/displayid: pass iter to drm_find_displayid_extension()
    - KVM: arm64: Initialize SCTLR_EL1 in __kvm_hyp_init_cpu()
    - soc: apple: mailbox: fix device leak on lookup
    - interconnect: qcom: sdx75: Drop QPIC interconnect and BCM nodes
    - i40e: validate ring_len parameter against hardware-specific values
    - idpf: reduce mbx_task schedule delay to 300us
    - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event
      names
    - net: dsa: fix missing put_device() in dsa_tree_find_first_conduit()
    - vfio/pds: Fix memory leak in pds_vfio_dirty_enable()
    - md: Fix static checker warning in analyze_sbs
    - ASoC: codecs: lpass-tx-macro: fix SM6115 support
    - iommu/amd: Propagate the error code returned by __modify_irte_ga() in
      modify_irte_ga()
    - mtd: mtdpart: ignore error -ENOENT from parsers on subpartitions
    - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips
    - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips
    - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips
    - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips
    - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips
    - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips
    - perf/x86/amd/uncore: Fix the return value of amd_uncore_df_event_init()
      on error
    - mm/damon/tests/sysfs-kunit: handle alloc failures on
      damon_sysfs_test_add_targets()
    - mm/damon/tests/core-kunit: handle alloc failures on
      damon_test_split_at()
    - mm/damon/tests/core-kunit: handle memory alloc failure from
      damon_test_aggregate()
    - mm/damon/tests/core-kunit: handle alloc failures on
      dasmon_test_merge_regions_of()
    - mm/damon/tests/core-kunit: handle alloc failures on
      damon_test_merge_two()
    - mm/damon/tests/core-kunit: handle alloc failures in
      damon_test_update_monitoring_result()
    - kasan: unpoison vms[area] addresses with a common tag
    - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling
    - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident
    - drm/mediatek: Fix probe device leaks
    - drm/i915: Fix format string truncation warning
    - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table
    - drm/xe: Adjust long-running workload timeslices to reasonable values
    - drm/xe: Use usleep_range for accurate long-running workload timeslicing
    - drm/xe: Drop preempt-fences when destroying imported dma-bufs.
    - drm/imagination: Disallow exporting of PM/FW protected objects
    - gfs2: fix freeze error handling
    - sched/eevdf: Remove min_vruntime_copy
    - sched/eevdf: Fix min_vruntime vs avg_vruntime
    - serial: core: fix OF node leak
    - serial: core: Restore sysfs fwnode information
    - mptcp: pm: ignore unknown endpoint flags
    - f2fs: clear SBI_POR_DOING before initing inmem curseg
    - f2fs: add timeout in f2fs_enable_checkpoint()
    - f2fs: dump more information for f2fs_{enable,disable}_checkpoint()
    - gpiolib: acpi: Switch to use enum in acpi_gpio_in_ignore_list()
    - gpiolib: acpi: Handle deferred list via new API
    - gpiolib: acpi: Add acpi_gpio_need_run_edge_events_on_boot() getter
    - gpiolib: acpi: Move quirks to a separate file
    - gpiolib: acpi: Add a quirk for Acer Nitro V15
    - gpiolib: acpi: Add quirk for ASUS ProArt PX13
    - gpiolib: acpi: Add quirk for Dell Precision 7780
    - serial: core: Fix serial device initialization
    - media: i2c: imx219: Fix 1920x1080 mode to use 1:1 pixel aspect ratio
    - wifi: mt76: mt7925: fix CLC command timeout when suspend/resume
    - soundwire: stream: extend sdw_alloc_stream() to take 'type' parameter
    - ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime
    - vfio/pci: Disable qword access to the PCI ROM bar
    - iomap: allocate s_dio_done_wq for async reads as well
    - mptcp: ensure context reset on disconnect()
    - Upstream stable to v6.6.120, v6.12.62, v6.12.63, v6.12.64, v6.12.65

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2024-36347
    - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo
    - x86/microcode/AMD: Select which microcode patch to load

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-40164
    - usbnet: Fix using smp_processor_id() in preemptible code warnings

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-40325
    - md/raid10: wait barrier before returning discard request with REQ_NOWAIT

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68206
    - netfilter: nft_ct: add seqadj extension for natted connections

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71068
    - svcrdma: bound check rq_pages index in inline path

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71135
    - md/raid5: fix possible null-pointer dereferences in
      raid5_store_group_thread_cnt()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-38234
    - sched/rt: Fix race in push_rt_task

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68811
    - svcrdma: use rc_pageoff for memcpy byte offset

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68810
    - KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71109
    - MIPS: ftrace: Fix memory corruption when kernel is located beyond 32
      bits

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68770
    - bnxt_en: Fix XDP_TX path

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71072
    - shmem: fix recovery on rename failures

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68374
    - md: fix rcu protection in md_wakeup_thread

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68378
    - bpf: Fix stackmap overflow check in __bpf_get_stackid()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2024-57795
    - RDMA/rxe: Remove the direct link to net_device

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-38022
    - RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device"
      problem

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71140
    - media: mediatek: vcodec: Use spinlock for context list protection lock

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71105
    - f2fs: use global inline_xattr_slab instead of per-sb slab cache

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68772
    - f2fs: fix to avoid updating compression context during writeback

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-22111
    - net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF.

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-22022
    - usb: xhci: Apply the link chain quirk on NEC isoc endpoints

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71141
    - drm/tilcdc: Fix removal actions in case of failed probe

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71127
    - wifi: mac80211: Discard Beacon frames to non-broadcast address

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71088
    - mptcp: fallback earlier on simult connection

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71065
    - f2fs: fix to avoid potential deadlock

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68345
    - ALSA: hda: cs35l41: Fix NULL pointer dereference in
      cs35l41_hda_read_acpi()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68344
    - ALSA: wavefront: Fix integer overflow in sample size validation

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71077
    - tpm: Cap the number of PCR banks

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71130
    - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71138
    - drm/msm/dpu: Add missing NULL pointer check for pingpong interface

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71083
    - drm/ttm: Avoid NULL pointer deref for evicted BOs

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71079
    - net: nfc: fix deadlock between nfc_unregister_device and
      rfkill_fop_write

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71129
    - LoongArch: BPF: Sign extend kfunc call arguments

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71093
    - e1000: fix OOB in e1000_tbi_should_accept()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71084
    - RDMA/cm: Fix leaking the multicast GID table reference

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71096
    - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71136
    - media: adv7842: Avoid possible out-of-bounds array accesses in
      adv7842_cp_log_status()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71143
    - clk: samsung: exynos-clkout: Assign .num before accessing .hws

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71078
    - powerpc/64s/slb: Fix SLB multihit issue during SLB preload

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71089
    - iommu: disable SVA when CONFIG_X86 is set

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71081
    - ASoC: stm32: sai: fix OF node leak on probe

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71153
    - ksmbd: Fix memory leak in get_file_all_info()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71133
    - RDMA/irdma: avoid invalid read in irdma_net_event

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71086
    - net: rose: fix invalid array index in rose_kill_by_device()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71097
    - ipv4: Fix reference count leak when using error routes with nexthop
      objects

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71085
    - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71095
    - net: stmmac: fix the crash issue for zero copy XDP_TX action

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71137
    - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error"

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71101
    - platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package
      parsing

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71094
    - net: usb: asix: validate PHY address before use

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71132
    - smc91x: fix broken irq-context in PREEMPT_RT

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71154
    - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71091
    - team: fix check for port enabled in
      team_queue_override_port_prio_changed()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71098
    - ip6_gre: make ip6gre_header() robust

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71082
    - Bluetooth: btusb: revert use of devm_kzalloc in btusb

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71131
    - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71087
    - iavf: fix off-by-one issues in iavf_config_rss_reg()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71071
    - iommu/mediatek: fix use-after-free on probe deferral

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71111
    - hwmon: (w83791d) Convert macros to functions to avoid TOCTOU

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71113
    - crypto: af_alg - zero initialize memory allocated via sock_kmalloc

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71149
    - io_uring/poll: correctly handle io_poll_add() return value on update

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68778
    - btrfs: don't log conflicting inode if it's a dir moved in the current
      transaction

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71119
    - powerpc/kexec: Enable SMT before waking offline CPUs

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71120
    - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in
      gss_read_proxy_verf

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71148
    - net/handshake: restore destructor on submit failure

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68788
    - fsnotify: do not generate ACCESS/MODIFY events on child for special
      files

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71125
    - tracing: Do not register unsupported perf events

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71104
    - KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV
      timer

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71116
    - libceph: make decode_pool() more resilient against corrupted osdmaps

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71121
    - parisc: Do not reprogram affinitiy on ASP chip

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71102
    - scs: fix a wrong parameter in __scs_magic

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68804
    - platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68771
    - ocfs2: fix kernel BUG in ocfs2_find_victim_chain

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68808
    - media: vidtv: initialize local pointers upon transfer of memory
      ownership

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68769
    - f2fs: fix return value of f2fs_recover_fsync_data()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71069
    - f2fs: invalidate dentry cache on failed whiteout creation

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68796
    - f2fs: fix to avoid updating zero-sized extent in extent cache

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71107
    - f2fs: ensure node page reads complete before f2fs_put_super() finishes

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68782
    - scsi: target: Reset t_task_cdb pointer in error case

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71075
    - scsi: aic94xx: fix use-after-free in device removal path

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68818
    - scsi: Revert "scsi: qla2xxx: Perform lockless command completion in
      abort path"

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68797
    - char: applicom: fix NULL pointer dereference in ac_ioctl

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68819
    - media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71126
    - mptcp: avoid deadlock on fallback while reinjecting

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68820
    - ext4: xattr: fix null pointer deref in ext4_raw_inode()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68814
    - io_uring: fix filename leak in __io_openat_prep()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71147
    - KEYS: trusted: Fix a memory leak in tpm2_load_cmd

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71151
    - cifs: Fix memory and information leak in smb3_reconfigure()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71108
    - usb: typec: ucsi: Handle incorrect num_connectors capability

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71114
    - via_wdt: fix critical boot hang due to unnamed resource allocation

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68783
    - ALSA: usb-mixer: us16x08: validate meter packet indices

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68776
    - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68773
    - spi: fsl-cpm: Check length parity before switching to 16 bit mode

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68777
    - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68806
    - ksmbd: fix buffer validation by including null terminator size in EA
      length

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71150
    - ksmbd: Fix refcount leak when invalid session is found on session lookup

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68786
    - ksmbd: skip lock-range check on equal size to avoid size==0 underflow

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68789
    - hwmon: (ibmpex) fix use-after-free in high/low store

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71112
    - net: hns3: add VLAN id validation before using

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71064
    - net: hns3: using the num_tqps in the vf driver to apply for resources

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68775
    - net/handshake: duplicate handshake cancellations leak socket

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68816
    - net/mlx5: fw_tracer, Validate format string parameters

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68795
    - ethtool: Avoid overflowing userspace buffer on stats query

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71122
    - iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68815
    - net/sched: ets: Remove drr class from the active list if it changes to
      strict

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68799
    - caif: fix integer underflow in cffrml_receive()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68813
    - ipvs: fix ipv4 null-ptr-deref in route error path

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68785
    - net: openvswitch: fix middle attribute validation in push_nsh() action

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68800
    - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route
      stats

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68801
    - mlxsw: spectrum_router: Fix neighbour use-after-free

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71066
    - net/sched: ets: Always remove class from active list before deleting in
      ets_qdisc_change

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68787
    - netrom: Fix memory leak in nr_sendmsg()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68809
    - ksmbd: vfs: fix race on m_flags in vfs_cache

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68817
    - ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68767
    - hfsplus: Verify inode mode when loading from disk

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68774
    - hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71067
    - ntfs: set dummy blocksize to read boot_block when mounting

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-71118
    - ACPICA: Avoid walking the Namespace if start_node is NULL

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68780
    - sched/deadline: only set free_cpus for online runqueues

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68798
    - perf/x86/amd: Check event before enable to avoid GPF

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68794
    - iomap: adjust read range correctly for non-block-aligned positions

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68346
    - ALSA: dice: fix buffer overflow in detect_stream_formats()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68766
    - irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68756
    - block: Use RCU in blk_mq_[un]quiesce_tagset() instead of
      set->tag_list_lock

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68753
    - ALSA: firewire-motu: add bounds check in put_user loop for DSP events

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68347
    - ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68764
    - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68349
    - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in
      pnfs_mark_layout_stateid_invalid

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68325
    - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68354
    - regulator: core: Protect regulator_supply_alias_list with
      regulator_list_mutex

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68758
    - backlight: led-bl: Add devlink to supplier LEDs

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68765
    - mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68763
    - crypto: starfive - Correctly handle return of sg_nents_for_len

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68740
    - ima: Handle error code returned by ima_filter_rule_match()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68362
    - wifi: rtl818x: rtl8187: Fix potential buffer underflow in
      rtl8187_rx_cb()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68741
    - scsi: qla2xxx: Fix improper freeing of purex item

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68742
    - bpf: Fix invalid prog->stats access when update_effective_progs fails

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68759
    - wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68363
    - bpf: Check skb->transport_header is set in bpf_skb_check_mtu

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68744
    - bpf: Free special fields when update [lru_,]percpu_hash maps

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68364
    - ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68366
    - nbd: defer config unlock in nbd_genl_connect

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68367
    - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68755
    - staging: most: remove broken i2c driver

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68371
    - scsi: smartpqi: Fix device resources accessed after device removal

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68372
    - nbd: defer config put in recv_work

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68746
    - spi: tegra210-quad: Fix timeout handling

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68379
    - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68380
    - wifi: ath11k: fix peer HE MCS assignment

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68724
    - crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68727
    - ntfs3: Fix uninit buffer allocated by __getname()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68728
    - ntfs3: fix uninit memory after failed mi_read in mi_format_new

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68757
    - drm/vgem-fence: Fix potential deadlock on release

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68732
    - gpu: host1x: Fix race in syncpt alloc/free

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68733
    - smack: fix bug: unprivileged task can create labels

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68254
    - staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68255
    - staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68256
    - staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68257
    - comedi: check device's attached status in compat ioctls

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68258
    - comedi: multiq3: sanitize config options in multiq3_attach()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68332
    - comedi: c6xdigio: Fix invalid PNP driver unregistration

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68265
    - nvme: fix admin request_queue lifetime

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68266
    - bfs: Reconstruct file type when loading from disk

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68259
    - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68335
    - comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68261
    - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock()

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68336
    - locking/spinlock/debug: Fix data-race in do_raw_write_lock

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68263
    - ksmbd: ipc: fix use-after-free in ipc_msg_send_request

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68264
    - ext4: refresh inline data size before write operations

  * Noble update: upstream stable patchset 2026-03-04 (LP: #2142789) //
    CVE-2025-68337
    - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system
      corrupted

  * CVE-2026-23111
    - netfilter: nf_tables: fix inverted genmask check in
      nft_map_catchall_activate()

  * CVE-2026-23209
    - macvlan: fix error recovery in macvlan_common_newlink()

  * CVE-2026-23074
    - net/sched: Enforce that teql can only be used as root qdisc

  * CVE-2026-23060
    - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN
      spec

 -- Stefan Bader <stefan.bader@canonical.com>  Wed, 11 Mar 2026 14:47:08 +0100

linux (6.8.0-106.106) noble; urgency=medium

  * Miscellaneous upstream changes
    - apparmor: validate DFA start states are in bounds in unpack_pdb
    - apparmor: fix memory leak in verify_header
    - apparmor: replace recursive profile removal with iterative approach
    - apparmor: fix: limit the number of levels of policy namespaces
    - apparmor: fix side-effect bug in match_char() macro usage
    - apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
    - apparmor: Fix double free of ns_name in aa_replace_profiles()
    - apparmor: fix unprivileged local user can do privileged policy
      management
    - apparmor: fix differential encoding verification
    - apparmor: fix race on rawdata dereference
    - apparmor: fix race between freeing data and fs accessing it

 -- Mehmet Basaran <mehmet.basaran@canonical.com>  Fri, 06 Mar 2026 03:43:25 +0300

linux (6.8.0-104.104) noble; urgency=medium

  * noble/linux: 6.8.0-104.104 -proposed tracker (LP: #2141774)

  * Change of ABI in 6.8.0 kernel breaks some OTT modules (LP: #2141778)
    - Revert "net: tls: Cancel RX async resync request on rcd_delta overflow"
    - Revert "net: tls: Change async resync helpers argument"

 -- Edoardo Canepa <edoardo.canepa@canonical.com>  Fri, 13 Feb 2026 19:36:26 +0100

# For older changelog entries, run 'apt-get changelog linux-headers-6.8.0-134-generic'

Generated by dwww version 1.16 on Sat Jul 11 06:22:00 CEST 2026.