[Bug 2144006] Re: intel_idle: add Clearwater Forest SoC support

** Changed in: linux (Ubuntu)
Status: New => Fix Released

--
You received this bug notification because you are subscribed to linux
in Ubuntu.
Matching subscriptions: Bgg, Bmail, Nb
https://bugs.launchpad.net/bugs/2144006

Title:
intel_idle: add Clearwater Forest SoC support

Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Noble:
In Progress

Bug description:
[ Impact ]

 * Improve management of C-states in Clearwater Forest hardware.

[ Fix ]

 * Cherry-pick from upstream: eeed4bfbe9b intel_idle: add Clearwater Forest SoC support
This is a single line change as it's reusing the Sierra Forest C-states table.

[ Test Plan ]

 * Built and boot tested

[ Where problems could occur ]

 * Regression in performance in Clearwater Forest.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2144006/+subscriptions

[Bug 2144006] Re: intel_idle: add Clearwater Forest SoC support

** Description changed:

[ Impact ]

- * Improve management of C-states in Clearwater Forest hardware.
+  * Improve management of C-states in Clearwater Forest hardware.

[ Fix ]

- * Cherry-pick from upstream: eeed4bfbe9b intel_idle: add Clearwater
- Forest SoC support
+  * Cherry-pick from upstream: eeed4bfbe9b intel_idle: add Clearwater Forest SoC support
+ This is a single line change as it's reusing the Sierra Forest C-states table.

[ Test Plan ]

- * Built and boot tested
+  * Built and boot tested

[ Where problems could occur ]

- * Regression in performance in Clearwater Forest.
+  * Regression in performance in Clearwater Forest.

--
You received this bug notification because you are subscribed to linux
in Ubuntu.
Matching subscriptions: Bgg, Bmail, Nb
https://bugs.launchpad.net/bugs/2144006

Title:
intel_idle: add Clearwater Forest SoC support

Status in linux package in Ubuntu:
New
Status in linux source package in Noble:
In Progress

Bug description:
[ Impact ]

 * Improve management of C-states in Clearwater Forest hardware.

[ Fix ]

 * Cherry-pick from upstream: eeed4bfbe9b intel_idle: add Clearwater Forest SoC support
This is a single line change as it's reusing the Sierra Forest C-states table.

[ Test Plan ]

 * Built and boot tested

[ Where problems could occur ]

 * Regression in performance in Clearwater Forest.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2144006/+subscriptions

[Bug 1786013] Autopkgtest regression report (linux-meta-aws/6.17.0-1009.9)

All autopkgtests for the newly accepted linux-meta-aws (6.17.0-1009.9) for questing have finished running.
The following regressions have been reported in tests triggered by the package:

systemd/257.9-0ubuntu2.1 (amd64)


Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-
migration/questing/update_excuses.html#linux-meta-aws

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

--
You received this bug notification because you are subscribed to linux
in Ubuntu.
Matching subscriptions: Bgg, Bmail, Nb
https://bugs.launchpad.net/bugs/1786013

Title:
Packaging resync

Status in linux package in Ubuntu:
Fix Released
Status in linux-azure package in Ubuntu:
Fix Released
Status in linux-azure-edge package in Ubuntu:
Fix Released
Status in linux source package in Precise:
Fix Released
Status in linux-azure source package in Precise:
Won't Fix
Status in linux-azure-edge source package in Precise:
Won't Fix
Status in linux source package in Trusty:
Fix Released
Status in linux-azure source package in Trusty:
Fix Released
Status in linux-azure-edge source package in Trusty:
Won't Fix
Status in linux source package in Xenial:
Fix Released
Status in linux-azure source package in Xenial:
Fix Released
Status in linux-azure-edge source package in Xenial:
Fix Released
Status in linux source package in Bionic:
Fix Released
Status in linux-azure source package in Bionic:
Fix Released
Status in linux-azure-edge source package in Bionic:
Fix Released
Status in linux source package in Cosmic:
Fix Released
Status in linux-azure source package in Cosmic:
Fix Released
Status in linux-azure-edge source package in Cosmic:
Won't Fix
Status in linux source package in Disco:
Fix Released
Status in linux-azure source package in Disco:
Fix Released
Status in linux-azure-edge source package in Disco:
Won't Fix

Bug description:
Ongoing packaging resyncs.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1786013/+subscriptions

[Bug 2144336] [NEW] Support Nova Lake P

Public bug reported:

Nova-lake P support is missing in 7.0 but has been merged in linux-next and expected in 7.1
Patches enabling Xe3p_LPG are required, which were submitted in beginning of February and merged upstream [0].

There is two additionnal commits on top of the upstream submission:
- A non upstream patchset to enable the probing of such hardware by default.
- A fixup commit submitted the 3rd March changing the GuC firmware expected [1]

This patchset is submitted in collaboration with intel.

0: https://lore.kernel.org/all/20260206-nvl-p-upstreaming-v3-0-636e1ad32688@intel.com/
1: https://patchwork.freedesktop.org/series/162530/#rev2

** Affects: linux (Ubuntu)
Importance: Undecided
Assignee: Thibault Ferrante (thibf)
Status: In Progress

** Affects: linux (Ubuntu Resolute)
Importance: Undecided
Assignee: Thibault Ferrante (thibf)
Status: In Progress

** Also affects: linux (Ubuntu Resolute)
Importance: Undecided
Status: New

** Changed in: linux (Ubuntu Resolute)
Assignee: (unassigned) => Thibault Ferrante (thibf)

** Changed in: linux (Ubuntu Resolute)
Status: New => In Progress

--
You received this bug notification because you are subscribed to linux
in Ubuntu.
Matching subscriptions: Bgg, Bmail, Nb
https://bugs.launchpad.net/bugs/2144336

Title:
Support Nova Lake P

Status in linux package in Ubuntu:
In Progress
Status in linux source package in Resolute:
In Progress

Bug description:
Nova-lake P support is missing in 7.0 but has been merged in linux-next and expected in 7.1
Patches enabling Xe3p_LPG are required, which were submitted in beginning of February and merged upstream [0].

There is two additionnal commits on top of the upstream submission:
- A non upstream patchset to enable the probing of such hardware by default.
- A fixup commit submitted the 3rd March changing the GuC firmware expected [1]

This patchset is submitted in collaboration with intel.

0: https://lore.kernel.org/all/20260206-nvl-p-upstreaming-v3-0-636e1ad32688@intel.com/
1: https://patchwork.freedesktop.org/series/162530/#rev2

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2144336/+subscriptions

[Bug 2143853] Re: apparmor LSM vulnerabilities

** Changed in: linux (Ubuntu)
Status: In Progress => Fix Committed

** Description changed:

Tracking following upstream commits:
- - apparmor: validate DFA start states are in bounds in unpack_pdb
- - apparmor: fix memory leak in verify_header
- - apparmor: replace recursive profile removal with iterative approach
- - apparmor: fix: limit the number of levels of policy namespaces
- - apparmor: fix side-effect bug in match_char() macro usage
- - apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
- - apparmor: Fix double free of ns_name in aa_replace_profiles()
- - apparmor: fix unprivileged local user can do privileged policy management
- - apparmor: fix differential encoding verification
- - apparmor: fix race on rawdata dereference
- - apparmor: fix race between freeing data and fs accessing it
+ 8e135b8aee5a apparmor: fix race between freeing data and fs accessing it
+ a0b7091c4de4 apparmor: fix race on rawdata dereference
+ 39440b137546 apparmor: fix differential encoding verification
+ 6601e13e8284 apparmor: fix unprivileged local user can do privileged policy management
+ 5df0c44e8f5f apparmor: Fix double free of ns_name in aa_replace_profiles()
+ d352873bbefa apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
+ 8756b68edae3 apparmor: fix side-effect bug in match_char() macro usage
+ 306039414932 apparmor: fix: limit the number of levels of policy namespaces
+ ab09264660f9 apparmor: replace recursive profile removal with iterative approach
+ e38c55d9f834 apparmor: fix memory leak in verify_header
+ 9063d7e2615f apparmor: validate DFA start states are in bounds in unpack_pdb

There are no CVE(s) for those issues yet.

--
You received this bug notification because you are subscribed to linux
in Ubuntu.
Matching subscriptions: Bgg, Bmail, Nb
https://bugs.launchpad.net/bugs/2143853

Title:
apparmor LSM vulnerabilities

Status in linux package in Ubuntu:
Fix Committed

Bug description:
Tracking following upstream commits:
8e135b8aee5a apparmor: fix race between freeing data and fs accessing it
a0b7091c4de4 apparmor: fix race on rawdata dereference
39440b137546 apparmor: fix differential encoding verification
6601e13e8284 apparmor: fix unprivileged local user can do privileged policy management
5df0c44e8f5f apparmor: Fix double free of ns_name in aa_replace_profiles()
d352873bbefa apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
8756b68edae3 apparmor: fix side-effect bug in match_char() macro usage
306039414932 apparmor: fix: limit the number of levels of policy namespaces
ab09264660f9 apparmor: replace recursive profile removal with iterative approach
e38c55d9f834 apparmor: fix memory leak in verify_header
9063d7e2615f apparmor: validate DFA start states are in bounds in unpack_pdb

There are no CVE(s) for those issues yet.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2143853/+subscriptions

[Bug 2127764] Re: Boot up hang with ucsi call trace while plug power cord or device on tbt5 port

This bug was fixed in the package linux - 6.8.0-106.106

---------------
linux (6.8.0-106.106) noble; urgency=medium

* Miscellaneous upstream changes
- apparmor: validate DFA start states are in bounds in unpack_pdb
- apparmor: fix memory leak in verify_header
- apparmor: replace recursive profile removal with iterative approach
- apparmor: fix: limit the number of levels of policy namespaces
- apparmor: fix side-effect bug in match_char() macro usage
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
- apparmor: Fix double free of ns_name in aa_replace_profiles()
- apparmor: fix unprivileged local user can do privileged policy
management
- apparmor: fix differential encoding verification
- apparmor: fix race on rawdata dereference
- apparmor: fix race between freeing data and fs accessing it

-- Mehmet Basaran <mehmet.basaran@canonical.com> Fri, 06 Mar 2026
03:43:25 +0300

--
You received this bug notification because you are subscribed to linux
in Ubuntu.
Matching subscriptions: Bgg, Bmail, Nb
https://bugs.launchpad.net/bugs/2127764

Title:
Boot up hang with ucsi call trace while plug power cord or device on
tbt5 port

Status in HWE Next:
New
Status in linux package in Ubuntu:
Fix Released
Status in linux-oem-6.14 package in Ubuntu:
Invalid
Status in linux-oem-6.17 package in Ubuntu:
Invalid
Status in linux source package in Noble:
Fix Released
Status in linux-oem-6.14 source package in Noble:
Fix Released
Status in linux-oem-6.17 source package in Noble:
Fix Released
Status in linux source package in Plucky:
Won't Fix
Status in linux-oem-6.14 source package in Plucky:
Invalid
Status in linux-oem-6.17 source package in Plucky:
Invalid
Status in linux source package in Questing:
Fix Released
Status in linux-oem-6.14 source package in Questing:
Invalid
Status in linux-oem-6.17 source package in Questing:
Invalid
Status in linux source package in Resolute:
Fix Released
Status in linux-oem-6.14 source package in Resolute:
Invalid
Status in linux-oem-6.17 source package in Resolute:
Invalid

Bug description:
[Impact]
Boot up process may stuck with the ucsi cod trace

<4>[ 15.117180] workqueue: cannot queue ucsi_poll_worker [typec_ucsi] on wq USBC000:00-con1
<4>[ 15.117196] WARNING: CPU: 14 PID: 0 at kernel/workqueue.c:2257 __queue_work+0x2f3/0x410
<4>[ 15.117205] Modules linked in: qrtr_mhi snd_seq_dummy snd_hrtimer rfcomm snd_soc_cs42l43 spi_cs42l43 snd_soc_cs42l43_sdw pinctrl_cs42l43 snd_soc_sof_sdw snd_soc_intel_hda_dsp_common snd_soc_sdw_utils snd_sof_probes xe snd_soc_cs35l56_sdw snd_soc_cs35l56 snd_soc_wm_adsp gpu_sched snd_soc_cs35l56_shared cs42l43_sdw snd_soc_cs_amp_lib regmap_sdw drm_gpuvm cs_dsp cs42l43 drm_ttm_helper drm_exec drm_suballoc_helper snd_soc_dmic snd_sof_pci_intel_mtl snd_sof_intel_hda_generic soundwire_intel soundwire_cadence snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda_mlink snd_sof_intel_hda snd_hda_codec_hdmi qrtr snd_sof_pci snd_sof_xtensa_dsp snd_sof intel_uncore_frequency intel_uncore_frequency_common snd_sof_utils snd_hda_ext_core snd_soc_acpi_intel_match snd_soc_acpi_intel_sdca_quirks soundwire_generic_allocation x86_pkg_temp_thermal snd_soc_acpi intel_powerclamp soundwire_bus cmac snd_soc_sdca coretemp algif_hash snd_soc_core algif_skcipher snd_compress ac97_bus af_alg snd_pcm_dmaengine bnep snd_hda_intel
<4>[ 15.117256] snd_intel_dspcfg dell_pc kvm_intel platform_profile snd_ctl_led snd_intel_sdw_acpi iwlmvm snd_hda_codec i915 kvm snd_hda_core mac80211 snd_hwdep snd_pcm irqbypass polyval_clmulni libarc4 snd_seq_midi polyval_generic snd_seq_midi_event ghash_clmulni_intel uvcvideo sha256_ssse3 snd_rawmidi dell_laptop sha1_ssse3 videobuf2_vmalloc aesni_intel uvc videobuf2_memops snd_seq btusb binfmt_misc videobuf2_v4l2 cmdlinepart crypto_simd drm_buddy dell_wmi videobuf2_common btrtl cryptd dell_smbios snd_seq_device spi_nor ttm btintel mtd mei_gsc_proxy intel_rapl_msr iwlwifi btbcm processor_thermal_device_pci videodev drm_display_helper snd_timer i2c_i801 btmtk processor_thermal_device dcdbas rapl nls_iso8859_1 dell_wmi_sysman intel_cstate processor_thermal_wt_hint snd cec i2c_smbus spi_intel_pci bluetooth cfg80211 mc dell_wmi_ddv dell_smm_hwmon qaic firmware_attributes_class processor_thermal_rfim dell_wmi_descriptor wmi_bmof soundcore spi_intel i2c_mux processor_thermal_rapl mei_me mhi intel_rapl_common intel_vpu
<4>[ 15.117319] rc_core mei processor_thermal_wt_req processor_thermal_power_floor i2c_algo_bit processor_thermal_mbox int3403_thermal intel_pmc_core dptf_pch_fivr int340x_thermal_zone pmt_telemetry pmt_class int3400_thermal intel_hid acpi_pad acpi_thermal_rel sparse_keymap acpi_tad intel_vsec input_leds joydev mac_hid serio_raw sch_fq_codel msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 hid_sensor_custom hid_sensor_hub intel_ishtp_hid hid_multitouch hid_generic nvme rtsx_pci_sdmmc i2c_hid_acpi ucsi_acpi video intel_lpss_pci psmouse i2c_hid typec_ucsi nvme_core intel_ish_ipc intel_lpss igc thunderbolt rtsx_pci intel_ishtp idma64 hid typec nvme_auth wmi pinctrl_meteorlake pinctrl_meteorpoint
<4>[ 15.117366] CPU: 14 UID: 0 PID: 0 Comm: swapper/14 Not tainted 6.14.0-8011-oem #11+staging.12-Ubuntu
<4>[ 15.117370] Hardware name: Dell Inc. Dell Pro Max 16 Plus MB16250/, BIOS 89.71.16 07/29/2025
<4>[ 15.117372] RIP: 0010:__queue_work+0x2f3/0x410
<4>[ 15.117376] Code: 00 00 41 83 e4 01 0f 85 49 fe ff ff 49 8b 77 18 48 8d 93 c0 00 00 00 48 c7 c7 60 22 9f 95 c6 05 06 21 66 02 01 e8 7d 19 fd ff <0f> 0b e9 24 fe ff ff 0f 0b e9 10 fe ff ff 65 8b 05 04 14 e8 6b 48
<4>[ 15.117378] RSP: 0018:ffffcc2c805d8c98 EFLAGS: 00010046
<4>[ 15.117381] RAX: 0000000000000000 RBX: ffff8aa282eac200 RCX: 0000000000000000
<4>[ 15.117383] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
<4>[ 15.117384] RBP: ffffcc2c805d8cd0 R08: 0000000000000000 R09: 0000000000000000
<4>[ 15.117386] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
<4>[ 15.117387] R13: ffffffff941b5420 R14: ffff8aa283b33220 R15: ffff8aa283b33200
<4>[ 15.117388] FS: 0000000000000000(0000) GS:ffff8ac19ff00000(0000) knlGS:0000000000000000
<4>[ 15.117390] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[ 15.117392] CR2: 000078c0c11c5000 CR3: 000000010203f002 CR4: 0000000000f72ef0
<4>[ 15.117394] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
<4>[ 15.117395] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400
<4>[ 15.117396] PKRU: 55555554
<4>[ 15.117397] Call Trace:
<4>[ 15.117400] <IRQ>
<4>[ 15.117403] ? __pfx_delayed_work_timer_fn+0x10/0x10
<4>[ 15.117408] delayed_work_timer_fn+0x19/0x30
<4>[ 15.117411] call_timer_fn+0x2c/0x150
<4>[ 15.117414] ? __pfx_delayed_work_timer_fn+0x10/0x10
<4>[ 15.117417] __run_timers+0x1c8/0x2d0
<4>[ 15.117420] timer_expire_remote+0x52/0x80
<4>[ 15.117422] tmigr_handle_remote_cpu+0x11e/0x280
<4>[ 15.117427] tmigr_handle_remote_up+0xf1/0x140
<4>[ 15.117430] tmigr_handle_remote+0xd9/0x140
<4>[ 15.117433] run_timer_softirq+0xeb/0x100
<4>[ 15.117435] handle_softirqs+0xe4/0x340
<4>[ 15.117440] __irq_exit_rcu+0x10e/0x130
<4>[ 15.117444] irq_exit_rcu+0xe/0x20
<4>[ 15.117446] sysvec_apic_timer_interrupt+0xa0/0xc0
<4>[ 15.117450] </IRQ>
<4>[ 15.117451] <TASK>
<4>[ 15.117452] asm_sysvec_apic_timer_interrupt+0x1b/0x20

[Fix]
We submit a patch to fix this issue
https://lkml.org/lkml/2025/10/2/100
v2 - https://lkml.org/lkml/2025/10/13/312
v3 - https://lkml.org/lkml/2025/10/17/338
v4 - https://lore.kernel.org/lkml/20251218071925.3459787-1-acelan.kao@canonical.com/

[Test]
Reboot the machine with AC plug on the TBT5 port, it should always boots up correctly without call trace.

[Where problems could occur]
It should handle the destruction process correctly, and is not likely to introduce regressions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/hwe-next/+bug/2127764/+subscriptions

[Bug 2137613] Re: TBT call trace while connecting TBT4 monitor on TBT5 port

This bug was fixed in the package linux - 6.8.0-106.106

---------------
linux (6.8.0-106.106) noble; urgency=medium

* Miscellaneous upstream changes
- apparmor: validate DFA start states are in bounds in unpack_pdb
- apparmor: fix memory leak in verify_header
- apparmor: replace recursive profile removal with iterative approach
- apparmor: fix: limit the number of levels of policy namespaces
- apparmor: fix side-effect bug in match_char() macro usage
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
- apparmor: Fix double free of ns_name in aa_replace_profiles()
- apparmor: fix unprivileged local user can do privileged policy
management
- apparmor: fix differential encoding verification
- apparmor: fix race on rawdata dereference
- apparmor: fix race between freeing data and fs accessing it

-- Mehmet Basaran <mehmet.basaran@canonical.com> Fri, 06 Mar 2026
03:43:25 +0300

--
You received this bug notification because you are subscribed to linux
in Ubuntu.
Matching subscriptions: Bgg, Bmail, Nb
https://bugs.launchpad.net/bugs/2137613

Title:
TBT call trace while connecting TBT4 monitor on TBT5 port

Status in HWE Next:
New
Status in linux package in Ubuntu:
Fix Released
Status in linux-oem-6.14 package in Ubuntu:
Invalid
Status in linux-oem-6.17 package in Ubuntu:
Invalid
Status in linux source package in Noble:
Fix Released
Status in linux-oem-6.14 source package in Noble:
Fix Released
Status in linux-oem-6.17 source package in Noble:
Fix Released
Status in linux source package in Questing:
Fix Released
Status in linux-oem-6.14 source package in Questing:
Invalid
Status in linux-oem-6.17 source package in Questing:
Invalid
Status in linux source package in Resolute:
Fix Released
Status in linux-oem-6.14 source package in Resolute:
Invalid
Status in linux-oem-6.17 source package in Resolute:
Invalid

Bug description:
[Impact]

When connecting Thunderbolt devices (especially monitors like Dell
U2725QE), users see alarming kernel backtraces in dmesg during device
enumeration. While the devices eventually work after automatic
reconnection, the call traces cause user concern and can trigger
automated bug reporting tools.

Error log example:
```
[ 36.031530] thunderbolt 0000:c7:00.6: PCIe Down path activation failed
[ 36.031531] WARNING: drivers/thunderbolt/path.c:589 at 0x0, CPU#12: pool-/usr/libex/3145
[ 36.031605] CPU: 12 UID: 0 PID: 3145 Comm: pool-/usr/libex Tainted: G D W 6.18.0+ #8
[ 36.031610] RIP: 0010:tb_path_activate+0x126/0x530 [thunderbolt]
[ 36.031637] Call Trace:
[ 36.031638] <TASK>
...
```

The issue occurs when:
- Type-C connections have transient electrical issues
- During lane bonding transitions (single lane to dual lane)
- The Thunderbolt port's control channel is temporarily unavailable

The devices typically recover automatically within a few seconds and
work normally, but the kernel backtrace (tb_WARN) is generated
unnecessarily for these expected transient conditions.

Affected hardware:
- Dell U2725QE Thunderbolt monitor (USB4 device 8087:b26)
- Other Thunderbolt/USB4 devices experiencing similar transient connection issues
- AMD and Intel Thunderbolt controllers

[Fix]

Modify tb_path_activate() in drivers/thunderbolt/path.c to
differentiate between expected transient failures and actual errors:

- For -ENOTCONN errors: Use tb_warn() to log the error without generating a kernel backtrace
- For all other errors: Keep tb_WARN() to generate the full call trace for debugging

This approach aligns with the existing comment in
drivers/thunderbolt/ctl.c which states that
TB_CFG_ERROR_PORT_NOT_CONNECTED "can happen during surprise removal"
and we should "not warn" about it.

The fix does not suppress the warning message itself - users and
developers can still see the path activation failure in dmesg. It only
removes the unnecessary kernel backtrace (stack dump, register dump,
etc.) for this specific expected transient condition.

Patch:
https://lore.kernel.org/lkml/20260102031905.27416-1-acelan.kao@canonical.com/T/#u
("thunderbolt: Suppress call trace for transient -ENOTCONN errors
during path activation")

[Test Plan]

Hardware needed:
- Dell U2725QE Thunderbolt monitor or similar Thunderbolt device that exhibits transient connection issues
- System with Thunderbolt 3/4 or USB4 controller

Test steps:
```bash
# Clear dmesg
sudo dmesg -C

# Connect Dell U2725QE or similar Thunderbolt device
# Wait 10 seconds

# Check for call traces
dmesg | grep -A 30 "path activation failed"
```

Without the patch: A full kernel backtrace appears with WARNING, RIP,
Call Trace, register dump, etc.

With the patch: Only a simple warning message appears without the backtrace:
```
thunderbolt 0000:c7:00.6: PCIe Down path activation failed (port not connected)
```


[Where problems could occur]

The patch modifies error reporting in the Thunderbolt path activation
code, which could affect debugging and error handling:

1. **Thunderbolt subsystem**: If there are genuine bugs that manifest
as -ENOTCONN errors (not just transient issues), developers might miss
important debugging information because the full backtrace won't be
generated. This would make it harder to diagnose actual Thunderbolt
controller bugs or firmware issues.

To manage notifications about this bug go to:
https://bugs.launchpad.net/hwe-next/+bug/2137613/+subscriptions

[Bug 2137664] Re: Noble update: upstream stable patchset 2026-01-07

This bug was fixed in the package linux - 6.8.0-106.106

---------------
linux (6.8.0-106.106) noble; urgency=medium

* Miscellaneous upstream changes
- apparmor: validate DFA start states are in bounds in unpack_pdb
- apparmor: fix memory leak in verify_header
- apparmor: replace recursive profile removal with iterative approach
- apparmor: fix: limit the number of levels of policy namespaces
- apparmor: fix side-effect bug in match_char() macro usage
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
- apparmor: Fix double free of ns_name in aa_replace_profiles()
- apparmor: fix unprivileged local user can do privileged policy
management
- apparmor: fix differential encoding verification
- apparmor: fix race on rawdata dereference
- apparmor: fix race between freeing data and fs accessing it

-- Mehmet Basaran <mehmet.basaran@canonical.com> Fri, 06 Mar 2026
03:43:25 +0300

** Changed in: linux (Ubuntu Noble)
Status: Fix Committed => Fix Released

--
You received this bug notification because you are subscribed to linux
in Ubuntu.
Matching subscriptions: Bgg, Bmail, Nb
https://bugs.launchpad.net/bugs/2137664

Title:
Noble update: upstream stable patchset 2026-01-07

Status in linux package in Ubuntu:
Invalid
Status in linux source package in Noble:
Fix Released

Bug description:

SRU Justification

Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:

upstream stable patchset 2026-01-07

Ported from the following upstream stable releases:
v6.6.104, v6.12.45

from git://git.kernel.org/

of: dynamic: Fix memleak when of_pci_add_properties() failed
pinctrl: STMFX: add missing HAS_IOMEM dependency
mips: dts: lantiq: danube: add missing burst length property
mips: lantiq: xway: sysctrl: rename the etop node
of: Add a helper to free property struct
of: dynamic: Fix use after free in of_changeset_add_prop_helper()
ftrace: Fix potential warning in trace_printk_seq during ftrace_dump
scsi: core: sysfs: Correct sysfs attributes access rights
smb: client: fix race with concurrent opens in unlink(2)
smb: client: fix race with concurrent opens in rename(2)
ASoC: codecs: tx-macro: correct tx_macro_component_drv name
erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC
ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list
nfs: fold nfs_page_group_lock_subrequests into nfs_lock_and_join_requests
NFS: Fix a race when updating an existing write
vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put()
net: ipv4: fix regression in local-broadcast routes
drm/msm: Defer fd_install in SUBMIT ioctl
powerpc/kvm: Fix ifdef to remove build warning
HID: input: rename hidinput_set_battery_charge_status()
HID: input: report battery status changes immediately
Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success
Bluetooth: hci_event: Mark connection as closed during suspend disconnect
Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced
Bluetooth: hci_sync: fix set_local_name race condition
atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().
drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr
drm/nouveau: remove unused memory target test
ice: fix incorrect counter for buffer allocation failures
dt-bindings: display/msm: qcom,mdp5: drop lut clock
net: dlink: fix multicast stats being counted incorrectly
phy: mscc: Fix when PTP clock is register and unregister
net/mlx5: Reload auxiliary drivers on fw_activate
net/mlx5: Add device cap for supporting hot reset in sync reset flow
net/mlx5: Add support for sync reset using hot reset
net/mlx5: Fix lockdep assertion on sync reset unload event
net/mlx5: Nack sync reset when SFs are present
net/mlx5e: Set local Xoff after FW update
net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts
net: stmmac: Rename phylink_get_caps() callback to update_caps()
net: stmmac: xgmac: Correct supported speed modes
net: stmmac: Set CIC bit only for TX queues with COE
net: rose: split remove and free operations in rose_remove_neigh()
net: rose: convert 'use' field to refcount_t
net: rose: include node references in rose_neigh refcount
sctp: initialize more fields in sctp_v6_from_sk()
efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
KVM: x86: use array_index_nospec with indices that come from guest
x86/microcode/AMD: Handle the case of no BIOS microcode
HID: asus: fix UAF via HID_CLAIMED_INPUT validation
HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()
HID: quirks: add support for Legion Go dual dinput modes
HID: logitech: Add ids for G PRO 2 LIGHTSPEED
HID: wacom: Add a new Art Pen 2
HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version()
dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted
fs/smb: Fix inconsistent refcnt update
net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions
smb3 client: fix return code mapping of remap_file_range
drm/nouveau/disp: Always accept linear modifier
net: rose: fix a typo in rose_clear_routes()
xfs: do not propagate ENODATA disk errors into xattr code
trace/fgraph: Fix the warning caused by missing unregister notifier
perf symbol-minimal: Fix ehdr reading in filename__read_build_id
vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER
drm/msm/kms: move snapshot init earlier in KMS init
drm/mediatek: Add error handling for old state CRTC in atomic_disable
net: macb: fix unregister_netdev call order in macb_remove()
efi: stmm: Fix incorrect buffer allocation method
drm/xe/xe_sync: avoid race during ufence signaling
drm/xe: Don't trigger rebind on initial dma-buf validation
bnxt_en: Fix memory corruption when FW resources change during ifdown
bnxt_en: Adjust TX rings if reservation is less than requested
hv_netvsc: Link queues to NAPIs
net: hv_netvsc: fix loss of early receive events from host during channel open.
net: macb: Disable clocks once
RISC-V: KVM: fix stack overrun when loading vlenb
drm/xe/vm: Clear the scratch_pt pointer on error
drm/nouveau: fix error path in nvkm_gsp_fwsec_v2
drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv
drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode
PCI: Add PCIE_RESET_CONFIG_DEVICE_WAIT_MS waiting time value
PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS
PCI: dwc: Rename 'dw_pcie::link_gen' to 'dw_pcie::max_link_speed'
PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up
thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const
thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data
thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands
UBUNTU: Upstream stable to v6.6.104, v6.12.45

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2137664/+subscriptions

[Bug 2138867] Re: Noble update: upstream stable patchset 2026-01-22

This bug was fixed in the package linux - 6.8.0-106.106

---------------
linux (6.8.0-106.106) noble; urgency=medium

* Miscellaneous upstream changes
- apparmor: validate DFA start states are in bounds in unpack_pdb
- apparmor: fix memory leak in verify_header
- apparmor: replace recursive profile removal with iterative approach
- apparmor: fix: limit the number of levels of policy namespaces
- apparmor: fix side-effect bug in match_char() macro usage
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
- apparmor: Fix double free of ns_name in aa_replace_profiles()
- apparmor: fix unprivileged local user can do privileged policy
management
- apparmor: fix differential encoding verification
- apparmor: fix race on rawdata dereference
- apparmor: fix race between freeing data and fs accessing it

-- Mehmet Basaran <mehmet.basaran@canonical.com> Fri, 06 Mar 2026
03:43:25 +0300

** Changed in: linux (Ubuntu Noble)
Status: Fix Committed => Fix Released

--
You received this bug notification because you are subscribed to linux
in Ubuntu.
Matching subscriptions: Bgg, Bmail, Nb
https://bugs.launchpad.net/bugs/2138867

Title:
Noble update: upstream stable patchset 2026-01-22

Status in linux package in Ubuntu:
Invalid
Status in linux source package in Noble:
Fix Released

Bug description:

SRU Justification

Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:

upstream stable patchset 2026-01-22

Ported from the following upstream stable releases:
v6.6.108, v6.12.49

from git://git.kernel.org/

wifi: wilc1000: avoid buffer overflow in WID string configuration
ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported
wifi: mac80211: increase scan_ies_len for S1G
wifi: mac80211: fix incorrect type for ret
pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch
cgroup: split cgroup_destroy_wq into 3 workqueues
um: virtio_uml: Fix use-after-free after put_device in probe
qed: Don't collect too many protection override GRC elements
bonding: set random address only when slaves already exist
net/mlx5e: Harden uplink netdev access against device unbind
tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().
tls: make sure to abort the stream if headers are bogus
cnic: Fix use-after-free bugs in cnic_delete_task
octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp()
ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer
ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size
power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery
power: supply: bq27xxx: restrict no-battery detection to bq27000
LoongArch: Update help info of ARCH_STRICT_ALIGN
LoongArch: Align ACPI structures if ARCH_STRICT_ALIGN enabled
LoongArch: Check the return value when creating kobj
iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page()
btrfs: tree-checker: fix the incorrect inode ref size check
ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface
ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed
ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S
net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer
rds: ib: Increment i_fastreg_wrs before bailing out
selftests: mptcp: connect: catch IO errors on listen side
selftests: mptcp: avoid spurious errors on TCP disconnect
ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx
io_uring: backport io_should_terminate_tw()
io_uring: include dying ring in task_work "should cancel" state
ASoC: wm8940: Correct PLL rate rounding
ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message
drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ
drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path
crypto: af_alg - Set merge to zero early in af_alg_sendmsg
smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path
vmxnet3: unregister xdp rxq info in the reset path
selftests: mptcp: userspace pm: validate deny-join-id0 flag
xhci: dbc: decouple endpoint allocation from initialization
xhci: dbc: Fix full DbC transfer ring after several reconnects
iommu/amd/pgtbl: Fix possible race while increase page table level
rtc: pcf2127: fix SPI command byte for PCF2131 backport
mptcp: propagate shutdown to subflows when possible
minmax: avoid overly complicated constant expressions in VM code
minmax: simplify and clarify min_t()/max_t() implementation
minmax: add a few more MIN_T/MAX_T users
nvme: fix PI insert on write
btrfs: fix invalid extref key setup when replaying dentry
dpaa2-switch: fix buffer pool seeding for control traffic
net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR
mptcp: set remote_deny_join_id0 on SYN recv
mptcp: tfo: record 'deny join id0' info
selftests: mptcp: sockopt: fix error messages
net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure
ice: store max_frame and rx_buf_len only in ice_rx_ring
ice: fix Rx page leak on multi-buffer frames
i40e: remove redundant memory barrier when cleaning Tx descs
bonding: don't set oif to bond dev when getting NS target destination
octeon_ep: fix VF MAC address lifecycle handling
net: liquidio: fix overflow in octeon_init_instr_queue()
nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/*
dm-raid: don't set io_min and io_opt for raid1
dm-stripe: fix a possible integer overflow
mm: revert "mm: vmscan.c: fix OOM on swap stress test"
mmc: mvsdio: Fix dma_unmap_sg() nents value
KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active
ASoC: wm8940: Correct typo in control name
ASoC: wm8974: Correct PLL rate rounding
ASoC: Intel: catpt: Expose correct bit depth to userspace
drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue()
smb: client: fix filename matching of deferred files
smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work)
platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13
platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk
x86/bugs: Add SRSO_USER_KERNEL_NO support
x86/bugs: KVM: Add support for SRSO_MSR_FIX
KVM: SVM: Set/clear SRSO's BP_SPEC_REDUCE on 0 <=> 1 VM count transitions
mptcp: pm: nl: announce deny-join-id0 flag
UBUNTU: Upstream stable to v6.6.108, v6.12.49

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2138867/+subscriptions

[Bug 2138938] Re: Noble update: upstream stable patchset 2026-01-23

This bug was fixed in the package linux - 6.8.0-106.106

---------------
linux (6.8.0-106.106) noble; urgency=medium

* Miscellaneous upstream changes
- apparmor: validate DFA start states are in bounds in unpack_pdb
- apparmor: fix memory leak in verify_header
- apparmor: replace recursive profile removal with iterative approach
- apparmor: fix: limit the number of levels of policy namespaces
- apparmor: fix side-effect bug in match_char() macro usage
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
- apparmor: Fix double free of ns_name in aa_replace_profiles()
- apparmor: fix unprivileged local user can do privileged policy
management
- apparmor: fix differential encoding verification
- apparmor: fix race on rawdata dereference
- apparmor: fix race between freeing data and fs accessing it

-- Mehmet Basaran <mehmet.basaran@canonical.com> Fri, 06 Mar 2026
03:43:25 +0300

** Changed in: linux (Ubuntu Noble)
Status: Fix Committed => Fix Released

--
You received this bug notification because you are subscribed to linux
in Ubuntu.
Matching subscriptions: Bgg, Bmail, Nb
https://bugs.launchpad.net/bugs/2138938

Title:
Noble update: upstream stable patchset 2026-01-23

Status in linux package in Ubuntu:
Invalid
Status in linux source package in Noble:
Fix Released

Bug description:

SRU Justification

Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:

upstream stable patchset 2026-01-23

Ported from the following upstream stable releases:
v6.6.109, v6.6.110, v6.12.50, v6.12.51

from git://git.kernel.org/

scsi: ufs: mcq: Fix memory allocation checks for SQE and CQE
firewire: core: fix overlooked update of subsystem ABI version
ALSA: usb-audio: Fix block comments in mixer_quirks
ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks
ALSA: usb-audio: Avoid multiple assignments in mixer_quirks
ALSA: usb-audio: Simplify NULL comparison in mixer_quirks
ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks
ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5
ALSA: usb-audio: Convert comma to semicolon
ALSA: usb-audio: Fix build with CONFIG_INPUT=n
usb: core: Add 0x prefix to quirks debug output
mmc: sdhci-cadence: add Mobileye eyeQ support
i2c: designware: Add quirk for Intel Xe
ALSA: usb-audio: Add DSD support for Comtrue USB Audio device
ALSA: usb-audio: move mixer_quirks' min_mute into common quirk
ALSA: usb-audio: Add mute TLV for playback volumes on more devices
IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions
mm: add folio_expected_ref_count() for reference count calculation
mm/gup: check ref_count instead of lru before migration
mm/gup: local lru_add_drain() to avoid lru_add_drain_all()
mm: folio_may_be_lru_cached() unless folio_test_large()
arm64: dts: imx8mp: Correct thermal sensor index
ARM: dts: kirkwood: Fix sound DAI cells for OpenRD clients
cpufreq: Initialize cpufreq-based invariance before subsys
smb: server: don't use delayed_work for post_recv_credits_work
wifi: virt_wifi: Fix page fault on connect
can: rcar_can: rcar_can_resume(): fix s2ram with PSCI
bpf: Reject bpf_timer for PREEMPT_RT
xfrm: xfrm_alloc_spi shouldn't use 0 as SPI
can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow
can: hi311x: populate ndo_change_mtu() to prevent buffer overflow
can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow
can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow
can: peak_usb: fix shift-out-of-bounds issue
ethernet: rvu-af: Remove slash from the driver name
Bluetooth: hci_sync: Fix hci_resume_advertising_sync
Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync
vhost: Take a reference on the task in struct vhost_task.
bnxt_en: correct offset handling for IPv6 destination address
net: allow alloc_skb_with_frags() to use MAX_SKB_FRAGS
nexthop: Forbid FDB status change while nexthop is in a group
selftests: fib_nexthops: Fix creation of non-FDB nexthops
net: dsa: lantiq_gswip: do also enable or disable cpu port
net: dsa: lantiq_gswip: move gswip_add_single_port_br() call to port_setup()
net: dsa: lantiq_gswip: suppress -EINVAL errors for bridge FDB entries added to the CPU port
octeontx2-pf: Fix potential use after free in otx2_tc_add_flow()
drm/gma500: Fix null dereference in hdmi teardown
futex: Prevent use-after-free during requeue-PI
HID: asus: add support for missing PX series fn keys
i40e: fix idx validation in i40e_validate_queue_map
i40e: fix idx validation in config queues msg
i40e: fix input validation logic for action_meta
i40e: fix validation of VF state in get resources
i40e: add max boundary check for VF filters
i40e: add mask to apply valid bits for itr_idx
i40e: improve VF MAC filters accounting
tracing: dynevent: Add a missing lockdown check on dynevent
ARM: dts: socfpga: sodia: Fix mdio bus probe and PHY address
afs: Fix potential null pointer dereference in afs_put_server
kmsan: fix out-of-bounds access to shadow memory
mm/hugetlb: fix folio is still mapped when deleted
fbcon: fix integer overflow in fbcon_do_set_font
fbcon: Fix OOB access in font allocation
s390/cpum_cf: Fix uninitialized warning after backport of ce971233242b
ARM: bcm: Select ARM_GIC_V3 for ARCH_BRCMSTB
loop: Avoid updating block size under exclusive owner
gpiolib: Extend software-node support to support secondary software-nodes
drm/ast: Use msleep instead of mdelay for edid read
i40e: add validation for ring_len param
minmax: make generic MIN() and MAX() macros available everywhere
minmax: simplify min()/max()/clamp() implementation
minmax: don't use max() in situations that want a C constant expression
minmax: improve macro expansion and type checking
minmax: fix up min3() and max3() too
minmax.h: add whitespace around operators and after commas
minmax.h: update some comments
minmax.h: reduce the #define expansion of min(), max() and clamp()
minmax.h: move all the clamp() definitions after the min/max() ones
minmax.h: simplify the variants of clamp()
minmax.h: remove some #defines that are only expanded once
drm/i915/backlight: Return immediately when scale() finds invalid parameters
ALSA: usb-audio: Fix code alignment in mixer_quirks
ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA
net: fec: rename struct fec_devinfo fec_imx6x_info -> fec_imx6sx_info
net: sfp: add quirk for Potron SFP+ XGSPON ONU Stick
net: sfp: add quirk for FLYPRO copper SFP+ module
HID: amd_sfh: Add sync across amd sfh work functions
platform/x86: lg-laptop: Fix WMAB call in fan_mode_store()
fs/proc/task_mmu: check p->vec_buf for NULL
crypto: sha256 - fix crash at kexec
gcc-plugins: Remove TODO_verify_il for GCC >= 16
scsi: target: target_core_configfs: Add length check to avoid buffer overflow
media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove
media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID
ASoC: qcom: audioreach: fix potential null pointer dereference
mm: swap: check for stable address space before operating on the VMA
wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()
UBUNTU: Upstream stable to v6.6.109, v6.6.110, v6.12.50, v6.12.51

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2138938/+subscriptions

[Bug 2139072] Re: Noble update: upstream stable patchset 2026-01-26

This bug was fixed in the package linux - 6.8.0-106.106

---------------
linux (6.8.0-106.106) noble; urgency=medium

* Miscellaneous upstream changes
- apparmor: validate DFA start states are in bounds in unpack_pdb
- apparmor: fix memory leak in verify_header
- apparmor: replace recursive profile removal with iterative approach
- apparmor: fix: limit the number of levels of policy namespaces
- apparmor: fix side-effect bug in match_char() macro usage
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
- apparmor: Fix double free of ns_name in aa_replace_profiles()
- apparmor: fix unprivileged local user can do privileged policy
management
- apparmor: fix differential encoding verification
- apparmor: fix race on rawdata dereference
- apparmor: fix race between freeing data and fs accessing it

-- Mehmet Basaran <mehmet.basaran@canonical.com> Fri, 06 Mar 2026
03:43:25 +0300

** Changed in: linux (Ubuntu Noble)
Status: Fix Committed => Fix Released

--
You received this bug notification because you are subscribed to linux
in Ubuntu.
Matching subscriptions: Bgg, Bmail, Nb
https://bugs.launchpad.net/bugs/2139072

Title:
Noble update: upstream stable patchset 2026-01-26

Status in linux package in Ubuntu:
Invalid
Status in linux source package in Noble:
Fix Released

Bug description:

SRU Justification

Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:

upstream stable patchset 2026-01-26

Ported from the following upstream stable releases:
v6.6.111, v6.6.112, v6.12.52, v6.12.53

from git://git.kernel.org/

media: tunner: xc5000: Refactor firmware load
media: tuner: xc5000: Fix use-after-free in xc5000_release
media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe
USB: serial: option: add SIMCom 8230C compositions
wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188
ASoC: amd: acp: Adjust pdm gain value
dm-integrity: limit MAX_TAG_SIZE to 255
platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list
perf subcmd: avoid crash in exclude_cmds when excludes is empty
ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue
btrfs: ref-verify: handle damaged extent root tree
can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled
can: rcar_canfd: Fix controller mode setting
platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list
ALSA: usb-audio: Kill timer properly at removal
ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free
hid: fix I2C read buffer overflow in raw_event() for mcp2221
serial: stm32: allow selecting console when the driver is module
UBUNTU: [Config] enable SERIAL_STM32_CONSOLE
staging: axis-fifo: fix maximum TX packet length check
staging: axis-fifo: fix TX handling on copy_from_user() failure
staging: axis-fifo: flush RX FIFO on read errors
driver core/PM: Set power.no_callbacks along with power.no_pm
riscv: mm: Use hint address in mmap if available
riscv: mm: Do not restrict mmap address based on hint
crypto: rng - Ensure set_ent is always present
net/9p: fix double req put in p9_fd_cancelled
KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O
filelock: add FL_RECLAIM to show_fl_flags() macro
init: INITRAMFS_PRESERVE_MTIME should depend on BLK_DEV_INITRD
seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast
selftests: arm64: Check fread return value in exec_target
gfs2: Fix GLF_INVALIDATE_IN_PROGRESS flag clearing in do_xmote
coresight: trbe: Prevent overflow in PERF_IDX2OFF()
perf: arm_spe: Prevent overflow in PERF_IDX2OFF()
smb: server: fix IRD/ORD negotiation with the client
x86/vdso: Fix output operand size of RDPID
arm64: dts: renesas: rzg2lc-smarc: Disable CAN-FD channel0
regmap: Remove superfluous check for !config in __regmap_init()
bpf/selftests: Fix test_tcpnotify_user
bpf: Remove migrate_disable in kprobe_multi_link_prog_run
libbpf: Fix reuse of DEVMAP
ARM: dts: renesas: porter: Fix CAN pin group
leds: flash: leds-qcom-flash: Update torch current clamp setting
cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus()
ACPI: processor: idle: Fix memory leak when register cpuidle device failed
soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS
pinctrl: meson-gxl: add missing i2c_d pinmux
blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx
ARM: at91: pm: fix MCKx restore routine
arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map
regulator: scmi: Use int type to store negative error codes
selftests/nolibc: fix EXPECT_NZ macro
block: use int to store blk_stack_limits() return value
PM: sleep: core: Clear power.must_resume in noirq suspend error path
ARM: dts: ti: omap: am335x-baltos: Fix ti,en-ck32k-xtal property in DTS to use correct boolean syntax
ARM: dts: ti: omap: omap3-devkit8000-lcd: Fix ti,keep-vref-on property to use correct boolean syntax in DTS
ARM: dts: omap: am335x-cm-t335: Remove unused mcasp num-serializer property
PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe()
power: supply: cw2015: Fix a alignment coding style issue
pinctrl: renesas: Use int type to store negative error codes
null_blk: Fix the description of the cache_size module argument
arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie0
nbd: restrict sockets to TCP and UDP
firmware: firmware: meson-sm: fix compile-test default
cpuidle: qcom-spm: fix device and OF node leaks at probe
arm64: dts: mediatek: mt6331: Fix pmic, regulators, rtc, keys node names
arm64: dts: mediatek: mt6795-xperia-m5: Fix mmc0 latch-ck value
arm64: dts: mediatek: mt8516-pumpkin: Fix machine compatible
pwm: tiehrpwm: Fix corner case in clock divisor calculation
ACPICA: Fix largest possible resource descriptor index
nvmet-fc: move lsop put work to nvmet_fc_ls_req_op
i3c: master: svc: Use manual response for IBI events
i3c: master: svc: Recycle unused IBI slot
selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported
bpf: Explicitly check accesses to bpf_sock_addr
smp: Fix up and expand the smp_call_function_many() kerneldoc
tools/nolibc: make time_t robust if __kernel_old_time_t is missing in host headers
once: fix race by moving DO_ONCE to separate section
hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems
thermal/drivers/qcom: Make LMH select QCOM_SCM
thermal/drivers/qcom/lmh: Add missing IRQ includes
i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD
i2c: designware: Fix clock issue when PM is disabled
i2c: designware: Add disabling clocks when probe fails
bpf: Enforce expected_attach_type for tailcall compatibility
drm/panel: novatek-nt35560: Fix invalid return value
drm/radeon/r600_cs: clean up of dead code in r600_cs
f2fs: fix condition in __allow_reserved_blocks()
drm/bridge: it6505: select REGMAP_I2C
media: zoran: Remove zoran_fh structure
phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568
usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup
usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls
serial: max310x: Add error checking in probe()
drm/amd/display: Remove redundant semicolons
crypto: keembay - Add missing check after sg_nents_for_len()
hwrng: nomadik - add ARM_AMBA dependency
scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod
scsi: myrs: Fix dma_alloc_coherent() error check
media: rj54n1cb0c: Fix memleak in rj54n1_probe()
RDMA/mlx5: Fix vport loopback forcing for MPV device
ALSA: lx_core: use int type to store negative error codes
media: st-delta: avoid excessive stack usage
crypto: hisilicon/zip - remove unnecessary validation for high-performance mode configurations
crypto: hisilicon - re-enable address prefetch after device resuming
crypto: hisilicon/qm - check whether the input function and PF are on the same device
inet: ping: check sock_net() in ping_get_port() and ping_lookup()
coresight: Only register perf symlink for sinks with alloc_buffer
drm/amdgpu: Power up UVD 3 for FW validation (v2)
drm/amd/pm: Disable ULV even if unsupported (v3)
drm/amd/pm: Fix si_upload_smc_data (v3)
drm/amd/pm: Adjust si_upload_smc_data register programming (v3)
drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3)
drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2)
drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3)
wifi: mwifiex: send world regulatory domain to driver
PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation
tcp: fix __tcp_close() to only send RST when required
drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl()
usb: phy: twl6030: Fix incorrect type for ret
usb: gadget: configfs: Correctly set use_os_string at bind
tty: n_gsm: Don't block input queue by waiting MSC
misc: genwqe: Fix incorrect cmd field being reported in error
pps: fix warning in pps_register_cdev when register device fail
ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping
ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping
ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping
drm/msm/dpu: fix incorrect type for ret
fs: ntfs3: Fix integer overflow in run_unpack()
fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist
iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed()
iio: consumers: Fix offset handling in iio_convert_raw_to_processed()
netfilter: ipset: Remove unused htable_bits in macro ahash_region
ipvs: Use READ_ONCE/WRITE_ONCE for ipvs->enable
watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog
drivers/base/node: handle error properly in register_one_node()
RDMA/cm: Rate limit destroy CM ID timeout error message
wifi: mt76: fix potential memory leak in mt76_wmac_probe()
f2fs: fix to update map->m_next_extent correctly in f2fs_map_blocks()
f2fs: fix to truncate first page in error path of f2fs_truncate()
f2fs: fix to mitigate overhead of f2fs_zero_post_eof_page()
ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message
scsi: qla2xxx: edif: Fix incorrect sign of error code
scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES()
scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp()
f2fs: fix zero-sized extent for precache extents
RDMA/core: Resolve MAC of next-hop device without ARP support
IB/sa: Fix sa_local_svc_timeout_ms read race
Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram
wifi: mac80211: fix Rx packet handling when pubsta information is not available
sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC
sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III
sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara
sparc: fix accurate exception reporting in copy_to_user for Niagara 4
sparc: fix accurate exception reporting in copy_{from,to}_user for M7
vfio/pds: replace bitmap_free with vfree
crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs
RDMA/rxe: Fix race in do_task() when draining
wifi: rtw89: avoid circular locking dependency in ser_state_run()
PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert()
remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice
coresight-etm4x: Conditionally access register TRCEXTINSELR
coresight: etm4x: Support atclk
coresight: trbe: Return NULL pointer for allocation failures
NFSv4.1: fix backchannel max_resp_sz verification check
scsi: mpt3sas: Fix crash in transport port remove by using ioc_info()
usb: vhci-hcd: Prevent suspending virtually attached devices
RDMA/siw: Always report immediate post SQ errors
net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast
vhost: vringh: Fix copy_to_iter return value check
Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO
Bluetooth: ISO: Fix possible UAF on iso_conn_free
Bluetooth: ISO: don't leak skb in ISO_CONT RX
Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements
KEYS: X.509: Fix Basic Constraints CA flag parsing
hwrng: ks-sa - fix division by zero in ks_sa_rng_init
ocfs2: fix double free in user_cluster_connect()
drivers/base/node: fix double free in register_one_node()
mtd: rawnand: atmel: Fix error handling path in atmel_nand_controller_add_nands
nfp: fix RSS hash key size when RSS is not supported
net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable
net: dlink: handle copy_thresh allocation failure
net/mlx5: Stop polling for command response if interface goes down
net/mlx5: pagealloc: Fix reclaim race during command interface teardown
net/mlx5: fw reset, add reset timeout work
smb: client: fix crypto buffers in non-linear memory
vhost: vringh: Modify the return value check
bpf: Reject negative offsets for ALU ops
Squashfs: fix uninit-value in squashfs_get_parent
uio_hv_generic: Let userspace take care of interrupt mask
ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data()
ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down
fs: udf: fix OOB read in lengthAllocDescs handling
net: nfc: nci: Add parameter validation for packet data
mfd: rz-mtu3: Fix MTU5 NFCR register offset
mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data()
dm: fix queue start/stop imbalance under suspend/load/resume races
dm: fix NULL pointer dereference in __dm_suspend()
LoongArch: Automatically disable kaslr if boot from kexec_file
ksmbd: fix error code overwriting in smb2_get_info_filesystem()
ext4: fix checks for orphan inodes
mm: hugetlb: avoid soft lockup when mprotect to large memory area
nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe()
misc: fastrpc: Fix fastrpc_map_lookup operation
misc: fastrpc: fix possible map leak in fastrpc_put_args
misc: fastrpc: Skip reference for DMA handles
Input: atmel_mxt_ts - allow reset GPIO to sleep
Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak
sunrpc: fix null pointer dereference on zero-length checksum
remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable()
pinctrl: check the return value of pinmux_ops::get_function_name()
bus: fsl-mc: Check return value of platform_get_resource()
net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock
usb: typec: tipd: Clear interrupts first
arm64: dts: qcom: qcm2290: Disable USB SS bus instances in park mode
usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call
wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()
Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1
wifi: rtl8xxxu: Don't claim USB ID 07b8:8188
netfs: Prevent duplicate unlocking
nvmem: layouts: fix automatic module loading
uprobes: uprobe_warn should use passed task
lsm: CONFIG_LSM can depend on CONFIG_SECURITY
vdso: Add struct __kernel_old_timeval forward declaration to gettime.h
selftests: vDSO: vdso_test_abi: Correctly skip whole test with missing vDSO
PM / devfreq: rockchip-dfi: double count on RK3588
soc: mediatek: mtk-svs: fix device leaks on mt8183 probe failure
soc: mediatek: mtk-svs: fix device leaks on mt8192 probe failure
pwm: tiehrpwm: Don't drop runtime PM reference in .free()
pwm: tiehrpwm: Make code comment in .free() more useful
pwm: tiehrpwm: Fix various off-by-one errors in duty-cycle calculation
riscv, bpf: Sign extend struct ops return values properly
spi: fix return code when spi device has too many chipselects
bpf: Mark kfuncs as __noclone
crypto: octeontx2 - Call strscpy() with correct size argument
RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count
idpf: fix Rx descriptor ready check barrier in splitq
wifi: mt76: mt7996: Fix RX packets configuration for primary WED device
wifi: mt76: mt7996: Convert mt7996_wed_rro_addr to LE
HID: hidraw: tighten ioctl command parsing
wifi: ath12k: fix wrong logging ID used for CE
iommu/vt-d: debugfs: Fix legacy mode page table dump logic
coresight: tmc: Move ACPI support from AMBA driver to platform driver
coresight: tmc: Support atclk
coresight: catu: Move ACPI support from AMBA driver to platform driver
coresight: catu: Support atclk
coresight: Fix incorrect handling for return value of devm_kzalloc
PCI: rcar-gen4: Add missing 1ms delay after PWR reset assertion
PCI: rcar-gen4: Assure reset occurs before DBI access
iommu/vt-d: Disallow dirty tracking if incoherent page walk
ptp: Add a upper bound on max_vclocks
Bluetooth: ISO: free rx_skb if not consumed
PCI: j721e: Fix incorrect error message in probe()
io_uring/waitid: always prune wait queue entry in io_waitid_wait()
fbdev: simplefb: Fix use after free in simplefb_detach_genpds()
tee: fix register_shm_helper()
UBUNTU: Upstream stable to v6.6.111, v6.6.112, v6.12.52, v6.12.53

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2139072/+subscriptions

[Bug 2139158] Re: Noble update: upstream stable patchset 2026-01-27

This bug was fixed in the package linux - 6.8.0-106.106

---------------
linux (6.8.0-106.106) noble; urgency=medium

* Miscellaneous upstream changes
- apparmor: validate DFA start states are in bounds in unpack_pdb
- apparmor: fix memory leak in verify_header
- apparmor: replace recursive profile removal with iterative approach
- apparmor: fix: limit the number of levels of policy namespaces
- apparmor: fix side-effect bug in match_char() macro usage
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
- apparmor: Fix double free of ns_name in aa_replace_profiles()
- apparmor: fix unprivileged local user can do privileged policy
management
- apparmor: fix differential encoding verification
- apparmor: fix race on rawdata dereference
- apparmor: fix race between freeing data and fs accessing it

-- Mehmet Basaran <mehmet.basaran@canonical.com> Fri, 06 Mar 2026
03:43:25 +0300

** Changed in: linux (Ubuntu Noble)
Status: Fix Committed => Fix Released

--
You received this bug notification because you are subscribed to linux
in Ubuntu.
Matching subscriptions: Bgg, Bmail, Nb
https://bugs.launchpad.net/bugs/2139158

Title:
Noble update: upstream stable patchset 2026-01-27

Status in linux package in Ubuntu:
Invalid
Status in linux source package in Noble:
Fix Released

Bug description:

SRU Justification

Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:

upstream stable patchset 2026-01-27

Ported from the following upstream stable releases:
v6.6.113, v6.12.54

from git://git.kernel.org/

fs: always return zero on success from replace_fd()
fscontext: do not consume log entries when returning -EMSGSIZE
clocksource/drivers/clps711x: Fix resource leaks in error paths
iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE
media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try()
asm-generic/io.h: Skip trace helpers if rwmmio events are disabled
perf evsel: Avoid container_of on a NULL leader
libperf event: Ensure tracing data is multiple of 8 sized
clk: at91: peripheral: fix return value
perf util: Fix compression checks returning -1 as bool
rtc: x1205: Fix Xicor X1205 vendor prefix
rtc: optee: fix memory leak on driver removal
perf arm_spe: Correct setting remote access
perf arm-spe: Rename the common data source encoding
perf arm_spe: Correct memory level for remote access
perf session: Fix handling when buffer exceeds 2 GiB
perf test: Don't leak workload gopipe in PERF_RECORD_*
perf test: Add a test for default perf stat command
perf tools: Add fallback for exclude_guest
perf evsel: Ensure the fallback message is always written to
clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m
clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags()
clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate()
clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver
clk: tegra: do not overallocate memory for bpmp clocks
scsi: mvsas: Fix use-after-free bugs in mvs_work_queue
ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size
LoongArch: Remove CONFIG_ACPI_TABLE_UPGRADE in platform_init()
LoongArch: Init acpi_gbl_use_global_lock to false
net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter()
drm/vmwgfx: Fix a null-ptr access in the cursor snooper
drm/vmwgfx: Fix Use-after-free in validation
drm/vmwgfx: Fix copy-paste typo in validation
net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()
tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request().
net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe
tools build: Align warning options with perf
perf python: split Clang options when invoking Popen
tcp: take care of zero tp->window_clamp in tcp_set_rcvlowat()
mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call
mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes
bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6}
drm/amdgpu: Add additional DCE6 SCL registers
drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs
drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6
drm/amd/display: Properly disable scaling on DCE6
netfilter: nf_tables: drop unused 3rd argument from validate callback ops
netfilter: nft_objref: validate objref and objrefmap expressions
bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu()
crypto: essiv - Check ssize for decryption and in-place encryption
smb: client: fix missing timestamp updates after utime(2)
tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single
gpio: wcd934x: mark the GPIO controller as sleeping
bpf: Avoid RCU context warning when unpinning htab with internal structs
ACPI: property: Fix buffer properties extraction for subnodes
ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT
ACPI: debug: fix signedness issues in read/write helpers
arm64: dts: qcom: msm8916: Add missing MDSS reset
arm64: dts: qcom: msm8939: Add missing MDSS reset
arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees
arm64: dts: ti: k3-am62a-main: Fix main padcfg length
ARM: OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init
dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required
xen/events: Cleanup find_virq() return codes
xen/manage: Fix suspend error path
xen/events: Return -EEXIST for bound VIRQs
xen/events: Update virq_to_irq on migration
firmware: meson_sm: fix device leak at probe
media: cx18: Add missing check after DMA map
media: i2c: mt9v111: fix incorrect type for ret
media: mc: Fix MUST_CONNECT handling for pads with no links
media: pci: ivtv: Add missing check after DMA map
media: venus: firmware: Use correct reset sequence for IRIS2
media: lirc: Fix error handling in lirc_register()
drm/rcar-du: dsi: Fix 1/2/3 lane support
drm/nouveau: fix bad ret code in nouveau_bo_move_prep
blk-crypto: fix missing blktrace bio split events
btrfs: avoid potential out-of-bounds in btrfs_encode_fh()
bus: mhi: ep: Fix chained transfer handling in read path
bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup()
copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64)
cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()
crypto: aspeed - Fix dma_unmap_sg() direction
crypto: atmel - Fix dma_unmap_sg() direction
crypto: rockchip - Fix dma_unmap_sg() nents value
fbdev: Fix logic error in "offb" name match
fs/ntfs3: Fix a resource leak bug in wnd_extend()
iio: dac: ad5360: use int type to store negative error codes
iio: dac: ad5421: use int type to store negative error codes
iio: frequency: adf4350: Fix prescaler usage.
iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK
iio: xilinx-ams: Unmask interrupts after updating alarms
init: handle bootloader identifier in kernel parameters
iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume
iommu/vt-d: PRS isn't usable if PDS isn't supported
kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths
KEYS: trusted_tpm1: Compare HMAC values in constant time
lib/genalloc: fix device leak in of_gen_pool_get()
of: unittest: Fix device reference count leak in of_unittest_pci_node_verify
openat2: don't trigger automounts with RESOLVE_NO_XDEV
parisc: don't reference obsolete termio struct for TC* constants
parisc: Remove spurious if statement from raw_copy_from_user()
nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk
pinctrl: samsung: Drop unused S3C24xx driver data
power: supply: max77976_charger: fix constant current reporting
powerpc/powernv/pci: Fix underflow and leak issue
powerpc/pseries/msi: Fix potential underflow and leak issue
pwm: berlin: Fix wrong register in suspend/resume
Revert "ipmi: fix msg stack when IPMI is disconnected"
sched/deadline: Fix race in push_dl_task()
scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl()
sctp: Fix MAC comparison to be constant-time
sparc64: fix hugetlb for sun4u
sparc: fix error handling in scan_one_device()
xtensa: simdisk: add input size check in proc_write_simdisk
mtd: rawnand: fsmc: Default to autodetect buswidth
mmc: core: SPI mode remove cmd7
memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe
rtc: interface: Ensure alarm irq is enabled when UIE is enabled
rtc: interface: Fix long-standing race when setting alarm
rseq/selftests: Use weak symbol reference, not definition, to link with glibc
PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock
PCI/sysfs: Ensure devices are powered for config reads
PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV
PCI/ERR: Fix uevent on failure to recover
PCI/AER: Fix missing uevent on recovery when a reset is requested
PCI/AER: Support errors introduced by PCIe r6.0
PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit
PCI: rcar-host: Drop PMSR spinlock
PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock
PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq()
PCI: tegra194: Handle errors in BPMP response
spi: cadence-quadspi: Flush posted register writes before INDAC access
spi: cadence-quadspi: Flush posted register writes before DAC access
x86/umip: Check that the instruction opcode is at least two bytes
x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases)
selftests: mptcp: join: validate C-flag + def limit
wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again
wifi: mt76: mt7921u: Add VID/PID for Netgear A7500
mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations
mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when max_huge_pages=0
mm/damon/vaddr: do not repeat pte_offset_map_lock() until success
NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul()
nfsd: nfserr_jukebox in nlm_fopen should lead to a retry
ext4: verify orphan file size is not too big
ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch()
ext4: correctly handle queries for metadata mappings
ext4: fix an off-by-one issue during moving extents
ext4: guard against EA inode refcount underflow in xattr update
ext4: validate ea_ino and size in check_xattrs
ACPICA: Allow to skip Global Lock initialization
ext4: free orphan info with kvfree
lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older
Squashfs: add additional inode sanity checking
Squashfs: reject negative file sizes in squashfs_read_inode()
media: mc: Clear minor number before put device
mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value
mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type
mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag
tracing: Fix race condition in kprobe initialization causing NULL pointer dereference
KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid
ksmbd: add max ip connections parameter
misc: fastrpc: Add missing dev_err newlines
misc: fastrpc: Save actual DMA size in fastrpc_map structure
PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan()
PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release
btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range()
KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2
ipmi: Rework user message limit handling
ipmi: Fix handling of messages with provided receive message pointer
arm64: kprobes: call set_memory_rox() for kprobe page
arm64: mte: Do not flag the zero page as PG_mte_tagged
ACPI: battery: allocate driver data through devm_ APIs
ACPI: battery: initialize mutexes through devm_ APIs
ACPI: battery: Check for error code from devm_mutex_init() call
ACPI: battery: Add synchronization between interface updates
ACPI: property: Disregard references in data-only subnode lists
ACPI: property: Add code comments explaining what is going on
ACPI: property: Do not pass NULL handles to acpi_attach_data()
s390/bpf: Change seen_reg to a mask
s390/bpf: Centralize frame offset calculations
s390/bpf: Describe the frame using a struct instead of constants
s390/bpf: Write back tail call counter for BPF_PSEUDO_CALL
s390/bpf: Write back tail call counter for BPF_TRAMP_F_CALL_ORIG
selftests/mm: skip soft-dirty tests when CONFIG_MEM_SOFT_DIRTY is disabled
mptcp: pm: in-kernel: usable client side with C-flag
irqchip/sifive-plic: Make use of __assign_bit()
irqchip/sifive-plic: Avoid interrupt ID 0 handling during suspend/resume
minixfs: Verify inode mode when loading from disk
pid: Add a judgment for ns null in pid_nr_ns
fs: Add 'initramfs_options' to set initramfs mount options
cramfs: Verify inode mode when loading from disk
writeback: Avoid softlockup when switching many inodes
writeback: Avoid excessively long inode switching times
perf test stat: Avoid hybrid assumption when virtualized
rseq: Protect event mask against membarrier IPI
perf vendor events arm64 AmpereOneX: Fix typo - should be l1d_cache_access_prefetches
ASoC: SOF: ipc4-topology: Account for different ChainDMA host buffer size
ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time
ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel
s390/cio: Update purge function to unregister the unused subchannels
mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop
mailbox: mtk-cmdq-mailbox: Switch to __pm_runtime_put_autosuspend()
mailbox: mtk-cmdq: Switch to pm_runtime_put_autosuspend()
mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data()
cifs: Fix copy_to_iter return value check
ARM: AM33xx: Implement TI advisory 1.0.36 (EMU0/EMU1 pins state on reset)
media: pci: mg4b: fix uninitialized iio scan data
media: s5p-mfc: remove an unused/uninitialized variable
media: ti: j721e-csi2rx: Use devm_of_platform_populate
media: ti: j721e-csi2rx: Fix source subdev link creation
drm/xe/uapi: loosen used tracking restriction
xsk: Harden userspace-supplied xdp_desc validation
PCI: xilinx-nwl: Fix ECAM programming
PCI: tegra194: Reset BARs when running in PCIe endpoint mode
s390: Add -Wno-pointer-sign to KBUILD_CFLAGS_DECOMPRESSOR
wifi: mt76: mt7925u: Add VID/PID for Netgear A9000
ext4: add ext4_sb_bread_nofail() helper function for ext4_free_branches()
ext4: avoid potential buffer over-read in parse_apply_sb_mount_options()
mm/ksm: fix incorrect KSM counter handling in mm_struct during fork
KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace
copy_file_range: limit size if in compat mode
UBUNTU: Upstream stable to v6.6.113, v6.12.54

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2139158/+subscriptions

[Bug 2139633] Re: Noble update: upstream stable patchset 2026-02-03

This bug was fixed in the package linux - 6.8.0-106.106

---------------
linux (6.8.0-106.106) noble; urgency=medium

* Miscellaneous upstream changes
- apparmor: validate DFA start states are in bounds in unpack_pdb
- apparmor: fix memory leak in verify_header
- apparmor: replace recursive profile removal with iterative approach
- apparmor: fix: limit the number of levels of policy namespaces
- apparmor: fix side-effect bug in match_char() macro usage
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
- apparmor: Fix double free of ns_name in aa_replace_profiles()
- apparmor: fix unprivileged local user can do privileged policy
management
- apparmor: fix differential encoding verification
- apparmor: fix race on rawdata dereference
- apparmor: fix race between freeing data and fs accessing it

-- Mehmet Basaran <mehmet.basaran@canonical.com> Fri, 06 Mar 2026
03:43:25 +0300

** Changed in: linux (Ubuntu Noble)
Status: Fix Committed => Fix Released

--
You received this bug notification because you are subscribed to linux
in Ubuntu.
Matching subscriptions: Bgg, Bmail, Nb
https://bugs.launchpad.net/bugs/2139633

Title:
Noble update: upstream stable patchset 2026-02-03

Status in linux package in Ubuntu:
Invalid
Status in linux source package in Noble:
Fix Released

Bug description:

SRU Justification

Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:

upstream stable patchset 2026-02-03

Ported from the following upstream stable releases:
v6.6.119, v6.12.61

from git://git.kernel.org/

can: kvaser_usb: leaf: Fix potential infinite loop in command parsers
can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs
can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header
can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data
Bluetooth: hci_sock: Prevent race in socket write iter and sock bind
Bluetooth: SMP: Fix not generating mackey and ltk when repairing
net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY
platform/x86: intel: punit_ipc: fix memory corruption
net: aquantia: Add missing descriptor cache invalidation on ATL2
net: lan966x: Fix the initialization of taprio
net/mlx5e: Fix validation logic in rate limiting
net: sxgbe: fix potential NULL dereference in sxgbe_rx()
drm/amdgpu: fix cyan_skillfish2 gpu info fw handling
net: dsa: sja1105: simplify static configuration reload
net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic
net: atlantic: fix fragment overflow handling in RX path
net: fec: cancel perout_timer when PEROUT is disabled
net: fec: do not update PEROUT if it is enabled
net: fec: do not allow enabling PPS and PEROUT simultaneously
net: fec: do not register PPS event for PEROUT
iio: st_lsm6dsx: Fixed calibrated timestamp calculation
usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors
mailbox: mailbox-test: Fix debugfs_create_dir error checking
mailbox: pcc: Refactor error handling in irq handler into separate function
mailbox: pcc: don't zero error register
spi: tegra114: remove Kconfig dependency on TEGRA20_APB_DMA
spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors
spi: spi-mem: Allow specifying the byte order in Octal DTR mode
spi: spi-mem: Extend spi-mem operations with a per-operation maximum frequency
spi: spi-mem: Add a new controller capability
spi: nxp-fspi: Support per spi-mem operation frequency switches
spi: nxp-fspi: Propagate fwnode in ACPI case as well
spi: bcm63xx: fix premature CS deassertion on RX-only transactions
Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()"
iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields
iio:common:ssp_sensors: Fix an error handling path ssp_probe()
iio: accel: bmc150: Fix irq assumption regression
iio: accel: fix ADXL355 startup race condition
iio: adc: ad7280a: fix ad7280_store_balance_timer()
MIPS: mm: Prevent a TLB shutdown on initial uniquification
MIPS: mm: kmalloc tlb_vpn array to avoid stack overflow
ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230
ARM: dts: nxp: imx6ul: correct SAI3 interrupt line
atm/fore200e: Fix possible data race in fore200e_open()
can: sja1000: fix max irq loop handling
can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling
ceph: fix crash in process_v2_sparse_read() for encrypted directories
dm-verity: fix unreliable memory allocation
drivers/usb/dwc3: fix PCI parent check
smb: client: fix memory leak in cifs_construct_tcon()
thunderbolt: Add support for Intel Wildcat Lake
slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves
firmware: stratix10-svc: fix bug in saving controller data
mptcp: clear scheduled subflows on retransmit
serial: amba-pl011: prefer dma_mapping_error() over explicit address checking
most: usb: fix double free on late probe failure
usb: cdns3: Fix double resource release in cdns3_pci_probe
usb: gadget: f_eem: Fix memory leak in eem_unwrap
usb: renesas_usbhs: Fix synchronous external abort on unbind
usb: storage: Fix memory leak in USB bulk transport
USB: storage: Remove subclass and protocol overrides from Novatek quirk
usb: storage: sddr55: Reject out-of-bound new_pba
usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer
usb: dwc3: pci: add support for the Intel Nova Lake -S
usb: dwc3: pci: Sort out the Intel device IDs
usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths
xhci: dbgtty: Fix data corruption when transmitting data form DbC to host
xhci: dbgtty: fix device unregister
USB: serial: ftdi_sio: add support for u-blox EVK-M101
USB: serial: option: add support for Rolling RW101R-GL
drm: sti: fix device leaks at component probe
drm/amd/display: Check NULL before accessing
net: dsa: microchip: common: Fix checks on irq_find_mapping()
net: dsa: microchip: ptp: Fix checks on irq_find_mapping()
libceph: fix potential use-after-free in have_mon_and_osd_map()
libceph: prevent potential out-of-bounds writes in handle_auth_session_key()
libceph: replace BUG_ON with bounds check for map->max_osd
nfsd: Replace clamp_t in nfsd4_get_drc_mem()
usb: udc: Add trace event for usb_gadget_set_state
usb: gadget: udc: fix use-after-free in usb_gadget_state_work
usb: typec: ucsi: psy: Set max current to zero when disconnected
can: rcar_canfd: Fix CAN-FD mode as default
iio: adc: rtq6056: Correct the sign bit index
ksmbd: fix use-after-free in session logoff
net: dsa: microchip: Fix symetry in ksz_ptp_msg_irq_{setup/free}()
net: dsa: microchip: Free previously initialized ports on init failures
team: Move team device type change at the end of team_port_add
mailbox: mtk-cmdq: Refine DMA address handling for the command buffer
iio: humditiy: hdc3020: fix units for temperature and humidity measurement
arm64: dts: imx8dxl-ss-conn: swap interrupts number of eqos
nvmem: layouts: fix nvmem_layout_bus_uevent
xhci: fix stale flag preventig URBs after link state error is cleared
drm/amd/display: Don't change brightness for disabled connectors
KVM: SVM: Introduce svm_recalc_lbr_msr_intercepts()
KVM: nSVM: Always recalculate LBR MSR intercepts in svm_update_lbrv()
KVM: nSVM: Fix and simplify LBR virtualization handling with nested
KVM: SVM: Fix redundant updates of LBR MSR intercepts
wifi: ath12k: correctly handle mcast packets for clients
drm/i915/dp: Initialize the source OUI write timestamp always
UBUNTU: SAUCE: bpf: introduce __MAX_BPF_PROG_TYPE delimiter
UBUNTU: Upstream stable to v6.6.119, v6.12.61

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2139633/+subscriptions