The range of ITS mitigation patches had to be reworked to adjust for
having VMSCAPE applied.
Skipped (already applied):
- mm/huge_memory: fix dereferencing invalid pmd migration entry (CVE-2025-37958)
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37958
** Changed in: linux (Ubuntu Noble)
Status: In Progress => Fix Committed
--
You received this bug notification because you are subscribed to linux
in Ubuntu.
Matching subscriptions: Bgg, Bmail, Nb
https://bugs.launchpad.net/bugs/2130277
Title:
Noble update: upstream stable patchset 2025-10-29
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Noble:
Fix Committed
Bug description:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
upstream stable patchset 2025-10-29
Ported from the following upstream stable releases:
v6.6.91, v6.12.29
from git://git.kernel.org/
dm: add missing unlock on in dm_keyslot_evict()
arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2
can: mcan: m_can_class_unregister(): fix order of unregistration calls
wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation
can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls
ksmbd: prevent rename with empty string
ksmbd: prevent out-of-bounds stream writes by validating *pos
ksmbd: Fix UAF in __close_file_table_ids
openvswitch: Fix unsafe attribute parsing in output_userspace()
ksmbd: fix memory leak in parse_lease_state()
UBUNTU: SAUCE: Revert "sch_htb: make htb_deactivate() idempotent"
sch_htb: make htb_deactivate() idempotent
gre: Fix again IPv6 link-local address generation.
netdevice: add netdev_tx_reset_subqueue() shorthand
net: ethernet: mtk_eth_soc: reset all TX queues on DMA free
can: mcp251xfd: fix TDC setting for low data bit rates
can: gw: fix RCU/BH usage in cgw_create_job()
ipvs: fix uninit-value for saddr in do_output_route4
bpf: Scrub packet on bpf_redirect_peer
net: dsa: b53: allow leaky reserved multicast
net: dsa: b53: fix clearing PVID of a port
net: dsa: b53: fix flushing old pvid VLAN on pvid change
net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave
net: dsa: b53: always rejoin default untagged VLAN on bridge leave
net: dsa: b53: fix learning on VLAN unaware bridges
Input: cyttsp5 - ensure minimum reset pulse width
Input: cyttsp5 - fix power control issue on wakeup
Input: mtk-pmic-keys - fix possible null pointer dereference
Input: xpad - fix Share button on Xbox One controllers
Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller
Input: synaptics - enable InterTouch on Dynabook Portege X30-D
Input: synaptics - enable InterTouch on Dynabook Portege X30L-G
Input: synaptics - enable InterTouch on Dell Precision M3800
Input: synaptics - enable SMBus for HP Elitebook 850 G1
Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5
staging: iio: adc: ad7816: Correct conditional logic for store mode
staging: axis-fifo: Remove hardware resets for user errors
staging: axis-fifo: Correct handling of tx_fifo_depth for size validation
drm/amd/display: Shift DMUB AUX reply command if necessary
iio: adc: ad7606: fix serial register access
iio: adc: rockchip: Fix clock initialization sequence
iio: adis16201: Correct inclinometer channel resolution
iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo
iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo
drm/v3d: Add job to pending list if the reset was skipped
drm/amd/display: Fix the checking condition in dmub aux handling
drm/amd/display: Remove incorrect checking in dmub aux handler
drm/amd/display: Fix wrong handling for AUX_DEFER case
drm/amd/display: Copy AUX read reply data whenever length > 0
usb: uhci-platform: Make the clock really optional
smb: client: Avoid race in open_cached_dir with lease breaks
xen: swiotlb: Use swiotlb bouncing if kmalloc allocation demands it
xenbus: Use kref to track req lifetime
clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable()
module: ensure that kobject_put() is safe for module type kobjects
x86/microcode: Consolidate the loader enablement checking
ocfs2: switch osb->disable_recovery to enum
ocfs2: implement handshaking with ocfs2 recovery thread
ocfs2: stop quota recovery before disabling quotas
usb: cdnsp: Fix issue with resuming from L1
usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version
usb: gadget: f_ecm: Add get_status callback
usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN
usb: gadget: Use get_status callback to set remote wakeup capability
usb: host: tegra: Prevent host controller crash when OTG port is used
usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition
usb: typec: ucsi: displayport: Fix NULL pointer access
USB: usbtmc: use interruptible sleep in usbtmc_read
usb: usbtmc: Fix erroneous get_stb ioctl error returns
usb: usbtmc: Fix erroneous wait_srq ioctl return
usb: usbtmc: Fix erroneous generic_read ioctl return
iio: accel: adxl367: fix setting odr for activity time update
iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer.
types: Complement the aligned types with signed 64-bit one
iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64
iio: adc: dln2: Use aligned_s64 for timestamp
MIPS: Fix MAX_REG_OFFSET
drm/panel: simple: Update timings for AUO G101EVN010
do_umount(): add missing barrier before refcount checks in sync case
io_uring: always arm linked timeouts prior to issue
arm64: insn: Add support for encoding DSB
arm64: proton-pack: Expose whether the platform is mitigated by firmware
arm64: proton-pack: Expose whether the branchy loop k value
arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs
arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users
arm64: proton-pack: Add new CPUs 'k' values for branch mitigation
x86/bpf: Call branch history clearing sequence on exit
x86/bpf: Add IBHF call at end of classic BPF
x86/bhi: Do not set BHI_DIS_S in 32-bit mode
x86/speculation: Simplify and make CALL_NOSPEC consistent
x86/speculation: Add a conditional CS prefix to CALL_NOSPEC
x86/speculation: Remove the extra #ifdef around CALL_NOSPEC
Documentation: x86/bugs/its: Add ITS documentation
x86/its: Enumerate Indirect Target Selection (ITS) bug
x86/its: Add support for ITS-safe indirect thunk
UBUNTU: [Config] enable Indirect Target Selection mitigation
x86/its: Add support for ITS-safe return thunk
x86/its: Enable Indirect Target Selection mitigation
x86/its: Add "vmexit" option to skip mitigation on some CPUs
x86/its: Add support for RSB stuffing mitigation
x86/its: Align RETs in BHB clear sequence to avoid thunking
x86/ibt: Keep IBT disabled during alternative patching
x86/its: Use dynamic thunks for indirect branches
x86/its: Fix build errors when CONFIG_MODULES=n
x86/its: FineIBT-paranoid vs ITS
x86/its: Fix build error for its_static_thunk()
firmware: arm_scmi: Fix timeout checks on polling path
s390/entry: Fix last breaking event handling in case of stack corruption
erofs: ensure the extra temporary copy is valid for shortened bvecs
net: dsa: b53: keep CPU port always tagged again
net: dsa: b53: do not allow to configure VLAN 0
net: dsa: b53: do not program vlans when vlan filtering is off
net: dsa: b53: fix toggling vlan_filtering
net: dsa: b53: do not set learning and unicast/multicast on up
rust: clean Rust 1.88.0's warning about `clippy::disallowed_macros` configuration
mm/huge_memory: fix dereferencing invalid pmd migration entry
mm/userfaultfd: fix uninitialized output field for -EAGAIN race
selftests/mm: compaction_test: support platform with huge mount of memory
selftests/mm: fix a build failure on powerpc
KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception
io_uring: ensure deferred completions are flushed for multishot
iio: imu: inv_mpu6050: align buffer for timestamp
drm/xe: Add page queue multiplier
memblock: Accept allocated memory before use in memblock_double_array()
usb: dwc3: gadget: Make gadget_wakeup asynchronous
riscv: misaligned: Add handling for ZCB instructions
riscv: misaligned: factorize trap handling
riscv: misaligned: enable IRQs while handling misaligned accesses
selftest/x86/bugs: Add selftests for ITS
UBUNTU: Upstream stable to v6.6.91, v6.12.29
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2130277/+subscriptions
Комментариев нет:
Отправить комментарий