[Bug 2147543] Re: Noble update: upstream stable patchset 2026-04-08

This bug was fixed in the package linux - 6.8.0-117.117 --------------- linux (6.8.0-117.117) noble; urgency=medium * noble/linux: 6.8.0-117.117 -proposed tracker (LP: #2151070) * CVE-2026-31419 - net: bonding: fix use-after-free in bond_xmit_broadcast() * CVE-2026-31431 - crypto: scatterwalk - Backport memcpy_sglist() - crypto: algif_aead - use memcpy_sglist() instead of null skcipher - crypto: algif_aead - Revert to operating out-of-place - crypto: algif_aead - snapshot IV for async AEAD requests - crypto: authenc - use memcpy_sglist() instead of null skcipher - crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption - crypto: authencesn - Fix src offset when decrypting in-place - crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl - crypto: algif_aead - Fix minimum RX size check for decryption * CVE-2026-31533 - net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption * CVE-2026-31504 - net: fix fanout UAF in packet_release() via NETDEV_UP race -- Manuel Diewald <manuel.diewald@canonical.com> Tue, 05 May 2026 15:53:02 +0200 ** Changed in: linux (Ubuntu Noble) Status: In Progress => Fix Released ** CVE added: https://cve.org/CVERecord?id=CVE-2026-31419 ** CVE added: https://cve.org/CVERecord?id=CVE-2026-31431 ** CVE added: https://cve.org/CVERecord?id=CVE-2026-31504 ** CVE added: https://cve.org/CVERecord?id=CVE-2026-31533 -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2147543 Title: Noble update: upstream stable patchset 2026-04-08 Status in linux package in Ubuntu: Invalid Status in linux source package in Noble: Fix Released Bug description: SRU Justification Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The following upstream stable patches should be included in the Ubuntu kernel: upstream stable patchset 2026-04-08 Ported from the following upstream stable releases: v6.6.123, v6.12.69 from git://git.kernel.org/ Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work net/mlx5: Fix memory leak in esw_acl_ingress_lgcy_setup() can: gs_usb: gs_usb_receive_bulk_callback(): fix error message net: bcmasp: fix early exit leak with fixed phy octeon_ep: Fix memory leak in octep_device_setup() bonding: annotate data-races around slave->last_rx net: mvpp2: cls: Fix memory leak in mvpp2_ethtool_cls_rule_ins() ipv6: use the right ifindex when replying to icmpv6 from localhost net: wwan: t7xx: fix potential skb->frags overflow in RX path rocker: fix memory leak in rocker_world_port_post_fini() nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame(). ice: stop counting UDP csum mismatch as rx_errors net/mlx5e: TC, delete flows only for existing peers net/mlx5e: Report rx_discards_phy via rx_dropped net/mlx5e: Account for netdev stats in ndo_get_stats64 nfc: nci: Fix race between rfkill and nci_unregister_device(). net: bridge: fix static key check net/mlx5e: Skip ESN replay window setup for IPsec crypto offload scsi: firewire: sbp-target: Fix overflow in sbp_make_tpg() ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion gpiolib: acpi: use BIT_ULL() for u64 mask in address space handler dma/pool: distinguish between missing and exhausted atomic pools pinctrl: meson: mark the GPIO controller as sleeping riscv: compat: fix COMPAT_UTS_MACHINE definition rust: kbuild: give `--config-path` to `rustfmt` in `.rsi` target ASoC: fsl: imx-card: Do not force slot width to sample width scsi: be2iscsi: Fix a memory leak in beiscsi_boot_get_sinfo() ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO gpio: pca953x: mask interrupts in irq shutdown scsi: qla2xxx: edif: Fix dma_free_coherent() size efivarfs: fix error propagation in efivar_entry_get() mptcp: only reset subflow errors when propagated selftests: mptcp: check no dup close events after error selftests: mptcp: check subflow errors in close events selftests: mptcp: join: fix local endp not being tracked flex_proportions: make fprop_new_period() hardirq safe scripts: generate_rust_analyzer: Add compiler_builtins -> core dep drm/imx/tve: fix probe device leak drm/amdgpu/soc21: fix xclk for APUs drm/amdgpu/gfx10: fix wptr reset in KGQ init drm/amdgpu/gfx11: fix wptr reset in KGQ init mm/kfence: randomize the freelist on initialization arm64/fpsimd: signal: Mandate SVE payload for streaming-mode state arm64/fpsimd: signal: Consistently read FPSIMD context arm64/fpsimd: signal: Fix restoration of SVE context ksmbd: smbd: fix dma_unmap_sg() nents ksmbd: Fix race condition in RPC handle list access wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode btrfs: prevent use-after-free on page private data in btrfs_subpage_clear_uptodate() net/sched: act_ife: convert comma to semicolon pinctrl: lpass-lpi: implement .get_direction() for the GPIO driver drm/msm/a6xx: fix bogus hwcg register updates perf: sched: Fix perf crash with new is_user_task() helper writeback: fix 100% CPU usage when dirtytime_expire_interval is 0 mptcp: avoid dup SUB_CLOSED events after disconnect drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove ksmbd: fix recursive locking in RPC handle list access bpf/selftests: test_select_reuseport_kern: Remove unused header can: at91_can: Fix memory leak in at91_can_probe() Bluetooth: MGMT: Fix memory leak in set_ssp_complete ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues net: phy: micrel: fix clk warning when removing the driver net/mlx5: fs, Fix inverted cap check in tx flow table root disconnect net/mlx5: Initialize events outside devlink lock net/mlx5: Fix vhca_id access call trace use before alloc bcache: fix improper use of bi_end_io bcache: use bio cloning for detached device requests bcache: fix I/O accounting leak in detached_dev_do_request nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference gpio: rockchip: Stop calling pinctrl for set_direction mm/memory-failure: improve memory failure action_result messages mm/memory-failure: fix redundant updates for already poisoned pages mm/memory-failure: fix missing ->mf_stats count in hugetlb poison mm/memory-failure: teach kill_accessing_process to accept hugetlb tail page pfn gpiolib: acpi: Fix potential out-of-boundary left shift rust: kbuild: support `-Cjump-tables=n` for Rust 1.93.0 pinctrl: qcom: sm8350-lpass-lpi: Merge with SC7280 to fix I2S2 and SWR TX pins UBUNTU: [Config] remove PINCTRL_SM8350_LPASS_LPI UBUNTU: Upstream stable to v6.6.123, v6.12.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2147543/+subscriptions