Package "linux"

  linux (5.15.0-177.187) jammy; urgency=medium

  * jammy/linux: 5.15.0-177.187 -proposed tracker (LP: #2147840)

  * macvlan: observe an RCU grace period in macvlan_common_newlink() error
    path (LP: #2144380) // CVE-2026-23209
    - macvlan: observe an RCU grace period in macvlan_common_newlink() error
      path

  * CVE-2023-2640 // CVE-2023-32629
    - SAUCE: Revert "UBUNTU: SAUCE: overlayfs: Skip permission checking for
      trusted.overlayfs.* xattrs"
    - SAUCE: overlayfs: default to userxattr when mounted from non initial
      user namespace

  * CVE-2026-23112
    - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec

 -- Manuel Diewald <email address hidden> Sun, 12 Apr 2026 00:12:38 +0200

  linux (5.15.0-176.186) jammy; urgency=medium

  * jammy/linux: 5.15.0-176.186 -proposed tracker (LP: #2143539)

  * Jammy update: v5.15.199 upstream stable release (LP: #2143343)
    - nvmet-tcp: remove boilerplate code
    - SAUCE: Fix skb_vlan_inet_prepare() usage
    - net: update netdev_lock_{type,name}
    - vsock/test: add a final full barrier after run all tests
    - net/mlx5e: Restore destroying state bit after profile cleanup
    - selftests: drv-net: fix RPS mask handling for high CPU numbers
    - ASoC: tlv320adcx140: fix word length
    - textsearch: describe @list member in ts_ops search
    - mm, kfence: describe @slab parameter in __kfence_obj_info()
    - dmaengine: xilinx_dma: Fix uninitialized addr_width when
      "xlnx,addrwidth" property is missing
    - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again)
    - HID: usbhid: paper over wrong bNumDescriptor field
    - ALSA: pcm: Improve the fix for race of buffer access at PCM OSS layer
    - x86/kaslr: Recognize all ZONE_DEVICE users as physaddr consumers
    - phy: rockchip: inno-usb2: fix disconnection in gadget mode
    - phy: rockchip: inno-usb2: fix communication disruption in gadget mode
    - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7
    - usb: dwc3: Check for USB4 IP_NAME
    - USB: OHCI/UHCI: Add soft dependencies on ehci_platform
    - USB: serial: option: add Telit LE910 MBIM composition
    - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable
    - nvme-pci: disable secondary temp for Wodposit WPBSNM8
    - hrtimer: Fix softirq base check in update_needs_ipi()
    - EDAC/x38: Fix a resource leak in x38_probe1()
    - EDAC/i3200: Fix a resource leak in i3200_probe1()
    - x86/resctrl: Add missing resctrl initialization for Hygon
    - x86/resctrl: Fix memory bandwidth counter width for Hygon
    - mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free
    - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare
    - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add()
    - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all()
    - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation
    - dmaengine: ti: k3-udma: fix device leak on udma lookup
    - posix-clock: introduce posix_clock_context concept
    - Fix memory leak in posix_clock_open()
    - posix-clock: Store file pointer in struct posix_clock_context
    - ptp: Add PHC file mode checks. Allow RO adjtime() without FMODE_WRITE.
    - testptp: add option to shift clock by nanoseconds
    - testptp: Add support for testing ptp_clock_info .adjphase callback
    - selftests/ptp: Add -x option for testing PTP_SYS_OFFSET_EXTENDED
    - selftests/ptp: Add -X option for testing PTP_SYS_OFFSET_PRECISE
    - ptp: add testptp mask test
    - selftest/ptp: update ptp selftest to exercise the gettimex options
    - testptp: Add option to open PHC in readonly mode
    - net: usb: dm9601: remove broken SR9700 support
    - amd-xgbe: avoid misleading per-packet error log
    - netlink: add a proto specification for FOU
    - net: fou: rename the source for linking
    - net: fou: use policy and operation tables generated from the spec
    - comedi: dmm32at: serialize use of paged registers
    - w1: fix redundant counter decrement in w1_attach_slave_device()
    - Revert "nfc/nci: Add the inconsistency check between the input data
      length and count"
    - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro
    - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA
    - scsi: storvsc: Process unsupported MODE_SENSE_10
    - x86/kfence: avoid writing L1TF-vulnerable PTEs
    - staging:iio:adc:ad7280a: Register define cleanup.
    - iio: adc: ad7280a: handle spi_setup() errors in probe()
    - ALSA: usb: Increase volume range that triggers a warning
    - net: hns3: fix wrong GENMASK() for HCLGE_FD_AD_COUNTER_NUM_M
    - net: hns3: fix the HCLGE_FD_AD_NXT_KEY error setting issue
    - usbnet: limit max_mtu based on device's hard_mtu
    - drm/amd/pm: Don't clear SI SMC table when setting power limit
    - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2)
    - octeontx2-af: Fix error handling
    - x86: make page fault handling disable interrupts properly
    - of: fix reference count leak in of_alias_scan()
    - iio: adc: ad9467: fix ad9434 vref mask
    - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl
    - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function
    - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize()
    - octeontx2: Fix otx2_dma_map_page() error return code
    - slimbus: core: fix runtime PM imbalance on report present
    - perf/x86/intel: Do not enable BTS for guests
    - net/mlx5: Fix memory leak in esw_acl_ingress_lgcy_setup()
    - net: mvpp2: cls: Fix memory leak in mvpp2_ethtool_cls_rule_ins()
    - ipv6: use the right ifindex when replying to icmpv6 from localhost
    - ice: stop counting UDP csum mismatch as rx_errors
    - net/mlx5: Add HW definitions of vport debug counters
    - net/mlx5e: Expose rx_oversize_pkts_buffer counter
    - net/mlx5e: Report rx_discards_phy via rx_dropped
    - net/mlx5e: Account for netdev stats in ndo_get_stats64
    - net: bridge: fix static key check
    - scsi: firewire: sbp-target: Fix overflow in sbp_make_tpg()
    - gpiolib: acpi: use BIT_ULL() for u64 mask in address space handler
    - dma/pool: distinguish between missing and exhausted atomic pools
    - ASoC: fsl: imx-card: Do not force slot width to sample width
    - scsi: be2iscsi: Fix a memory leak in beiscsi_boot_get_sinfo()
    - scsi: qla2xxx: edif: Fix dma_free_coherent() size
    - mptcp: only reset subflow errors when propagated
    - net: Add locking to protect skb->dev access in ip_output
    - comedi: Fix getting range information for subdevices 16 to 255
    - of: platform: Use default match table for /firmware
    - iio: adc: exynos_adc: fix OF populate on driver rebind
    - arm64: dts: rockc

  linux (5.15.0-174.184) jammy; urgency=medium

  * jammy/linux: 5.15.0-174.184 -proposed tracker (LP: #2144218)

  * CVE-2026-23074
    - net/sched: Enforce that teql can only be used as root qdisc

  * CVE-2026-23060
    - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN
      spec

  * CVE-2026-23111
    - netfilter: nf_tables: fix inverted genmask check in
      nft_map_catchall_activate()

  * CVE-2025-37849
    - KVM: arm64: vgic: Add a non-locking primitive for
      kvm_vgic_vcpu_destroy()
    - KVM: arm64: Tear down vGIC on failed vCPU creation

 -- Manuel Diewald <email address hidden> Fri, 13 Mar 2026 14:13:17 +0100

  linux (5.15.0-173.183) jammy; urgency=medium

  * Miscellaneous upstream changes
    - apparmor: validate DFA start states are in bounds in unpack_pdb
    - apparmor: fix memory leak in verify_header
    - apparmor: replace recursive profile removal with iterative approach
    - apparmor: fix: limit the number of levels of policy namespaces
    - apparmor: fix side-effect bug in match_char() macro usage
    - apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
    - apparmor: Fix double free of ns_name in aa_replace_profiles()
    - apparmor: fix unprivileged local user can do privileged policy
      management
    - apparmor: fix differential encoding verification
    - apparmor: fix race on rawdata dereference
    - apparmor: fix race between freeing data and fs accessing it

 -- Mehmet Basaran <email address hidden> Fri, 06 Mar 2026 16:14:08 +0300

  linux (5.15.0-171.181) jammy; urgency=medium

  * jammy/linux: 5.15.0-171.181 -proposed tracker (LP: #2140905)

  * CVE-2022-49267
    - mmc: core: use sysfs_emit() instead of sprintf()

  * CVE-2025-21780
    - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()

 -- Manuel Diewald <email address hidden> Fri, 06 Feb 2026 21:15:39 +0100