Package "linux-xilinx-zynqmp"

  linux-xilinx-zynqmp (5.15.0-1053.57) jammy; urgency=medium

  * jammy/linux-xilinx-zynqmp: 5.15.0-1053.57 -proposed tracker (LP: #2116455)

  [ Ubuntu: 5.15.0-151.161 ]

  * jammy/linux: 5.15.0-151.161 -proposed tracker (LP: #2117499)
  * raid10: block discard causes a NULL pointer dereference after
    5.15.0-144-generic (LP: #2117395)
    - md: move initialization and destruction of 'io_acct_set' to md.c

  [ Ubuntu: 5.15.0-145.158 ]

  * jammy/linux: 5.15.0-145.158 -proposed tracker (LP: #2116458)
  * CVE-2025-38083
    - net_sched: prio: fix a race in prio_tune()
  * CVE-2024-50073
    - tty: n_gsm: Fix use-after-free in gsm_cleanup_mux

 -- Wei-Lin Chang <email address hidden> Mon, 28 Jul 2025 10:58:19 +0800

  linux-xilinx-zynqmp (5.15.0-1052.56) jammy; urgency=medium

  * jammy/linux-xilinx-zynqmp: 5.15.0-1052.56 -proposed tracker (LP: #2114578)

  * Fix kernel error logs on sda (LP: #2115853)
    - scsi: sd: Print write through due to no caching mode page as warning

  * Fix kernel crash in V4L module on exit of realsense application
    (LP: #2115849)
    - SAUCE: Revert "uvcvideo: Prevent new URBs being processed at stream
      stop"

  * Fix DP not working on Kria boards with 1.04 firmware (Jammy)
    (LP: #2114250)
    - drm: xlnx: dp: Reset DisplayPort IP

  [ Ubuntu: 5.15.0-144.157 ]

  * jammy/linux: 5.15.0-144.157 -proposed tracker (LP: #2114581)
  * cifs: NULL pointer dereference in refresh_cache_worker (LP: #2112440)
    - cifs: fix NULL ptr dereference in refresh_mounts()
  * Jammy update: v5.15.184 upstream stable release (LP: #2112581)
    - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection
    - tracing: probes: Fix a possible race in trace_probe_log APIs
    - iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
    - iio: chemical: sps30: use aligned_s64 for timestamp
    - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
    - nfs: handle failure of nfs_get_lock_context in unlock path
    - spi: loopback-test: Do not split 1024-byte hexdumps
    - net: cadence: macb: Fix a possible deadlock in macb_halt_tx.
    - net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING
    - ALSA: sh: SND_AICA should depend on SH_DMA_API
    - qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
    - NFSv4/pnfs: Reset the layout state after a layoutreturn
    - x86,nospec: Simplify {JMP,CALL}_NOSPEC
    - x86/speculation: Simplify and make CALL_NOSPEC consistent
    - x86/speculation: Add a conditional CS prefix to CALL_NOSPEC
    - x86/speculation: Remove the extra #ifdef around CALL_NOSPEC
    - Documentation: x86/bugs/its: Add ITS documentation
    - x86/its: Enumerate Indirect Target Selection (ITS) bug
    - x86/its: Add support for ITS-safe indirect thunk
    - [Config] enable ITS mitigation
    - x86/alternative: Optimize returns patching
    - x86/alternatives: Remove faulty optimization
    - x86/its: Add support for ITS-safe return thunk
    - x86/its: Enable Indirect Target Selection mitigation
    - x86/its: Add "vmexit" option to skip mitigation on some CPUs
    - x86/its: Align RETs in BHB clear sequence to avoid thunking
    - x86/its: Use dynamic thunks for indirect branches
    - x86/its: Fix build errors when CONFIG_MODULES=n
    - x86/its: FineIBT-paranoid vs ITS
    - dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when
      interrupted"
    - btrfs: fix discard worker infinite loop after disabling discard
    - ACPI: PPTT: Fix processor subtable walk
    - ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2()
    - ALSA: usb-audio: Add sample rate quirk for Audioengine D1
    - ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera
    - ftrace: Fix preemption accounting for stacktrace trigger command
    - ftrace: Fix preemption accounting for stacktrace filter command
    - tracing: samples: Initialize trace_array_printk() with the correct
      function
    - phy: Fix error handling in tegra_xusb_port_init
    - phy: renesas: rcar-gen3-usb2: Set timing registers only once
    - wifi: mt76: disable napi on driver removal
    - dmaengine: ti: k3-udma: Add missing locking
    - dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure
      instead of a local copy
    - dmaengine: idxd: fix memory leak in error handling path of
      idxd_setup_engines
    - dmaengine: idxd: fix memory leak in error handling path of
      idxd_setup_groups
    - block: fix direct io NOWAIT flag not work
    - clocksource/i8253: Use raw_spinlock_irqsave() in
      clockevent_i8253_disable()
    - usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control()
    - selftests/mm: compaction_test: support platform with huge mount of
      memory
    - netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx
    - netfilter: nf_tables: wait for rcu grace period on net_device removal
    - netfilter: nf_tables: do not defer rule destruction via call_rcu
    - x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc()
    - Linux 5.15.184
  * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
    CVE-2022-49063
    - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap
  * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
    CVE-2022-49168
    - btrfs: do not clean up repair bio if submit fails
  * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
    CVE-2024-46751
    - btrfs: don't BUG_ON() when 0 reference count at
      btrfs_lookup_extent_info()
  * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
    CVE-2025-22062
    - sctp: add mutual exclusion in proc_sctp_do_udp_port()
  * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
    CVE-2024-53203
    - usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
  * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
    CVE-2024-35790
    - usb: typec: altmodes/displayport: create sysfs nodes as driver's default
      device attribute group
  * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
    CVE-2025-37967
    - usb: typec: ucsi: displayport: Fix deadlock
  * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
    CVE-2025-37992
    - net_sched: Flush gso_skb list too during ->change()
  * Mounting btrfs LVM volumes changes mountpoint location and breaks lsblk
    output (LP: #2107516)
    - SAUCE: Revert "btrfs: avoid unnecessary device path update for the same
      device"
  * Jammy update: v5.15.183 upstream stable release (LP: #2111705)
    - can: mcan: m_can_class_unregister(): fix order of unregistration calls
    - can: mcp251xfd: mcp251xfd_remove(): fix order of unregi

  linux-xilinx-zynqmp (5.15.0-1051.55) jammy; urgency=medium

  * jammy/linux-xilinx-zynqmp: 5.15.0-1051.55 -proposed tracker (LP: #2114398)

  * Packaging resync (LP: #1786013)
    - [Packaging] update variants

  [ Ubuntu: 5.15.0-143.153 ]

  * jammy/linux: 5.15.0-143.153 -proposed tracker (LP: #2114401)
  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - [Packaging] update annotations scripts
  * CVE-2024-53051
    - drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability
  * CVE-2024-46787
    - userfaultfd: fix checks for huge PMDs
  * CVE-2025-37890
    - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child
      qdisc
    - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
    - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice
  * CVE-2025-37997
    - netfilter: ipset: fix region locking in hash types
  * CVE-2025-37798
    - sch_htb: make htb_qlen_notify() idempotent
    - sch_htb: make htb_deactivate() idempotent
    - sch_drr: make drr_qlen_notify() idempotent
    - sch_hfsc: make hfsc_qlen_notify() idempotent
    - sch_qfq: make qfq_qlen_notify() idempotent
    - sch_ets: make est_qlen_notify() idempotent
    - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
  * CVE-2025-37750
    - smb: client: fix UAF in decryption with multichannel
  * CVE-2024-53185
    - smb: client: fix NULL ptr deref in crypto_aead_setkey()
  * CVE-2024-50047
    - smb: client: fix UAF in async decryption

 -- Wei-Lin Chang <email address hidden> Mon, 30 Jun 2025 14:55:00 +0800

  linux-xilinx-zynqmp (5.15.0-1050.54) jammy; urgency=medium

  * jammy/linux-xilinx-zynqmp: 5.15.0-1050.54 -proposed tracker (LP: #2110826)

  [ Ubuntu: 5.15.0-142.152 ]

  * jammy/linux: 5.15.0-142.152 -proposed tracker (LP: #2110829)
  * Rotate the Canonical Livepatch key (LP: #2111244)
    - [Config] Prepare for Canonical Livepatch key rotation
  * Jammy generic-64k fails to initialize gVNIC devices (LP: #2109537)
    - gve: Perform adminq allocations through a dma_pool.
    - gve: Deprecate adminq_pfn for pci revision 0x1.
    - gve: Remove obsolete checks that rely on page size.
    - gve: Add page size register to the register_page_list command.
    - gve: Remove dependency on 4k page size.
  * CVE-2025-2312 cifs.upcall could access incorrect kerberos credentials cache
    (LP: #2099914) // CVE-2025-2312
    - CIFS: New mount option for cifs.upcall namespace resolution
  * [UBUNTU 22.04] net/smc: fix neighbour and rtable leak in smc_ib_find_route()
    (LP: #2109601) // CVE-2024-36945
    - net/smc: fix neighbour and rtable leak in smc_ib_find_route()
  * Jammy update: v5.15.180 upstream stable release (LP: #2109355)
    - clockevents/drivers/i8253: Fix stop sequence for timer 0
    - sched/isolation: Prevent boot crash when the boot CPU is nohz_full
    - fbdev: hyperv_fb: iounmap() the correct memory when removing a device
    - pinctrl: bcm281xx: Fix incorrect regmap max_registers value
    - netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template.
    - net: dsa: mv88e6xxx: Verify after ATU Load ops
    - netpoll: hold rcu read lock in __netpoll_send_skb()
    - Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio()
    - ipvs: prevent integer overflow in do_ip_vs_get_ctl()
    - netfilter: nft_exthdr: fix offset with ipv4_find_option()
    - gre: Fix IPv6 link-local address generation.
    - slab: clean up function prototypes
    - slab: Introduce kmalloc_size_roundup()
    - openvswitch: Use kmalloc_size_roundup() to match ksize() usage
    - net: openvswitch: remove misbehaving actions length check
    - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices
    - nvme-fc: go straight to connecting state when initializing
    - hrtimers: Mark is_migration_base() with __always_inline
    - powercap: call put_device() on an error path in
      powercap_register_control_type()
    - scsi: core: Use GFP_NOIO to avoid circular locking dependency
    - ACPI: resource: IRQ override for Eluktronics MECH-17
    - alpha/elf: Fix misc/setarch test of util-linux by removing 32bit support
    - vboxsf: fix building with GCC 15
    - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell
    - sched: Clarify wake_up_q()'s write to task->wake_q.next
    - s390/cio: Fix CHPID "configure" attribute caching
    - thermal/cpufreq_cooling: Remove structure member documentation
    - ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime()
    - ASoC: arizona/madera: use fsleep() in up/down DAPM event delays.
    - ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module
    - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors
    - nvmet-rdma: recheck queue state is LIVE in state lock in recv done
    - sctp: Fix undefined behavior in left shift operation
    - nvme: only allow entering LIVE from CONNECTING state
    - ASoC: tas2770: Fix volume scale
    - ASoC: tas2764: Fix power control mask
    - ASoC: tas2764: Set the SDOUT polarity correctly
    - fuse: don't truncate cached, mutated symlink
    - x86/irq: Define trace events conditionally
    - mptcp: safety check before fallback
    - drm/nouveau: Do not override forced connector status
    - block: fix 'kmem_cache of name 'bio-108' already exists'
    - USB: serial: ftdi_sio: add support for Altera USB Blaster 3
    - USB: serial: option: add Telit Cinterion FE990B compositions
    - USB: serial: option: fix Telit Cinterion FE990A name
    - USB: serial: option: match on interface class for Telit FN990B
    - drm/atomic: Filter out redundant DPMS calls
    - drm/amd/display: Restore correct backlight brightness after a GPU reset
    - qlcnic: fix memory leak issues in qlcnic_sriov_common.c
    - lib/buildid: Handle memfd_secret() files in build_id_parse()
    - tcp: fix races in tcp_abort()
    - ASoC: ops: Consistently treat platform_max as control value
    - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data()
    - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe()
    - cifs: Fix integer overflow while processing actimeo mount option
    - i2c: ali1535: Fix an error handling path in ali1535_probe()
    - i2c: ali15x3: Fix an error handling path in ali15x3_probe()
    - i2c: sis630: Fix an error handling path in sis630_probe()
    - drm/amd/display: Check for invalid input params when building scaling params
    - smb: client: Fix match_session bug preventing session reuse
    - Revert "smb: client: fix potential UAF in cifs_debug_files_proc_show()"
    - smb: client: fix potential UAF in cifs_debug_files_proc_show()
    - firmware: imx-scu: fix OF node leak in .probe()
    - xfrm_output: Force software GSO only in tunnel mode
    - ARM: dts: bcm2711: PL011 UARTs are actually r1p5
    - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx
    - ARM: dts: bcm2711: Don't mark timer regs unconfigured
    - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path
    - RDMA/hns: Remove redundant 'phy_addr' in hns_roce_hem_list_find_mtt()
    - RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db()
    - RDMA/hns: Fix a missing rollback in error path of
      hns_roce_create_qp_common()
    - RDMA/hns: Fix wrong value of max_sge_rd
    - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create().
    - net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES
    - Revert "gre: Fix IPv6 link-local address generation."
    - i2c: omap: fix IRQ storms
    - drm/v3d: D

  linux-xilinx-zynqmp (5.15.0-1046.50) jammy; urgency=medium

  * jammy/linux-xilinx-zynqmp: 5.15.0-1046.50 -proposed tracker (LP: #2102584)

  [ Ubuntu: 5.15.0-138.148 ]

  * jammy/linux: 5.15.0-138.148 -proposed tracker (LP: #2102587)
  * ipsec_offload in rtnetlink.sh from ubunsu_kselftests_net fails on O/J
    (LP: #2096976)
    - SAUCE: selftest: netfilter: fix null IP field in kci_test_ipsec_offload
  * CVE-2025-21756
    - vsock: Keep the binding until socket destruction
    - vsock: Orphan socket after transport release
  * CVE-2024-50256
    - netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()
  * CVE-2025-21702
    - pfifo_tail_enqueue: Drop new packet when sch->limit == 0
  * CVE-2025-21703
    - netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
  * CVE-2025-21700
    - net: sched: Disallow replacing of child qdisc from one parent to another
  * CVE-2024-46826
    - ELF: fix kernel.randomize_va_space double read
  * CVE-2024-56651
    - can: hi311x: hi3110_can_ist(): fix potential use-after-free
  * iBFT iSCSI out-of-bounds shift UBSAN warning (LP: #2097824)
    - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()
  * CVE-2024-50248
    - ntfs3: Add bounds checking to mi_enum_attr()
    - fs/ntfs3: Sequential field availability check in mi_enum_attr()
  * CVE-2022-0995
    - watch_queue: Use the bitmap API when applicable
  * CVE-2024-26837
    - net: bridge: switchdev: Skip MDB replays of deferred events on offload
  * CVE-2025-21701
    - net: avoid race between device unregistration and ethnl ops
  * CVE-2024-57798
    - drm/dp_mst: Skip CSN if topology probing is not done yet
    - drm/dp_mst: Ensure mst_primary pointer is valid in
      drm_dp_mst_handle_up_req()
  * CVE-2024-56658
    - net: defer final 'struct net' free in netns dismantle
  * CVE-2024-35864
    - smb: client: fix potential UAF in smb2_is_valid_lease_break()
  * CVE-2024-35864/CVE-2024-26928
    - smb: client: fix potential UAF in cifs_debug_files_proc_show()

 -- Wei-Lin Chang <email address hidden> Thu, 27 Mar 2025 15:13:26 +0800