{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "linux-image-6.14.0-35-generic", "linux-modules-6.14.0-35-generic" ], "removed": [ "linux-image-6.14.0-33-generic", "linux-modules-6.14.0-33-generic" ], "diff": [ "amd64-microcode", "distro-info-data", "linux-image-virtual", "snapd" ] } }, "diff": { "deb": [ { "name": "amd64-microcode", "from_version": { "source_package_name": "amd64-microcode", "source_package_version": "3.20250311.1ubuntu0.25.04.1", "version": "3.20250311.1ubuntu0.25.04.1" }, "to_version": { "source_package_name": "amd64-microcode", "source_package_version": "3.20250708.0ubuntu0.25.04.2", "version": "3.20250708.0ubuntu0.25.04.2" }, "cves": [ { "cve": "CVE-2024-36350", "url": "https://ubuntu.com/security/CVE-2024-36350", "cve_description": "A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.", "cve_priority": "medium", "cve_public_date": "2025-07-08 17:15:00 UTC" }, { "cve": "CVE-2024-36357", "url": "https://ubuntu.com/security/CVE-2024-36357", "cve_description": "A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.", "cve_priority": "medium", "cve_public_date": "2025-07-08 17:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2121119 ], "changes": [ { "cves": [ { "cve": "CVE-2024-36350", "url": "https://ubuntu.com/security/CVE-2024-36350", "cve_description": "A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.", "cve_priority": "medium", "cve_public_date": "2025-07-08 17:15:00 UTC" }, { "cve": "CVE-2024-36357", "url": "https://ubuntu.com/security/CVE-2024-36357", "cve_description": "A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.", "cve_priority": "medium", "cve_public_date": "2025-07-08 17:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Update package data from linux-firmware 20250708", " - Updated microcodes:", " Family=0x19 Model=0x08 Stepping=0x02: Patch=0x0a00820d Length=5568 bytes", " Family=0x19 Model=0x18 Stepping=0x01: Patch=0x0a108109 Length=5568 bytes", " Family=0x19 Model=0x21 Stepping=0x00: Patch=0x0a20102e Length=5568 bytes", " Family=0x19 Model=0x21 Stepping=0x02: Patch=0x0a201211 Length=5568 bytes", " Family=0x19 Model=0x44 Stepping=0x01: Patch=0x0a404108 Length=5568 bytes", " Family=0x19 Model=0x50 Stepping=0x00: Patch=0x0a500012 Length=5568 bytes", " Family=0x19 Model=0x61 Stepping=0x02: Patch=0x0a60120a Length=5568 bytes", " Family=0x19 Model=0x74 Stepping=0x01: Patch=0x0a704108 Length=5568 bytes", " Family=0x19 Model=0x75 Stepping=0x02: Patch=0x0a705208 Length=5568 bytes", " Family=0x19 Model=0x78 Stepping=0x00: Patch=0x0a708008 Length=5568 bytes", " Family=0x19 Model=0x7c Stepping=0x00: Patch=0x0a70c008 Length=5568 bytes", " - CVE-2024-36350 (AMD-SB-7029)", " A transient execution vulnerability in some AMD processors may allow", " an attacker to infer data from previous stores, potentially resulting", " in the leakage of privileged information.", " - CVE-2024-36357 (AMD-SB-7029)", " A transient execution vulnerability in some AMD processors may allow", " an attacker to infer data in the L1D cache, potentially resulting in", " the leakage of sensitive information across privileged boundaries.", " * Remaining changes:", " - initramfs-tools hook (debian/initramfs.hook):", " + Default to 'early' instead of 'auto' when building with", " MODULES=most", " + Do not override preset defaults from auto-exported conf", " snippets loaded by initramfs-tools.", " * Also Update AMD PMF TA Firmware to v3.1 to match the upstream git tag. (LP: #2121119)", "" ], "package": "amd64-microcode", "version": "3.20250708.0ubuntu0.25.04.2", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [ 2121119 ], "author": "Rodrigo Figueiredo Zaiden ", "date": "Wed, 16 Jul 2025 17:59:47 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "distro-info-data", "from_version": { "source_package_name": "distro-info-data", "source_package_version": "0.63ubuntu0.1", "version": "0.63ubuntu0.1" }, "to_version": { "source_package_name": "distro-info-data", "source_package_version": "0.63ubuntu0.3", "version": "0.63ubuntu0.3" }, "cves": [], "launchpad_bugs_fixed": [ 2126961 ], "changes": [ { "cves": [], "log": [ "", " * ubuntu.csv: remove eol-legacy field from resolute", " This version of distro-info does not know about eol-legacy.", "" ], "package": "distro-info-data", "version": "0.63ubuntu0.3", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 10 Oct 2025 12:03:55 -0400" }, { "cves": [], "log": [ "", " * Add Ubuntu 26.04 LTS \"Resolute Raccoon\" (LP: #2126961)", " * Correct date for forky", " * Correct estimation for trixie ELTS EoL to 10 years total support.", " * Update the bookworm EoL", "" ], "package": "distro-info-data", "version": "0.63ubuntu0.2", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2126961 ], "author": "Florent 'Skia' Jacquet ", "date": "Fri, 10 Oct 2025 11:02:03 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.14.0-33.33", "version": "6.14.0-33.33" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.14.0-35.35", "version": "6.14.0-35.35" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.14.0-35.35", "" ], "package": "linux-meta", "version": "6.14.0-35.35", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 10 Oct 2025 22:26:05 +0200" }, { "cves": [], "log": [ "", " * Main version: 6.14.0-34.34", "", " * Packaging resync (LP: #1786013)", " - [Packaging] resync git-ubuntu-log", "" ], "package": "linux-meta", "version": "6.14.0-34.34", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 1786013 ], "author": "Stefan Bader ", "date": "Tue, 16 Sep 2025 16:42:57 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "snapd", "from_version": { "source_package_name": "snapd", "source_package_version": "2.68.5+ubuntu25.04.2", "version": "2.68.5+ubuntu25.04.2" }, "to_version": { "source_package_name": "snapd", "source_package_version": "2.71+ubuntu25.04", "version": "2.71+ubuntu25.04" }, "cves": [], "launchpad_bugs_fixed": [ 2118396, 2114923, 2112551, 2114779, 2112544, 2112332, 1952500, 1849346, 2098780, 2033883, 2107443, 2104066, 2102456, 2106121, 2088456, 2098137, 2104933, 2098137, 2101834, 2098137, 2099709, 2098137, 2098137, 2089195, 2072987, 1712808, 1966203, 1886414, 2089691 ], "changes": [ { "cves": [], "log": [ "", " * New upstream release, LP: #2118396", " - FDE: auto-repair when recovery key is used", " - FDE: revoke keys on shim update", " - FDE: revoke old TPM keys when dbx has been updated", " - FDE: do not reseal FDE hook keys every time", " - FDE: store keys in the kernel keyring when installing from initrd", " - FDE: allow disabled DMA on Core", " - FDE: snap-bootstrap: do not check for partition in scan-disk on", " CVM", " - FDE: support secboot preinstall check for 25.10+ hybrid installs", " via the /v2/system/{label} endpoint", " - FDE: support generating recovery key at install time via the", " /v2/systems/{label} endpoint", " - FDE: update passphrase quality check at install time via the", " /v2/systems/{label} endpoint", " - FDE: support replacing recovery key at runtime via the new", " /v2/system-volumes endpoint", " - FDE: support checking recovery keys at runtime via the /v2/system-", " volumes endpoint", " - FDE: support enumerating keyslots at runtime via the /v2/system-", " volumes endpoint", " - FDE: support changing passphrase at runtime via the /v2/system-", " volumes endpoint", " - FDE: support passphrase quality check at runtime via the", " /v2/system-volumes endpoint", " - FDE: update secboot to revision 3e181c8edf0f", " - Confdb: support lists and indexed paths on read and write", " - Confdb: alias references must be wrapped in brackets", " - Confdb: support indexed paths in confdb-schema assertion", " - Confdb: make API errors consistent with options", " - Confdb: fetch confdb-schema assertion on access", " - Confdb: prevent --previous from being used in read-side hooks", " - Components: fix snap command with multiple components", " - Components: set revision of seed components to x1", " - Components: unmount extra kernel-modules components mounts", " - AppArmor Prompting: add lifespan \"session\" for prompting rules", " - AppArmor Prompting: support restoring prompts after snapd restart", " - AppArmor Prompting: limit the extra information included in probed", " AppArmor features and system key", " - Notices: refactor notice state internals", " - SELinux: look for restorecon/matchpathcon at all known locations", " rather than current PATH", " - SELinux: update policy to allow watching cgroups (for RAA), and", " talking to user session agents (service mgmt/refresh)", " - Refresh App Awareness: Fix unexpected inotify file descriptor", " cleanup", " - snap-confine: workaround for glibc fchmodat() fallback and handle", " ENOSYS", " - snap-confine: add support for host policy for limiting users able", " to run snaps", " - LP: #2114923 Reject system key mismatch advise when not yet seeded", " - Use separate lanes for essential and non-essential snaps during", " seeding and allow non-essential installs to retry", " - Fix bug preventing remodel from core18 to core18 when snapd snap", " is unchanged", " - LP: #2112551 Make removal of last active revision of a snap equal", " to snap remove", " - LP: #2114779 Allow non-gpt in fallback mode to support RPi", " - Switch from using systemd LogNamespace to manually controlled", " journal quotas", " - Change snap command trace logging to only log the command names", " - Grant desktop-launch access to /v2/snaps", " - Update code for creating the snap journal stream", " - Switch from using core to snapd snap for snap debug connectivity", " - LP: #2112544 Fix offline remodel case where we switched to a", " channel without an actual refresh", " - LP: #2112332 Exclude snap/snapd/preseeding when generating preseed", " tarball", " - LP: #1952500 Fix snap command progress reporting", " - LP: #1849346 Interfaces: kerberos-tickets | add new interface", " - Interfaces: u2f | add support for Thetis Pro", " - Interfaces: u2f | add OneSpan device and fix older device", " - Interfaces: pipewire, audio-playback | support pipewire as system", " daemon", " - Interfaces: gpg-keys | allow access to GPG agent sockets", " - Interfaces: usb-gadget | add new interface", " - Interfaces: snap-fde-control, firmware-updater-support | add new", " interfaces to support FDE", " - Interfaces: timezone-control | extend to support timedatectl", " varlink", " - Interfaces: cpu-control | fix rules for accessing IRQ sysfs and", " procfs directories", " - Interfaces: microstack-support | allow SR-IOV attachments", " - Interfaces: modify AppArmor template to allow snaps to read their", " own systemd credentials", " - Interfaces: posix-mq | allow stat on /dev/mqueue", " - LP: #2098780 Interfaces: log-observe | add capability", " dac_read_search", " - Interfaces: block-devices | allow access to ZFS pools and datasets", " - LP: #2033883 Interfaces: block-devices | opt-in access to", " individual partitions", " - Interfaces: accel | add new interface to support accel kernel", " subsystem", " - Interfaces: shutdown | allow client to bind on its side of dbus", " socket", " - Interfaces: modify seccomp template to allow pwritev2", " - Interfaces: modify AppArmor template to allow reading", " /proc/sys/fs/nr_open", " - Packaging: drop snap.failure service for openSUSE", " - Packaging: add SELinux support for openSUSE", " - Packaging: disable optee when using nooptee build tag", " - Packaging: add support for static PIE builds in snapd.mk, drop", " pie.patch from openSUSE", " - Packaging: add libcap2-bin runtime dependency for ubuntu-16.04", " - Packaging: use snapd.mk for packaging on Fedora", " - Packaging: exclude .git directory", " - Packaging: fix DPKG_PARSECHANGELOG assignment", " - Packaging: fix building on Fedora with dpkg installed", "" ], "package": "snapd", "version": "2.71+ubuntu25.04", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2118396, 2114923, 2112551, 2114779, 2112544, 2112332, 1952500, 1849346, 2098780, 2033883 ], "author": "Ernest Lotter ", "date": "Fri, 25 Jul 2025 13:18:47 +0200" }, { "cves": [], "log": [ "", " - FDE: Fix reseal with v1 hook key format", " - FDE: set role in TPM keys", " - AppArmor prompting (experimental): add handling for expired", " requests or listener in the kernel", " - AppArmor prompting: log the notification protocol version", " negotiated with the kernel", " - AppArmor prompting: implement notification protocol v5 (manually", " disabled for now)", " - AppArmor prompting: register listener ID with the kernel and", " resend notifications after snapd restart (requires protocol v5+)", " - AppArmor prompting: select interface from metadata tags and set", " request interface accordingly (requires protocol v5+)", " - AppArmor prompting: include request PID in prompt", " - AppArmor prompting: move the max prompt ID file to a subdirectory", " of the snap run directory", " - AppArmor prompting: avoid race between closing/reading socket fd", " - Confdb (experimental): make save/load hooks mandatory if affecting", " ephemeral", " - Confdb: clear tx state on failed load", " - Confdb: modify 'snap sign' formats JSON in assertion bodies (e.g.", " confdb-schema)", " - Confdb: add NestedEphemeral to confdb schemas", " - Confdb: add early concurrency checks", " - Simplify building Arch package", " - Enable snapd.apparmor on Fedora", " - Build snapd snap with libselinux", " - Emit snapd.apparmor warning only when using apparmor backend", " - When running snap, on system key mismatch e.g. due to network", " attached HOME, trigger and wait for a security profiles", " regeneration", " - Avoid requiring state lock to get user, warnings, or pending", " restarts when handling API requests", " - Start/stop ssh.socket for core24+ when enabling/disabling the ssh", " service", " - Allow providing a different base when overriding snap", " - Modify snap-bootstrap to mount snapd snap directly to /snap", " - Modify snap-bootstrap to mount /lib/{modules,firmware} from snap", " as fallback", " - Modify core-initrd to use systemctl reboot instead of /sbin/reboot", " - Copy the initramfs 'manifest-initramfs.yaml' to initramfs file", " creation directory so it can be copied to the kernel snap", " - Build the early initrd from installed ucode packages", " - Create drivers tree when remodeling from UC20/22 to UC24", " - Load gpio-aggregator module before the helper-service needs it", " - Run 'systemctl start' for mount units to ensure they are run also", " when unchanged", " - Update godbus version to 'v5 v5.1.0'", " - Add support for POST to /v2/system-info with system-key-mismatch", " indication from the client", " - Add 'snap sign --update-timestamp' flag to update timestamp before", " signing", " - Add vfs support for snap-update-ns to use to simulate and evaluate", " mount sequences", " - Add refresh app awareness debug logging", " - Add snap-bootstrap scan-disk subcommand to be called from udev", " - Add feature to inject proxy store assertions in build image", " - Add OP-TEE bindings, enable by default in ARM and ARM64 builds", " - Fix systemd dependency options target to go under 'unit' section", " - Fix snap-bootstrap reading kernel snap instead of base resulting", " in bad modeenv", " - Fix a regression during seeding when using early-config", " - LP: #2107443 reset SHELL to /bin/bash in non-classic snaps", " - Make Azure kernels reboot upon panic", " - Fix snap-confine to not drop capabilities if the original user is", " already root", " - Fix data race when stopping services", " - Fix task dependency issue by temporarily disable re-refresh on", " prerequisite updates", " - Fix compiling against op-tee on armhf", " - Fix dbx update when not using FDE", " - Fix potential validation set deadlock due to bases waiting on", " snaps", " - LP: #2104066 Only cancel notices requests on stop/shutdown", " - Interfaces: bool-file | fix gpio glob pattern as required for", " '[XXXX]*' format", " - Interfaces: system-packages-doc | allow access to", " /usr/local/share/doc", " - Interfaces: ros-snapd-support interface | added new interface", " - Interfaces: udisks2 | allow chown capability", " - Interfaces: system-observe | allow reading cpu.max", " - Interfaces: serial-port | add ttyMAXX to allowed list", " - Interfaces: modified seccomp template to disallow", " 'O_NOTIFICATION_PIPE'", " - Interfaces: fwupd | add support for modem-manager plugin", " - Interfaces: gpio-chardev | make unsupported and remove", " experimental flag to hide this feature until gpio-aggregator is", " available", " - Interfaces: hardware-random | fix udev match rule", " - Interfaces: timeserver-control | extend to allow timedatectl", " timesync commands", " - Interfaces: add symlinks backend", " - Interfaces: system key mismatch handling", "" ], "package": "snapd", "version": "2.70+ubuntu25.04", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2107443, 2104066 ], "author": "Ernest Lotter ", "date": "Tue, 03 Jun 2025 11:46:44 +0200" }, { "cves": [], "log": [ "", " - FDE: re-factor listing of the disks based on run mode model and", " model to correctly resolve paths", " - FDE: run snapd from snap-failure with the correct keyring mode", " - Snap components: allow remodeling back to an old snap revision", " that includes components", " - Snap components: fix remodel to a kernel snap that is already", " installed on the system, but not the current kernel due to a", " previous remodel.", " - Snap components: fix for snapctl inputs that can crash snapd", " - Confdb (experimental): load ephemeral data when reading data via", " snapctl get", " - Confdb (experimental): load ephemeral data when reading data via", " snap get", " - Confdb (experimental): rename {plug}-view-changed hook to observe-", " view-{plug}", " - Confdb (experimental): rename confdb assertion to confdb-schema", " - Confdb (experimental): change operator grouping in confdb-control", " assertion", " - Confdb (experimental): add confdb-control API", " - AppArmor: extend the probed features to include the presence of", " files, as well as directories", " - AppArmor prompting (experimental): simplify the listener", " - AppArmor metadata tagging (disabled): probe parser support for", " tags", " - AppArmor metadata tagging (disabled): implement notification", " protocol v5", " - Confidential VMs: sysroot.mount is now dynamically created by", " snap-bootstrap instead of being a static file in the initramfs", " - Confidential VMs: Add new implementation of snap integrity API", " - Non-suid snap-confine: first phase to replace snap-confine suid", " with capabilities to achieve the required permissions", " - Initial changes for dynamic security profiles updates", " - Provide snap icon fallback for /v2/icons without requiring network", " access at runtime", " - Add eMMC gadget update support", " - Support reexec when using /usr/libexec/snapd on the host (Arch", " Linux, openSUSE)", " - Auto detect snap mount dir location on unknown distributions", " - Modify snap-confine AppArmor template to allow all glibc HWCAPS", " subdirectories to prevent launch errors", " - LP: #2102456 update secboot to bf2f40ea35c4 and modify snap-", " bootstrap to remove usage of go templates to reduce size by 4MB", " - Fix snap-bootstrap to mount kernel snap from", " /sysroot/writable/system-data", " - LP: #2106121 fix snap-bootstrap busy loop", " - Fix encoding of time.Time by using omitzero instead of omitempty", " (on go 1.24+)", " - Fix setting snapd permissions through permctl for openSUSE", " - Fix snap struct json tags typo", " - Fix snap pack configure hook permissions check incorrect file mode", " - Fix gadget snap reinstall to honor existing sizes of partitions", " - Fix to update command line when re-executing a snapd tool", " - Fix 'snap validate' of specific missing newline and add error on", " missed case of 'snap validate --refresh' without another action", " - Workaround for snapd-confine time_t size differences between", " architectures", " - Disallow pack and install of snapd, base and os with specific", " configure hooks", " - Drop udev build dependency that is no longer required and add", " missing systemd-dev dependency", " - Build snap-bootstrap with nomanagers tag to decrease size by 1MB", " - Interfaces: polkit | support custom polkit rules", " - Interfaces: opengl | LP: #2088456 fix GLX on nvidia when xorg is", " confined by AppArmor", " - Interfaces: log-observe | add missing udev rule", " - Interfaces: hostname-control | fix call to hostnamectl in core24", " - Interfaces: network-control | allow removing created network", " namespaces", " - Interfaces: scsi-generic | re-enable base declaration for scsi-", " generic plug", " - Interfaces: u2f | add support for Arculus AuthentiKey", "" ], "package": "snapd", "version": "2.69+ubuntu25.04", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2102456, 2106121, 2088456 ], "author": "Ernest Lotter ", "date": "Tue, 08 Apr 2025 12:53:39 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2098137", " - Snap components: LP: #2104933 workaround for classic 24.04/24.10", " models that incorrectly specify core22 instead of core24", " - Update build dependencies", "" ], "package": "snapd", "version": "2.68.4", "urgency": "medium", "distributions": "xenial", "launchpad_bugs_fixed": [ 2098137, 2104933 ], "author": "Ernest Lotter ", "date": "Wed, 02 Apr 2025 19:48:25 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2098137", " - FDE: LP: #2101834 snapd 2.68+ and snap-bootstrap <2.68 fallback to", " old keyring path", " - Fix Plucky snapd deb build issue related to /var/lib/snapd/void", " permissions", " - Fix snapd deb build complaint about ifneq with extra bracket", "" ], "package": "snapd", "version": "2.68.3", "urgency": "medium", "distributions": "xenial", "launchpad_bugs_fixed": [ 2098137, 2101834 ], "author": "Ernest Lotter ", "date": "Mon, 10 Mar 2025 20:13:38 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2098137", " - FDE: use boot mode for FDE hooks", " - FDE: add snap-bootstrap compatibility check to prevent image", " creation with incompatible snapd and kernel snap", " - FDE: add argon2 out-of-process KDF support", " - FDE: have separate mutex for the sections writing a fresh modeenv", " - FDE: LP: #2099709 update secboot to e07f4ae48e98", " - Confdb: support pruning ephemeral data and process alternative", " types in order", " - core-initrd: look at env to mount directly to /sysroot", " - core-initrd: prepare for Plucky build and split out 24.10", " (Oracular)", " - Fix missing primed packages in snapd snap manifest", " - Interfaces: posix-mq | fix incorrect clobbering of global variable", " and make interface more precise", " - Interfaces: opengl | add more kernel fusion driver files", "" ], "package": "snapd", "version": "2.68.2", "urgency": "medium", "distributions": "xenial", "launchpad_bugs_fixed": [ 2098137, 2099709 ], "author": "Ernest Lotter ", "date": "Thu, 27 Feb 2025 09:56:20 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2098137", " - Fix snap-confine type specifier type mismatch on armhf", "" ], "package": "snapd", "version": "2.68.1", "urgency": "medium", "distributions": "xenial", "launchpad_bugs_fixed": [ 2098137 ], "author": "Ernest Lotter ", "date": "Mon, 24 Feb 2025 10:31:49 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2098137", " - FDE: add support for new and more extensible key format that is", " unified between TPM and FDE hook", " - FDE: add support for adding passphrases during installation", " - FDE: update secboot to 30317622bbbc", " - Snap components: make kernel components available on firstboot", " after either initramfs or ephemeral rootfs style install", " - Snap components: mount drivers tree from initramfs so kernel", " modules are available in early boot stages", " - Snap components: support remodeling to models that contain", " components", " - Snap components: support offline remodeling to models that contain", " components", " - Snap components: support creating new recovery systems with", " components", " - Snap components: support downloading components with 'snap", " download' command", " - Snap components: support sideloading asserted components", " - AppArmor Prompting(experimental): improve version checks and", " handling of listener notification protocol for communication with", " kernel AppArmor", " - AppArmor Prompting(experimental): make prompt replies idempotent,", " and have at most one rule for any given path pattern, with", " potentially mixed outcomes and lifespans", " - AppArmor Prompting(experimental): timeout unresolved prompts after", " a period of client inactivity", " - AppArmor Prompting(experimental): return an error if a patch", " request to the API would result in a rule without any permissions", " - AppArmor Prompting(experimental): warn if there is no prompting", " client present but prompting is enabled, or if a prompting-related", " error occurs during snapd startup", " - AppArmor Prompting(experimental): do not log error when converting", " empty permissions to AppArmor permissions", " - Confdb(experimental): rename registries to confdbs (including API", " /v2/registries => /v2/confdb)", " - Confdb(experimental): support marking confdb schemas as ephemeral", " - Confdb(experimental): add confdb-control assertion and feature", " flag", " - Refresh App Awareness(experimental): LP: #2089195 prevent", " possibility of incorrect notification that snap will quit and", " update", " - Confidential VMs: snap-bootstrap support for loading partition", " information from a manifest file for cloudimg-rootfs mode", " - Confidential VMs: snap-bootstrap support for setting up cloudimg-", " rootfs as an overlayfs with integrity protection", " - dm-verity for essential snaps: add support for snap-integrity", " assertion", " - Interfaces: modify AppArmor template to allow owner read on", " @{PROC}/@{pid}/fdinfo/*", " - Interfaces: LP: #2072987 modify AppArmor template to allow using", " setpriv to run daemon as non-root user", " - Interfaces: add configfiles backend that ensures the state of", " configuration files in the filesystem", " - Interfaces: add ldconfig backend that exposes libraries coming", " from snaps to either the rootfs or to other snaps", " - Interfaces: LP: #1712808 LP: 1865503 disable udev backend when", " inside a container", " - Interfaces: add auditd-support interface that grants audit_control", " capability and required paths for auditd to function", " - Interfaces: add checkbox-support interface that allows", " unrestricted access to all devices", " - Interfaces: fwupd | allow access to dell bios recovery", " - Interfaces: fwupd | allow access to shim and fallback shim", " - Interfaces: mount-control | add mount option validator to detect", " mount option conflicts early", " - Interfaces: cpu-control | add read access to /sys/kernel/irq/", " - Interfaces: locale-control | changed to be implicit on Ubuntu Core", " Desktop", " - Interfaces: microstack-support | support for utilizing of AMD SEV", " capabilities", " - Interfaces: u2f | added missing OneSpan device product IDs", " - Interfaces: auditd-support | grant seccomp setpriority", " - Interfaces: opengl interface | enable parsing of nvidia driver", " information files", " - Allow mksquashfs 'xattrs' when packing snap types os, core, base", " and snapd as part of work to support non-root snap-confine", " - Upstream/downstream packaging changes and build updates", " - Improve error logs for malformed desktop files to also show which", " desktop file is at fault", " - Provide more precise error message when overriding channels with", " grade during seed creation", " - Expose 'snap prepare-image' validation parameter", " - Add snap-seccomp 'dump' command that dumps the filter rules from a", " compiled profile", " - Add fallback release info location /etc/initrd-release", " - Added core-initrd to snapd repo and fixed issues with ubuntu-core-", " initramfs deb builds", " - Remove stale robust-mount-namespace-updates experimental feature", " flag", " - Remove snapd-snap experimental feature (rejected) and it's feature", " flag", " - Changed snap-bootstrap to mount base directly on /sysroot", " - Mount ubuntu-seed mounted as no-{suid,exec,dev}", " - Mapping volumes to disks: add support for volume-assignments in", " gadget", " - Fix silently broken binaries produced by distro patchelf 0.14.3 by", " using locally build patchelf 0.18", " - Fix mismatch between listed refresh candidates and actual refresh", " due to outdated validation sets", " - Fix 'snap get' to produce compact listing for tty", " - Fix missing store-url by keeping it as part of auxiliary store", " info", " - Fix snap-confine attempting to retrieve device cgroup setup inside", " container where it is not available", " - Fix 'snap set' and 'snap get' panic on empty strings with early", " error checking", " - Fix logger debug entries to show correct caller and file", " information", " - Fix issue preventing hybrid systems from being seeded on first", " boot", " - LP: #1966203 remove auto-import udev rules not required by deb", " package to avoid unwanted syslog errors", " - LP: #1886414 fix progress reporting when stdout is on a tty, but", " stdin is not", "" ], "package": "snapd", "version": "2.68", "urgency": "medium", "distributions": "xenial", "launchpad_bugs_fixed": [ 2098137, 2089195, 2072987, 1712808, 1966203, 1886414 ], "author": "Ernest Lotter ", "date": "Thu, 13 Feb 2025 12:42:09 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2089691", " - Fix apparmor permissions to allow snaps access to kernel modules", " and firmware on UC24, which also fixes the kernel-modules-control", " interface on UC24", " - AppArmor prompting (experimental): disallow /./ and /../ in path", " patterns", " - Fix 'snap run' getent based user lookup in case of bad PATH", " - Fix snapd using the incorrect AppArmor version during undo of an", " refresh for regenerating snap profiles", " - Add new syscalls to base templates", " - hardware-observe interface: allow riscv_hwprobe syscall", " - mount-observe interface: allow listmount and statmount syscalls", "" ], "package": "snapd", "version": "2.67.1", "urgency": "medium", "distributions": "xenial", "launchpad_bugs_fixed": [ 2089691 ], "author": "Ernest Lotter ", "date": "Wed, 15 Jan 2025 22:02:37 +0200" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [ { "name": "linux-image-6.14.0-35-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "6.14.0-33.33", "version": null }, "to_version": { "source_package_name": "linux-signed", "source_package_version": "6.14.0-35.35", "version": "6.14.0-35.35" }, "cves": [], "launchpad_bugs_fixed": [ 1786013, 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.14.0-35.35", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed", "version": "6.14.0-35.35", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 1786013 ], "author": "Manuel Diewald ", "date": "Fri, 10 Oct 2025 22:26:14 +0200" }, { "cves": [], "log": [ "", " * Main version: 6.14.0-34.34", "", " * Packaging resync (LP: #1786013)", " - [Packaging] resync git-ubuntu-log", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed", "version": "6.14.0-34.34", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 1786013 ], "author": "Stefan Bader ", "date": "Tue, 16 Sep 2025 16:41:58 +0200" } ], "notes": "linux-image-6.14.0-35-generic version '6.14.0-35.35' (source package linux-signed version '6.14.0-35.35') was added. linux-image-6.14.0-35-generic version '6.14.0-35.35' has the same source package name, linux-signed, as removed package linux-image-6.14.0-33-generic. As such we can use the source package version of the removed package, '6.14.0-33.33', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-modules-6.14.0-35-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.14.0-33.33", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.14.0-35.35", "version": "6.14.0-35.35" }, "cves": [ { "cve": "CVE-2025-40300", "url": "https://ubuntu.com/security/CVE-2025-40300", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo. [ dhansen: elaborate on suboptimal IBPB solution ]", "cve_priority": "high", "cve_public_date": "2025-09-11 17:15:00 UTC" }, { "cve": "CVE-2025-39682", "url": "https://ubuntu.com/security/CVE-2025-39682", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: tls: fix handling of zero-length records on the rx_list Each recvmsg() call must process either - only contiguous DATA records (any number of them) - one non-DATA record If the next record has different type than what has already been processed we break out of the main processing loop. If the record has already been decrypted (which may be the case for TLS 1.3 where we don't know type until decryption) we queue the pending record to the rx_list. Next recvmsg() will pick it up from there. Queuing the skb to rx_list after zero-copy decrypt is not possible, since in that case we decrypted directly to the user space buffer, and we don't have an skb to queue (darg.skb points to the ciphertext skb for access to metadata like length). Only data records are allowed zero-copy, and we break the processing loop after each non-data record. So we should never zero-copy and then find out that the record type has changed. The corner case we missed is when the initial record comes from rx_list, and it's zero length.", "cve_priority": "medium", "cve_public_date": "2025-09-05 18:15:00 UTC" }, { "cve": "CVE-2025-38541", "url": "https://ubuntu.com/security/CVE-2025-38541", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() devm_kasprintf() returns NULL on error. Currently, mt7925_thermal_init() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue.", "cve_priority": "medium", "cve_public_date": "2025-08-16 12:15:00 UTC" }, { "cve": "CVE-2025-38477", "url": "https://ubuntu.com/security/CVE-2025-38477", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (called during qfq_enqueue) while other threads access it concurrently. For example, qfq_dump_class may trigger a NULL dereference, and qfq_delete_class may cause a use-after-free. This patch addresses the issue by: 1. Moved qfq_destroy_class into the critical section. 2. Added sch_tree_lock protection to qfq_dump_class and qfq_dump_class_stats.", "cve_priority": "medium", "cve_public_date": "2025-07-28 12:15:00 UTC" }, { "cve": "CVE-2025-38500", "url": "https://ubuntu.com/security/CVE-2025-38500", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set on device creation, thus xfrmi_changelink() should fail when called on such interfaces. The check to enforce this was done only in the case where the xi was returned from xfrmi_locate() which doesn't look for the collect_md interface, and thus the validation was never reached. Calling changelink would thus errornously place the special interface xi in the xfrmi_net->xfrmi hash, but since it also exists in the xfrmi_net->collect_md_xfrmi pointer it would lead to a double free when the net namespace was taken down [1]. Change the check to use the xi from netdev_priv which is available earlier in the function to prevent changes in xfrm collect_md interfaces. [1] resulting oops: [ 8.516540] kernel BUG at net/core/dev.c:12029! [ 8.516552] Oops: invalid opcode: 0000 [#1] SMP NOPTI [ 8.516559] CPU: 0 UID: 0 PID: 12 Comm: kworker/u80:0 Not tainted 6.15.0-virtme #5 PREEMPT(voluntary) [ 8.516565] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 8.516569] Workqueue: netns cleanup_net [ 8.516579] RIP: 0010:unregister_netdevice_many_notify+0x101/0xab0 [ 8.516590] Code: 90 0f 0b 90 48 8b b0 78 01 00 00 48 8b 90 80 01 00 00 48 89 56 08 48 89 32 4c 89 80 78 01 00 00 48 89 b8 80 01 00 00 eb ac 90 <0f> 0b 48 8b 45 00 4c 8d a0 88 fe ff ff 48 39 c5 74 5c 41 80 bc 24 [ 8.516593] RSP: 0018:ffffa93b8006bd30 EFLAGS: 00010206 [ 8.516598] RAX: ffff98fe4226e000 RBX: ffffa93b8006bd58 RCX: ffffa93b8006bc60 [ 8.516601] RDX: 0000000000000004 RSI: 0000000000000000 RDI: dead000000000122 [ 8.516603] RBP: ffffa93b8006bdd8 R08: dead000000000100 R09: ffff98fe4133c100 [ 8.516605] R10: 0000000000000000 R11: 00000000000003d2 R12: ffffa93b8006be00 [ 8.516608] R13: ffffffff96c1a510 R14: ffffffff96c1a510 R15: ffffa93b8006be00 [ 8.516615] FS: 0000000000000000(0000) GS:ffff98fee73b7000(0000) knlGS:0000000000000000 [ 8.516619] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 8.516622] CR2: 00007fcd2abd0700 CR3: 000000003aa40000 CR4: 0000000000752ef0 [ 8.516625] PKRU: 55555554 [ 8.516627] Call Trace: [ 8.516632] [ 8.516635] ? rtnl_is_locked+0x15/0x20 [ 8.516641] ? unregister_netdevice_queue+0x29/0xf0 [ 8.516650] ops_undo_list+0x1f2/0x220 [ 8.516659] cleanup_net+0x1ad/0x2e0 [ 8.516664] process_one_work+0x160/0x380 [ 8.516673] worker_thread+0x2aa/0x3c0 [ 8.516679] ? __pfx_worker_thread+0x10/0x10 [ 8.516686] kthread+0xfb/0x200 [ 8.516690] ? __pfx_kthread+0x10/0x10 [ 8.516693] ? __pfx_kthread+0x10/0x10 [ 8.516697] ret_from_fork+0x82/0xf0 [ 8.516705] ? __pfx_kthread+0x10/0x10 [ 8.516709] ret_from_fork_asm+0x1a/0x30 [ 8.516718] ", "cve_priority": "medium", "cve_public_date": "2025-08-12 16:15:00 UTC" }, { "cve": "CVE-2025-38617", "url": "https://ubuntu.com/security/CVE-2025-38617", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix are both similar to that of commit 15fe076edea7 (\"net/packet: fix a race in packet_bind() and packet_notifier()\"). There too the packet_notifier NETDEV_UP event managed to run while a po->bind_lock critical section had to be temporarily released. And the fix was similarly to temporarily set po->num to zero to keep the socket unhooked until the lock is retaken. The po->bind_lock in packet_set_ring and packet_notifier precede the introduction of git history.", "cve_priority": "medium", "cve_public_date": "2025-08-22 14:15:00 UTC" }, { "cve": "CVE-2025-38618", "url": "https://ubuntu.com/security/CVE-2025-38618", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept() also has port VMADDR_PORT_ANY but is not on the list of unbound sockets. Binding it will result in an extra refcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep the binding until socket destruction). Modify the check in __vsock_bind_connectible() to also prevent binding to VMADDR_PORT_ANY.", "cve_priority": "medium", "cve_public_date": "2025-08-22 14:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2127468, 2124105, 2124105, 2123945, 2103415, 2122527, 2122554, 2121150, 2116908, 2104911, 2121257, 2122072, 2121149, 2122072, 2121266, 2120812, 1786013 ], "changes": [ { "cves": [ { "cve": "CVE-2025-40300", "url": "https://ubuntu.com/security/CVE-2025-40300", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo. [ dhansen: elaborate on suboptimal IBPB solution ]", "cve_priority": "high", "cve_public_date": "2025-09-11 17:15:00 UTC" } ], "log": [ "", " * plucky/linux: 6.14.0-35.35 -proposed tracker (LP: #2127468)", "", " * VMSCAPE CVE-2025-40300 (LP: #2124105) // CVE-2025-40300", " - Documentation/hw-vuln: Add VMSCAPE documentation", " - x86/vmscape: Enumerate VMSCAPE bug", " - x86/vmscape: Add conditional IBPB mitigation", " - x86/vmscape: Enable the mitigation", " - x86/bugs: Move cpu_bugs_smt_update() down", " - x86/vmscape: Warn when STIBP is disabled with SMT", " - x86/vmscape: Add old Intel CPUs to affected list", "", " * VMSCAPE CVE-2025-40300 (LP: #2124105)", " - [Config] Enable MITIGATION_VMSCAPE config", "" ], "package": "linux", "version": "6.14.0-35.35", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2127468, 2124105, 2124105 ], "author": "Manuel Diewald ", "date": "Fri, 10 Oct 2025 21:09:58 +0200" }, { "cves": [ { "cve": "CVE-2025-39682", "url": "https://ubuntu.com/security/CVE-2025-39682", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: tls: fix handling of zero-length records on the rx_list Each recvmsg() call must process either - only contiguous DATA records (any number of them) - one non-DATA record If the next record has different type than what has already been processed we break out of the main processing loop. If the record has already been decrypted (which may be the case for TLS 1.3 where we don't know type until decryption) we queue the pending record to the rx_list. Next recvmsg() will pick it up from there. Queuing the skb to rx_list after zero-copy decrypt is not possible, since in that case we decrypted directly to the user space buffer, and we don't have an skb to queue (darg.skb points to the ciphertext skb for access to metadata like length). Only data records are allowed zero-copy, and we break the processing loop after each non-data record. So we should never zero-copy and then find out that the record type has changed. The corner case we missed is when the initial record comes from rx_list, and it's zero length.", "cve_priority": "medium", "cve_public_date": "2025-09-05 18:15:00 UTC" }, { "cve": "CVE-2025-38541", "url": "https://ubuntu.com/security/CVE-2025-38541", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() devm_kasprintf() returns NULL on error. Currently, mt7925_thermal_init() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue.", "cve_priority": "medium", "cve_public_date": "2025-08-16 12:15:00 UTC" }, { "cve": "CVE-2025-38477", "url": "https://ubuntu.com/security/CVE-2025-38477", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (called during qfq_enqueue) while other threads access it concurrently. For example, qfq_dump_class may trigger a NULL dereference, and qfq_delete_class may cause a use-after-free. This patch addresses the issue by: 1. Moved qfq_destroy_class into the critical section. 2. Added sch_tree_lock protection to qfq_dump_class and qfq_dump_class_stats.", "cve_priority": "medium", "cve_public_date": "2025-07-28 12:15:00 UTC" }, { "cve": "CVE-2025-38500", "url": "https://ubuntu.com/security/CVE-2025-38500", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set on device creation, thus xfrmi_changelink() should fail when called on such interfaces. The check to enforce this was done only in the case where the xi was returned from xfrmi_locate() which doesn't look for the collect_md interface, and thus the validation was never reached. Calling changelink would thus errornously place the special interface xi in the xfrmi_net->xfrmi hash, but since it also exists in the xfrmi_net->collect_md_xfrmi pointer it would lead to a double free when the net namespace was taken down [1]. Change the check to use the xi from netdev_priv which is available earlier in the function to prevent changes in xfrm collect_md interfaces. [1] resulting oops: [ 8.516540] kernel BUG at net/core/dev.c:12029! [ 8.516552] Oops: invalid opcode: 0000 [#1] SMP NOPTI [ 8.516559] CPU: 0 UID: 0 PID: 12 Comm: kworker/u80:0 Not tainted 6.15.0-virtme #5 PREEMPT(voluntary) [ 8.516565] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 8.516569] Workqueue: netns cleanup_net [ 8.516579] RIP: 0010:unregister_netdevice_many_notify+0x101/0xab0 [ 8.516590] Code: 90 0f 0b 90 48 8b b0 78 01 00 00 48 8b 90 80 01 00 00 48 89 56 08 48 89 32 4c 89 80 78 01 00 00 48 89 b8 80 01 00 00 eb ac 90 <0f> 0b 48 8b 45 00 4c 8d a0 88 fe ff ff 48 39 c5 74 5c 41 80 bc 24 [ 8.516593] RSP: 0018:ffffa93b8006bd30 EFLAGS: 00010206 [ 8.516598] RAX: ffff98fe4226e000 RBX: ffffa93b8006bd58 RCX: ffffa93b8006bc60 [ 8.516601] RDX: 0000000000000004 RSI: 0000000000000000 RDI: dead000000000122 [ 8.516603] RBP: ffffa93b8006bdd8 R08: dead000000000100 R09: ffff98fe4133c100 [ 8.516605] R10: 0000000000000000 R11: 00000000000003d2 R12: ffffa93b8006be00 [ 8.516608] R13: ffffffff96c1a510 R14: ffffffff96c1a510 R15: ffffa93b8006be00 [ 8.516615] FS: 0000000000000000(0000) GS:ffff98fee73b7000(0000) knlGS:0000000000000000 [ 8.516619] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 8.516622] CR2: 00007fcd2abd0700 CR3: 000000003aa40000 CR4: 0000000000752ef0 [ 8.516625] PKRU: 55555554 [ 8.516627] Call Trace: [ 8.516632] [ 8.516635] ? rtnl_is_locked+0x15/0x20 [ 8.516641] ? unregister_netdevice_queue+0x29/0xf0 [ 8.516650] ops_undo_list+0x1f2/0x220 [ 8.516659] cleanup_net+0x1ad/0x2e0 [ 8.516664] process_one_work+0x160/0x380 [ 8.516673] worker_thread+0x2aa/0x3c0 [ 8.516679] ? __pfx_worker_thread+0x10/0x10 [ 8.516686] kthread+0xfb/0x200 [ 8.516690] ? __pfx_kthread+0x10/0x10 [ 8.516693] ? __pfx_kthread+0x10/0x10 [ 8.516697] ret_from_fork+0x82/0xf0 [ 8.516705] ? __pfx_kthread+0x10/0x10 [ 8.516709] ret_from_fork_asm+0x1a/0x30 [ 8.516718] ", "cve_priority": "medium", "cve_public_date": "2025-08-12 16:15:00 UTC" }, { "cve": "CVE-2025-38617", "url": "https://ubuntu.com/security/CVE-2025-38617", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix are both similar to that of commit 15fe076edea7 (\"net/packet: fix a race in packet_bind() and packet_notifier()\"). There too the packet_notifier NETDEV_UP event managed to run while a po->bind_lock critical section had to be temporarily released. And the fix was similarly to temporarily set po->num to zero to keep the socket unhooked until the lock is retaken. The po->bind_lock in packet_set_ring and packet_notifier precede the introduction of git history.", "cve_priority": "medium", "cve_public_date": "2025-08-22 14:15:00 UTC" }, { "cve": "CVE-2025-38618", "url": "https://ubuntu.com/security/CVE-2025-38618", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept() also has port VMADDR_PORT_ANY but is not on the list of unbound sockets. Binding it will result in an extra refcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep the binding until socket destruction). Modify the check in __vsock_bind_connectible() to also prevent binding to VMADDR_PORT_ANY.", "cve_priority": "medium", "cve_public_date": "2025-08-22 14:15:00 UTC" } ], "log": [ "", " * plucky/linux: 6.14.0-34.34 -proposed tracker (LP: #2123945)", "", " * [25.04 FEAT] [post announcement] [KRN2304] CPU-MF Counters for new IBM Z", " hardware - perf part (LP: #2103415)", " - perf list: Add IBM z17 event descriptions", "", " * Kernel fails to build when coresight is enabled (LP: #2122527)", " - Coresight: Introduce a new struct coresight_path", " - Coresight: Change functions to accept the coresight_path", " - coresight: change coresight_device lock type to raw_spinlock_t", "", " * memory leaks when configuring a small rate limit in audit (LP: #2122554)", " - audit: fix skb leak when audit rate limit is exceeded", "", " * [UBUNTU 24.04] s390/pci: Don't abort recovery for user-space drivers", " (LP: #2121150)", " - s390/pci: Allow automatic recovery with minimal driver support", "", " * [AMDGPU] Call trace occurs when unplugging a HDMI/DP/VGA cable on Dell", " platforms (LP: #2116908)", " - drm/amd/display: limit clear_update_flags to dcn32 and above", " - drm/amd/display: Allow DCN301 to clear update flags", "", " * sources list generation using dwarfdump takes up to 0.5hr in build process", " (LP: #2104911)", " - [Packaging] Don't generate list of source files", "", " * [SRU] Apparmor: Unshifted uids for hardlinks and unix sockets in user", " namespaces (LP: #2121257)", " - apparmor: shift ouid when mediating hard links in userns", " - apparmor: shift uid when mediating af_unix in userns", "", " * Plucky update: upstream stable patchset 2025-09-04 (LP: #2122072)", " - rtc: pcf2127: add missing semicolon after statement", " - rtc: pcf2127: fix SPI command byte for PCF2131", " - rtc: cmos: use spin_lock_irqsave in cmos_interrupt", " - virtio-net: xsk: rx: fix the frame's length check", " - virtio-net: ensure the received length does not exceed allocated size", " - net: txgbe: request MISC IRQ in ndo_open", " - vsock/vmci: Clear the vmci transport packet properly when initializing", " it", " - net: libwx: fix the incorrect display of the queue number", " - mmc: sdhci: Add a helper function for dump register in dynamic debug", " mode", " - Revert \"mmc: sdhci: Disable SD card clock before changing parameters\"", " - mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier", " - Bluetooth: HCI: Set extended advertising data synchronously", " - Bluetooth: hci_sync: revert some mesh modifications", " - Bluetooth: MGMT: set_mesh: update LE scan interval and window", " - Bluetooth: MGMT: mesh_send: check instances prior disabling advertising", " - iommufd/selftest: Fix iommufd_dirty_tracking with large hugepage sizes", " - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods", " - Input: cs40l50-vibra - fix potential NULL dereference in", " cs40l50_upload_owt()", " - usb: typec: altmodes/displayport: do not index invalid pin_assignments", " - mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data", " - mtk-sd: Prevent memory corruption from DMA map failure", " - mtk-sd: reset host->mrq on prepare_data() error", " - drm/v3d: Disable interrupts before resetting the GPU", " - firmware: arm_ffa: Fix memory leak by freeing notifier callback node", " - firmware: arm_ffa: Move memory allocation outside the mutex locking", " - firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic", " context", " - arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename", " - platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment", " - RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling", " - RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert", " - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.", " - NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN", " - scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database()", " - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu()", " - scsi: sd: Fix VPD page 0xb7 length check", " - scsi: ufs: core: Fix spelling of a sysfs attribute name", " - RDMA/mlx5: Fix HW counters query for non-representor devices", " - RDMA/mlx5: Fix CC counters query for MPV", " - RDMA/mlx5: Fix vport loopback for MPV device", " - platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1", " - platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message", " - Bluetooth: Prevent unintended pause by checking if advertising is active", " - btrfs: fix missing error handling when searching for inode refs during", " log replay", " - btrfs: fix iteration of extrefs during log replay", " - btrfs: return a btrfs_inode from btrfs_iget_logging()", " - btrfs: return a btrfs_inode from read_one_inode()", " - btrfs: fix invalid inode pointer dereferences during log replay", " - btrfs: fix inode lookup error handling during log replay", " - btrfs: record new subvolume in parent dir earlier to avoid dir logging", " races", " - btrfs: propagate last_unlink_trans earlier when doing a rmdir", " - btrfs: use btrfs_record_snapshot_destroy() during rmdir", " - ethernet: atl1: Add missing DMA mapping error checks and count errors", " - dpaa2-eth: fix xdp_rxq_info leak", " - drm/exynos: fimd: Guard display clock control with runtime PM calls", " - spi: spi-fsl-dspi: Clear completion counter before initiating transfer", " - drm/i915/selftests: Change mock_request() to return error pointers", " - nvme: Fix incorrect cdw15 value in passthru error logging", " - nvmet: fix memory leak of bio integrity", " - platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs", " callbacks", " - platform/x86: hp-bioscfg: Fix class device unregistration", " - platform/x86: think-lmi: Fix class device unregistration", " - platform/x86: dell-wmi-sysman: Fix class device unregistration", " - platform/mellanox: mlxreg-lc: Fix logic error in power state check", " - drm/bridge: aux-hpd-bridge: fix assignment of the of_node", " - net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect", " - drm/i915/gt: Fix timeline left held on VMA alloc error", " - drm/i915/gsc: mei interrupt top half should be in irq disabled context", " - idpf: return 0 size for RSS key if not supported", " - idpf: convert control queue mutex to a spinlock", " - igc: disable L1.2 PCI-E link substate to avoid performance issue", " - smb: client: set missing retry flag in smb2_writev_callback()", " - smb: client: set missing retry flag in cifs_readv_callback()", " - smb: client: set missing retry flag in cifs_writev_callback()", " - netfs: Fix i_size updating", " - lib: test_objagg: Set error message in check_expect_hints_stats()", " - amd-xgbe: align CL37 AN sequence as per databook", " - enic: fix incorrect MTU comparison in enic_change_mtu()", " - rose: fix dangling neighbour pointers in rose_rt_device_down()", " - nui: Fix dma_mapping_error() check", " - amd-xgbe: do not double read link status", " - smb: client: fix race condition in negotiate timeout by using more", " precise timing", " - crypto: iaa - Remove dst_null support", " - crypto: iaa - Do not clobber req->base.data", " - kunit: qemu_configs: sparc: use Zilog console", " - kunit: qemu_configs: sparc: Explicitly enable CONFIG_SPARC32=y", " - kunit: qemu_configs: Disable faulting tests on 32-bit SPARC", " - gfs2: Decode missing glock flags in tracepoints", " - gfs2: Add GLF_PENDING_REPLY flag", " - gfs2: Replace GIF_DEFER_DELETE with GLF_DEFER_DELETE", " - gfs2: deallocate inodes in gfs2_create_inode", " - btrfs: prepare btrfs_page_mkwrite() for large folios", " - btrfs: fix wrong start offset for delalloc space release during mmap", " write", " - ASoC: tas2764: Extend driver to SN012776", " - ASoC: tas2764: Reinit cache on part reset", " - ACPI: thermal: Fix stale comment regarding trip points", " - ACPI: thermal: Execute _SCP before reading trip points", " - RDMA/rxe: Fix \"trying to register non-static key in rxe_qp_do_cleanup\"", " bug", " - sched_ext: Make scx_group_set_weight() always update tg->scx.weight", " - drm/msm: Fix a fence leak in submit error path", " - drm/msm: Fix another leak in the submit error path", " - ALSA: sb: Don't allow changing the DMA mode during operations", " - ALSA: sb: Force to disable DMAs once when DMA mode is changed", " - ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled", " - ata: pata_cs5536: fix build on 32-bit UML", " - ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic", " - platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks", " list", " - genirq/irq_sim: Initialize work context pointers properly", " - powerpc: Fix struct termio related ioctl macros", " - ASoC: amd: yc: update quirk data for HP Victus", " - regulator: fan53555: add enable_time support and soft-start times", " - scsi: target: Fix NULL pointer dereference in", " core_scsi3_decode_spec_i_port()", " - aoe: defer rexmit timer downdev work to workqueue", " - wifi: mac80211: drop invalid source address OCB frames", " - wifi: ath6kl: remove WARN on bad firmware input", " - ACPICA: Refuse to evaluate a method if arguments are missing", " - mtd: spinand: fix memory leak of ECC engine conf", " - rcu: Return early if callback is not specified", " - module: Provide EXPORT_SYMBOL_GPL_FOR_MODULES() helper", " - fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass", " - RDMA/mlx5: Fix cache entry update on dereg error", " - IB/mlx5: Fix potential deadlock in MR deregistration", " - NFSv4/flexfiles: Fix handling of NFS level errors in I/O", " - usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed", " - Revert \"usb: xhci: Implement xhci_handshake_check_state() helper\"", " - usb: xhci: quirk for data loss in ISOC transfers", " - xhci: dbctty: disable ECHO flag by default", " - xhci: dbc: Flush queued requests before stopping dbc", " - xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS", " - Input: xpad - support Acer NGR 200 Controller", " - Input: iqs7222 - explicitly define number of external channels", " - usb: cdnsp: do not disable slot for disabled slot", " - usb: cdnsp: Fix issue with CV Bad Descriptor test", " - usb: dwc3: Abort suspend on soft disconnect failure", " - usb: chipidea: udc: disconnect/reconnect from host when do", " suspend/resume", " - usb: acpi: fix device link removal", " - smb: client: fix readdir returning wrong type with POSIX extensions", " - cifs: all initializations for tcon should happen in tcon_info_alloc", " - dma-buf: fix timeout handling in dma_resv_wait_timeout v2", " - i2c/designware: Fix an initialization issue", " - Logitech C-270 even more broken", " - optee: ffa: fix sleep in atomic context", " - iommu/rockchip: prevent iommus dead loop when two masters share one", " IOMMU", " - powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be", " changed", " - riscv: cpu_ops_sbi: Use static array for boot_data", " - platform/x86: think-lmi: Create ksets consecutively", " - platform/x86: think-lmi: Fix kobject cleanup", " - platform/x86: think-lmi: Fix sysfs group cleanup", " - mm/vmalloc: fix data race in show_numa_info()", " - x86/bugs: Rename MDS machinery to something more generic", " - x86/microcode/AMD: Add TSA microcode SHAs", " - x86/process: Move the buffer clearing before MONITOR", " - iommufd/selftest: Add missing close(mfd) in memfd_mmap()", " - iommufd/selftest: Add asserts testing global mfd", " - xfs: actually use the xfs_growfs_check_rtgeom tracepoint", " - mmc: sdhci-uhs2: Adjust some error messages and register dump for SD", " UHS-II card", " - mmc: core: Adjust some error messages for SD UHS-II cards", " - RDMA/mlx5: reduce stack usage in mlx5_ib_ufile_hw_cleanup", " - scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask", " is set", " - btrfs: fix failure to rebuild free space tree using multiple", " transactions", " - nvme-pci: refresh visible attrs after being checked", " - drm/bridge: panel: move prepare_prev_first handling to", " drm_panel_bridge_add_typed", " - netfs: Fix hang due to missing case in final DIO read result collection", " - netfs: Fix looping in wait functions", " - netfs: Fix ref leak on inserted extra subreq in write retry", " - drm/xe/guc: Enable w/a 16026508708", " - drm/xe/guc_pc: Add _locked variant for min/max freq", " - drm/xe: Split xe_device_td_flush()", " - drm/xe/bmg: Update Wa_14022085890", " - drm/xe/bmg: Update Wa_22019338487", " - net: ipv4: fix stat increase when udp early demux drops the packet", " - smb: client: fix native SMB symlink traversal", " - netfs: Fix double put of request", " - drm/xe: Allow dropping kunit dependency as built-in", " - x86/platform/amd: move final timeout check to after final sleep", " - usb: dwc3: gadget: Fix TRB reclaim logic for short transfers and ZLPs", " - dt-bindings: i2c: realtek,rtl9301: Fix missing 'reg' constraint", " - x86/bugs: Add a Transient Scheduler Attacks mitigation", " - [Config] Enable MITIGATION_TSA", " - KVM: x86: Sort CPUID_8000_0021_EAX leaf bits properly", " - KVM: SVM: Advertise TSA CPUID bits to guests", " - Upstream stable to v6.12.37, v6.15.6", "", " * [UBUNTU 24.04] s390/pci: Fix stale function handles in error handling", " (LP: #2121149) // Plucky update: upstream stable patchset 2025-09-04", " (LP: #2122072)", " - s390/pci: Fix stale function handles in error handling", " - s390/pci: Do not try re-enabling load/store if device is disabled", "", " * Plucky update: upstream stable patchset 2025-08-22 (LP: #2121266)", " - cifs: Correctly set SMB1 SessionKey field in Session Setup Request", " - cifs: Fix cifs_query_path_info() for Windows NT servers", " - cifs: Fix encoding of SMB1 Session Setup NTLMSSP Request in non-UNICODE", " mode", " - NFSv4: Always set NLINK even if the server doesn't support it", " - NFSv4.2: fix listxattr to return selinux security label", " - NFSv4.2: fix setattr caching of TIME_[MODIFY|ACCESS]_SET when timestamps", " are delegated", " - mailbox: Not protect module_put with spin_lock_irqsave", " - mfd: max14577: Fix wakeup source leaks on device unbind", " - sunrpc: don't immediately retransmit on seqno miss", " - dm vdo indexer: don't read request structure after enqueuing", " - leds: multicolor: Fix intensity setting while SW blinking", " - fuse: fix race between concurrent setattrs from multiple nodes", " - cxl/region: Add a dev_err() on missing target list entries", " - NFSv4: xattr handlers should check for absent nfs filehandles", " - hwmon: (pmbus/max34440) Fix support for max34451", " - ksmbd: allow a filename to contain special characters on SMB3.1.1 posix", " extension", " - ksmbd: provide zero as a unique ID to the Mac client", " - rust: module: place cleanup_module() in .exit.text section", " - rust: arm: fix unknown (to Clang) argument '-mno-fdpic'", " - dmaengine: idxd: Check availability of workqueue allocated by idxd wq", " driver before using", " - dmaengine: xilinx_dma: Set dma_device directions", " - PCI: dwc: Make link training more robust by setting", " PORT_LOGIC_LINK_WIDTH to one lane", " - PCI: apple: Fix missing OF node reference in apple_pcie_setup_port", " - PCI: imx6: Add workaround for errata ERR051624", " - nvme-tcp: fix I/O stalls on congested sockets", " - nvme-tcp: sanitize request list handling", " - md/md-bitmap: fix dm-raid max_write_behind setting", " - amd/amdkfd: fix a kfd_process ref leak", " - bcache: fix NULL pointer in cache_set_flush()", " - drm/amdgpu: seq64 memory unmap uses uninterruptible lock", " - drm/scheduler: signal scheduled fence when kill job", " - iio: pressure: zpa2326: Use aligned_s64 for the timestamp", " - um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h", " - um: use proper care when taking mmap lock during segfault", " - 8250: microchip: pci1xxxx: Add PCIe Hot reset disable support for Rev C0", " and later devices", " - coresight: Only check bottom two claim bits", " - usb: dwc2: also exit clock_gating when stopping udc while suspended", " - iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos", " - misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe()", " - usb: potential integer overflow in usbg_make_tpg()", " - tty: serial: uartlite: register uart driver in init", " - usb: common: usb-conn-gpio: use a unique name for usb connector device", " - usb: Add checks for snprintf() calls in usb_alloc_dev()", " - usb: cdc-wdm: avoid setting WDM_READ for ZLP-s", " - usb: gadget: f_hid: wake up readers on disable/unbind", " - usb: typec: displayport: Receive DP Status Update NAK request exit dp", " altmode", " - usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set", " - riscv: add a data fence for CMODX in the kernel mode", " - ALSA: hda: Ignore unsol events for cards being shut down", " - ALSA: hda: Add new pci id for AMD GPU display HD audio controller", " - ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock", " - ASoC: rt1320: fix speaker noise when volume bar is 100%", " - ceph: fix possible integer overflow in ceph_zero_objects()", " - scsi: ufs: core: Don't perform UFS clkscaling during host async scan", " - ovl: Check for NULL d_inode() in ovl_dentry_upper()", " - btrfs: handle csum tree error with rescue=ibadroots correctly", " - drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1", " - Revert \"drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1\"", " - btrfs: factor out nocow ordered extent and extent map generation into a", " helper", " - btrfs: use unsigned types for constants defined as bit shifts", " - btrfs: fix qgroup reservation leak on failure to allocate ordered extent", " - fs/jfs: consolidate sanity checking in dbMount", " - jfs: validate AG parameters in dbMount() to prevent crashes", " - ASoC: codec: wcd9335: Convert to GPIO descriptors", " - ASoC: codecs: wcd9335: Fix missing free of regulator supplies", " - f2fs: don't over-report free space or inodes in statvfs", " - PCI: apple: Use helper function for_each_child_of_node_scoped()", " - PCI: apple: Set only available ports up", " - accel/ivpu: Add debugfs interface for setting HWS priority bands", " - accel/ivpu: Trigger device recovery on engine reset/resume failure", " - af_unix: Don't leave consecutive consumed OOB skbs.", " - i2c: tiny-usb: disable zero-length read messages", " - i2c: robotfuzz-osif: disable zero-length read messages", " - smb: client: remove \\t from TP_printk statements", " - mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path", " on write", " - ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15", " - s390/pkey: Prevent overflow in size calculation for memdup_user()", " - fs/proc/task_mmu: fix PAGE_IS_PFNZERO detection for the huge zero folio", " - lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly()", " - Revert \"riscv: Define TASK_SIZE_MAX for __access_ok()\"", " - drm/xe/display: Add check for alloc_ordered_workqueue()", " - HID: wacom: fix crash in wacom_aes_battery_handler()", " - atm: clip: prevent NULL deref in clip_push()", " - Bluetooth: hci_core: Fix use-after-free in vhci_flush()", " - ALSA: usb-audio: Fix out-of-bounds read in", " snd_usb_get_audioformat_uac3()", " - attach_recursive_mnt(): do not lock the covering tree when sliding", " something under it", " - libbpf: Fix null pointer dereference in btf_dump__free on allocation", " failure", " - ethernet: ionic: Fix DMA mapping tests", " - wifi: mac80211: fix beacon interval calculation overflow", " - af_unix: Don't set -ECONNRESET for consumed OOB skb.", " - wifi: mac80211: Add link iteration macro for link data", " - wifi: mac80211: Create separate links for VLAN interfaces", " - wifi: mac80211: finish link init before RCU publish", " - vsock/uapi: fix linux/vm_sockets.h userspace compilation errors", " - bnxt: properly flush XDP redirect lists", " - um: ubd: Add missing error check in start_io_thread()", " - libbpf: Fix possible use-after-free for externs", " - net: enetc: Correct endianness handling in _enetc_rd_reg64", " - netlink: specs: tc: replace underscores with dashes in names", " - atm: Release atm_dev_mutex after removing procfs in", " atm_dev_deregister().", " - ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR", " - net: selftests: fix TCP packet checksum", " - drm/amdgpu/discovery: optionally use fw based ip discovery", " - drm/amd: Adjust output for discovery error handling", " - drm/bridge: ti-sn65dsi86: make use of debugfs_init callback", " - drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type", " - drm/xe: Process deferred GGTT node removals on device unwind", " - smb: client: fix potential deadlock when reconnecting channels", " - smb: smbdirect: add smbdirect_pdu.h with protocol definitions", " - smb: client: make use of common smbdirect_pdu.h", " - smb: smbdirect: add smbdirect.h with public structures", " - smb: smbdirect: add smbdirect_socket.h", " - smb: client: make use of common smbdirect_socket", " - smb: smbdirect: introduce smbdirect_socket_parameters", " - smb: client: make use of common smbdirect_socket_parameters", " - cifs: Fix the smbd_response slab to allow usercopy", " - cifs: Fix reading into an ITER_FOLIOQ from the smbdirect code", " - EDAC/amd64: Fix size calculation for Non-Power-of-Two DIMMs", " - x86/traps: Initialize DR6 by writing its architectural reset value", " - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher()", " - dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive", " - serial: core: restore of_node information in sysfs", " - serial: imx: Restore original RXTL for console to fix data loss", " - Bluetooth: L2CAP: Fix L2CAP MTU negotiation", " - dm-raid: fix variable in journal device check", " - btrfs: fix a race between renames and directory logging", " - btrfs: update superblock's device bytes_used when dropping chunk", " - spi: spi-cadence-quadspi: Fix pm runtime unbalance", " - net: libwx: fix the creation of page_pool", " - maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()", " - mm/gup: revert \"mm: gup: fix infinite loop within __get_longterm_locked\"", " - f2fs: fix to zero post-eof page", " - HID: lenovo: Restrict F7/9/11 mode to compact keyboards only", " - HID: wacom: fix memory leak on kobject creation failure", " - HID: wacom: fix memory leak on sysfs attribute creation failure", " - HID: wacom: fix kobject reference count leak", " - scsi: megaraid_sas: Fix invalid node index", " - scsi: ufs: core: Fix clk scaling to be conditional in reset and restore", " - drm/ast: Fix comment on modeset lock", " - drm/etnaviv: Protect the scheduler's pending list with its lock", " - drm/tegra: Assign plane type before registration", " - drm/tegra: Fix a possible null pointer dereference", " - drm/udl: Unregister device before cleaning up on disconnect", " - drm/msm/gpu: Fix crash when throttling GPU immediately during boot", " - drm/amdkfd: Fix race in GWS queue scheduling", " - drm/bridge: cdns-dsi: Fix the clock variable for mode_valid()", " - drm/bridge: cdns-dsi: Fix phy de-init and flag it so", " - drm/bridge: cdns-dsi: Fix connecting to next bridge", " - drm/bridge: cdns-dsi: Check return value when getting default PHY config", " - drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready", " - drm/amd/display: Add null pointer check for get_first_active_display()", " - drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram", " - drm/amd/display: Correct non-OLED pre_T11_delay.", " - drm/xe/vm: move rebind_work init earlier", " - drm/xe/guc_submit: add back fix", " - drm/amd/display: Fix RMCM programming seq errors", " - drm/amdgpu: Add kicker device detection", " - drm/amd/display: Check dce_hwseq before dereferencing it", " - drm/xe: Fix memset on iomem", " - drm/xe: Fix taking invalid lock on wedge", " - drm/xe: Fix early wedge on GuC load failure", " - drm/i915/dsi: Fix off by one in BXT_MIPI_TRANS_VTOTAL", " - drm/amdgpu: Fix SDMA UTC_L1 handling during start/stop sequences", " - drm/amdgpu: switch job hw_fence to amdgpu_fence", " - drm/amd/display: Fix mpv playback corruption on weston", " - media: uvcvideo: Rollback non processed entities on error", " - x86/fpu: Refactor xfeature bitmask update code for sigframe XSAVE", " - x86/pkeys: Simplify PKRU update in signal frame", " - io_uring: fix potential page leak in io_sqe_buffer_register()", " - io_uring/rsrc: fix folio unpinning", " - io_uring/net: mark iov as dynamically allocated even for single segments", " - mm/vma: reset VMA iterator on commit_merge() OOM failure", " - ALSA: hda/realtek: Bass speaker fixup for ASUS UM5606KA", " - mfd: max77541: Fix wakeup source leaks on device unbind", " - mfd: 88pm886: Fix wakeup source leaks on device unbind", " - mfd: sprd-sc27xx: Fix wakeup source leaks on device unbind", " - hwmon: (isl28022) Fix current reading calculation", " - cxl: core/region - ignore interleave granularity when ways=1", " - bus: mhi: host: pci_generic: Add Telit FN920C04 modem support", " - iio: dac: adi-axi-dac: add cntrl chan check", " - iio: adc: ad7606_spi: check error in ad7606B_sw_mode_config()", " - iio: hid-sensor-prox: Add support for 16-bit report size", " - usb: typec: tcpci: Fix wakeup source leaks on device unbind", " - usb: typec: tipd: Fix wakeup source leaks on device unbind", " - s390/mm: Fix in_atomic() handling in do_secure_storage_access()", " - riscv: misaligned: declare misaligned_access_speed under", " CONFIG_RISCV_MISALIGNED", " - riscv: save the SR_SUM status over switches", " - media: uvcvideo: Keep streaming state in the file handle", " - media: uvcvideo: Create uvc_pm_(get|put) functions", " - media: uvcvideo: Increase/decrease the PM counter per IOCTL", " - drm/i915/display: Add check for alloc_ordered_workqueue() and", " alloc_workqueue()", " - i2c: imx: fix emulated smbus block read", " - LoongArch: KVM: Avoid overflow with array index", " - LoongArch: KVM: Check validity of \"num_cpu\" from user space", " - LoongArch: KVM: Disable updating of \"num_cpu\" and \"feature\"", " - LoongArch: KVM: Add address alignment check for IOCSR emulation", " - LoongArch: KVM: Fix interrupt route update with EIOINTC", " - LoongArch: KVM: Check interrupt route from physical CPU", " - scripts/gdb: fix dentry_name() lookup", " - smb: client: fix regression with native SMB symlinks", " - riscv: vector: Fix context save/restore with xtheadvector", " - riscv: export boot_cpu_hartid", " - io_uring/rsrc: don't rely on user vaddr alignment", " - drm/amd/display: Add sanity checks for drm_edid_raw()", " - drm/xe: Move DSB l2 flush to a more sensible place", " - drm/xe: move DPT l2 flush to a more sensible place", " - HID: Intel-thc-hid: Intel-quicki2c: Enhance QuickI2C reset flow", " - scsi: fnic: Fix missing DMA mapping error in fnic_send_frame()", " - nvme: refactor the atomic write unit detection", " - nvme: fix atomic write size validation", " - drm/xe/guc: Explicitly exit CT safe mode on unwind", " - bcache: remove unnecessary select MIN_HEAP", " - Revert \"bcache: update min_heap_callbacks to use default builtin swap\"", " - Revert \"bcache: remove heap-related macros and switch to generic", " min_heap\"", " - selinux: change security_compute_sid to return the ssid or tsid on match", " - mm: userfaultfd: fix race of userfaultfd_move and swap cache", " - mm/shmem, swap: fix softlockup with mTHP swapin", " - scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out", " - scsi: fnic: Turn off FDMI ACTIVE flags on link down", " - drm/cirrus-qemu: Fix pitch programming", " - drm/panel: simple: Tianma TM070JDHG34-00: add delays", " - drm/simpledrm: Do not upcast in release helpers", " - drm/i915/ptl: Use everywhere the correct DDI port clock select mask", " - drm/i915/dp_mst: Work around Thunderbolt sink disconnect after", " SINK_COUNT_ESI read", " - drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause", " - drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13", " - drm/amd/display: Add more checks for DSC / HUBP ONO guarantees", " - drm/amd/display: Add dc cap for dp tunneling", " - Revert \"UBUNTU: SAUCE: arm64: dts: qcom: x1e80100-crd: mark l12b and", " l15b always-on\"", " - arm64: dts: qcom: x1e80100-crd: mark l12b and l15b always-on", " - Revert \"UBUNTU: SAUCE: arm64: dts: qcom: x1e78100-t14s: mark l12b and", " l15b always-on\"", " - arm64: dts: qcom: x1e78100-t14s: mark l12b and l15b always-on", " - arm64: dts: qcom: x1-crd: Fix vreg_l2j_1p2 voltage", " - crypto: powerpc/poly1305 - add depends on BROKEN for now", " - [Config] Disable CRYPTO_POLY1305_P10", " - drm/amdgpu/mes: add missing locking in helper functions", " - Revert \"UBUNTU: SAUCE: arm64: dts: qcom: x1e78100-t14s: fix missing HID", " supplies\"", " - arm64: dts: qcom: x1e78100-t14s: fix missing HID supplies", " - drm/amd/display: Add early 8b/10b channel equalization test pattern", " sequence", " - drm/amd/display: Get LTTPR IEEE OUI/Device ID From Closest LTTPR To Host", " - rust: completion: implement initial abstraction", " - rust: revocable: indicate whether `data` has been revoked already", " - rust: devres: fix race in Devres::drop()", " - rust: devres: do not dereference to the internal Revocable", " - io_uring/kbuf: flag partial buffer mappings", " - riscv: uaccess: Only restore the CSR_STATUS SUM bit", " - drm/amd/display: Add debugging message for brightness caps", " - drm/amd/display: Fix default DC and AC levels", " - drm/amd/display: Only read ACPI backlight caps once", " - usb: typec: displayport: Fix potential deadlock", " - NFSv4.2: another fix for listxattr", " - drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe()", " - nvme: revert the cross-controller atomic write size validation", " - scripts: gdb: vfs: support external dentry names", " - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU", " - Upstream stable to v6.12.36, v6.15.5", "", " * Plucky update: upstream stable patchset 2025-08-18 (LP: #2120812)", " - configfs: Do not override creating attribute file failure in", " populate_attrs()", " - crypto: marvell/cesa - Do not chain submitted requests", " - gfs2: move msleep to sleepable context", " - crypto: qat - add shutdown handler to qat_c3xxx", " - crypto: qat - add shutdown handler to qat_420xx", " - crypto: qat - add shutdown handler to qat_4xxx", " - crypto: qat - add shutdown handler to qat_c62x", " - crypto: qat - add shutdown handler to qat_dh895xcc", " - ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params()", " - ASoC: meson: meson-card-utils: use of_property_present() for DT parsing", " - ASoC: amd: sof_amd_sdw: Fix unlikely uninitialized variable use in", " create_sdw_dailinks()", " - io_uring: account drain memory to cgroup", " - io_uring/kbuf: account ring io_buffer_list memory", " - powerpc/pseries/msi: Avoid reading PCI device registers in reduced power", " states", " - regulator: max20086: Fix MAX200086 chip id", " - regulator: max20086: Change enable gpio to optional", " - net/mlx5_core: Add error handling", " inmlx5_query_nic_vport_qkey_viol_cntr()", " - net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid()", " - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()", " - wifi: mt76: mt7925: fix host interrupt register initialization", " - wifi: ath11k: fix rx completion meta data corruption", " - wifi: rtw88: usb: Upload the firmware in bigger chunks", " - Revert \"UBUNTU: SAUCE: wifi: ath11k: fix ring-buffer corruption\"", " - wifi: ath11k: fix ring-buffer corruption", " - NFSD: unregister filesystem in case genl_register_family() fails", " - NFSD: fix race between nfsd registration and exports_proc", " - NFSD: Implement FATTR4_CLONE_BLKSIZE attribute", " - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request", " - nfsd: Initialize ssc before laundromat_work to prevent NULL dereference", " - SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls", " - NFSv4: Don't check for OPEN feature support in v4.1", " - fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio()", " - Revert \"UBUNTU: SAUCE: wifi: ath12k: fix ring-buffer corruption\"", " - wifi: ath12k: fix ring-buffer corruption", " - jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()", " - svcrdma: Unregister the device if svc_rdma_accept() fails", " - wifi: rtw88: usb: Reduce control message timeout to 500 ms", " - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723", " - media: ov8856: suppress probe deferral errors", " - media: ov5675: suppress probe deferral errors", " - media: imx335: Use correct register width for HNUM", " - media: nxp: imx8-isi: better handle the m2m usage_count", " - media: i2c: ds90ub913: Fix returned fmt from .set_fmt()", " - media: ccs-pll: Start VT pre-PLL multiplier search from correct value", " - media: ov2740: Move pm-runtime cleanup on probe-errors to proper place", " - media: ccs-pll: Start OP pre-PLL multiplier search from correct value", " - media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div", " - media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case", " - media: cxusb: no longer judge rbuf when the write fails", " - media: davinci: vpif: Fix memory leak in probe error path", " - media: gspca: Add error handling for stv06xx_read_sensor()", " - media: i2c: imx335: Fix frame size enumeration", " - media: imagination: fix a potential memory leak in e5010_probe()", " - media: intel/ipu6: Fix dma mask for non-secure mode", " - media: ipu6: Remove workaround for Meteor Lake ES2", " - media: mediatek: vcodec: Correct vsi_core framebuffer size", " - media: omap3isp: use sgtable-based scatterlist wrappers", " - media: v4l2-dev: fix error handling in __video_register_device()", " - media: venus: Fix probe error handling", " - media: videobuf2: use sgtable-based scatterlist wrappers", " - media: vidtv: Terminating the subsequent process of initialization", " failure", " - media: vivid: Change the siize of the composing", " - media: imx-jpeg: Drop the first error frames", " - media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead", " - media: imx-jpeg: Reset slot data pointers when freed", " - media: imx-jpeg: Cleanup after an allocation error", " - media: uvcvideo: Return the number of processed controls", " - media: uvcvideo: Send control events for partial succeeds", " - media: uvcvideo: Fix deferred probing error", " - arm64/mm: Close theoretical race where stale TLB entry remains valid", " - ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap()", " - ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4", " - ASoC: codecs: wcd9375: Fix double free of regulator supplies", " - ASoC: codecs: wcd937x: Drop unused buck_supply", " - block: use plug request list tail for one-shot backmerge attempt", " - block: Clear BIO_EMULATES_ZONE_APPEND flag on BIO completion", " - bus: mhi: ep: Update read pointer only after buffer is written", " - bus: mhi: host: Fix conflict between power_up and SYSERR", " - can: kvaser_pciefd: refine error prone echo_skb_max handling logic", " - can: tcan4x5x: fix power regulator retrieval during probe", " - ceph: avoid kernel BUG for encrypted inode with unaligned file size", " - ceph: set superblock s_magic for IMA fsmagic matching", " - cgroup,freezer: fix incomplete freezing when attaching tasks", " - bus: firewall: Fix missing static inline annotations for stubs", " - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330", " - ata: ahci: Disallow LPM for ASUSPRO-D840SA motherboard", " - ata: ahci: Disallow LPM for Asus B550-F motherboard", " - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device", " - bus: fsl-mc: fix GET/SET_TAILDROP command ids", " - ext4: inline: fix len overflow in ext4_prepare_inline_data", " - ext4: fix calculation of credits for extent tree modification", " - ext4: factor out ext4_get_maxbytes()", " - ext4: ensure i_size is smaller than maxbytes", " - ext4: only dirty folios when data journaling regular files", " - Input: ims-pcu - check record size in ims_pcu_flash_firmware()", " - Input: gpio-keys - fix possible concurrent access in", " gpio_keys_irq_timer()", " - f2fs: fix to do sanity check on ino and xnid", " - f2fs: prevent kernel warning due to negative i_nlink from corrupted", " image", " - f2fs: fix to do sanity check on sit_bitmap_size", " - hwmon: (ftsteutates) Fix TOCTOU race in fts_read()", " - NFC: nci: uart: Set tty->disc_data only in success path", " - net/sched: fix use-after-free in taprio_dev_notifier", " - net: ftgmac100: select FIXED_PHY", " - fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in", " fb_videomode_to_var", " - EDAC/altera: Use correct write width with the INTTEST register", " - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var", " - parisc/unaligned: Fix hex output to show 8 hex chars", " - vgacon: Add check for vc_origin address range in vgacon_scroll()", " - parisc: fix building with gcc-15", " - clk: meson-g12a: add missing fclk_div2 to spicc", " - ipc: fix to protect IPCS lookups using RCU", " - watchdog: fix watchdog may detect false positive of softlockup", " - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction", " - mm: fix ratelimit_pages update error in dirty_ratio_handler()", " - soc: qcom: pmic_glink_altmode: fix spurious DP hotplug events", " - configfs-tsm-report: Fix NULL dereference of tsm_ops", " - firmware: arm_scmi: Ensure that the message-id supports fastchannel", " - mtd: rawnand: sunxi: Add randomizer configuration in", " sunxi_nfc_hw_ecc_write_chunk", " - mtd: nand: sunxi: Add randomizer configuration before randomizer enable", " - KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs", " - KVM: VMX: Flush shadow VMCS on emergency reboot", " - dm-mirror: fix a tiny race condition", " - dm-verity: fix a memory leak if some arguments are specified multiple", " times", " - mtd: rawnand: qcom: Fix read len for onfi param page", " - ftrace: Fix UAF when lookup kallsym after ftrace disabled", " - dm: lock limits when reading them", " - phy: fsl-imx8mq-usb: fix phy_tx_vboost_level_from_property()", " - net: ch9200: fix uninitialised access during mii_nway_restart", " - KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY", " - sysfb: Fix screen_info type check for VGA", " - video: screen_info: Relocate framebuffers behind PCI bridges", " - pwm: axi-pwmgen: fix missing separate external clock", " - staging: iio: ad5933: Correct settling cycles encoding per datasheet", " - mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS", " - ovl: Fix nested backing file paths", " - regulator: max14577: Add error check for max14577_read_reg()", " - remoteproc: core: Cleanup acquired resources when", " rproc_handle_resources() fails in rproc_attach()", " - remoteproc: core: Release rproc->clean_table after rproc_attach() fails", " - remoteproc: k3-m4: Don't assert reset in detach routine", " - cifs: reset connections for all channels when reconnect requested", " - cifs: update dstaddr whenever channel iface is updated", " - cifs: dns resolution is needed only for primary channel", " - smb: client: add NULL check in automount_fullpath", " - Drivers: hv: Allocate interrupt and monitor pages aligned to system page", " boundary", " - uio_hv_generic: Use correct size for interrupt and monitor pages", " - uio_hv_generic: Align ring size to system page", " - PCI: cadence-ep: Correct PBA offset in .set_msix() callback", " - PCI: dwc: ep: Correct PBA offset in .set_msix() callback", " - PCI: Add ACS quirk for Loongson PCIe", " - PCI: Fix lock symmetry in pci_slot_unlock()", " - PCI: dw-rockchip: Remove PCIE_L0S_ENTRY check from", " rockchip_pcie_link_up()", " - PCI: dw-rockchip: Fix PHY function call sequence in", " rockchip_pcie_phy_deinit()", " - iio: accel: fxls8962af: Fix temperature scan element sign", " - accel/ivpu: Improve buffer object logging", " - accel/ivpu: Use firmware names from upstream repo", " - accel/ivpu: Use dma_resv_lock() instead of a custom mutex", " - accel/ivpu: Fix warning in ivpu_gem_bo_free()", " - dummycon: Trigger redraw when switching consoles with deferred takeover", " - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race", " - iio: imu: inv_icm42600: Fix temperature calculation", " - iio: adc: ad7944: mask high bits on direct read", " - iio: adc: ti-ads1298: Kconfig: add kfifo dependency to fix module build", " - iio: adc: ad7606_spi: fix reg write value mask", " - ACPICA: fix acpi operand cache leak in dswstate.c", " - ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9", " - clocksource: Fix the CPUs' choice in the watchdog per CPU verification", " - power: supply: collie: Fix wakeup source leaks on device unbind", " - mmc: Add quirk to disable DDR50 tuning", " - ACPICA: Avoid sequence overread in call to strncmp()", " - ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change", " - ASoC: intel/sdw_utils: Assign initial value in", " asoc_sdw_rt_amp_spk_rtd_init()", " - ACPI: bus: Bail out if acpi_kobj registration fails", " - ACPI: Add missing prototype for non CONFIG_SUSPEND/CONFIG_X86 case", " - ACPICA: fix acpi parse and parseext cache leaks", " - ACPICA: Apply pack(1) to union aml_resource", " - ALSA: hda: cs35l41: Fix swapped l/r audio channels for Acer Helios", " laptops", " - power: supply: bq27xxx: Retrieve again when busy", " - pmdomain: core: Reset genpd->states to avoid freeing invalid data", " - ACPICA: utilities: Fix overflow check in vsnprintf()", " - platform-msi: Add msi_remove_device_irq_domain() in", " platform_device_msi_free_irqs_all()", " - ASoC: tegra210_ahub: Add check to of_device_get_match_data()", " - Make 'cc-option' work correctly for the -Wno-xyzzy pattern", " - gpiolib: of: Add polarity quirk for s5m8767", " - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn()", " - power: supply: max17040: adjust thermal channel scaling", " - net: macb: Check return value of dma_set_mask_and_coherent()", " - net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices", " - tipc: use kfree_sensitive() for aead cleanup", " - f2fs: use vmalloc instead of kvmalloc in .init_{,de}compress_ctx", " - bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()", " - Bluetooth: btusb: Add new VID/PID 13d3/3584 for MT7922", " - i2c: designware: Invoke runtime suspend on quick slave re-registration", " - wifi: mt76: mt7996: drop fragments with multicast or broadcast RA", " - emulex/benet: correct command version selection in be_cmd_get_stats()", " - Bluetooth: btusb: Add new VID/PID 13d3/3630 for MT7925", " - wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R", " - wifi: mt76: mt7921: add 160 MHz AP for mt7922 device", " - wifi: mt76: mt7925: introduce thermal protection", " - wifi: mac80211: validate SCAN_FLAG_AP in scan request during MLO", " - sctp: Do not wake readers in __sctp_write_space()", " - libbpf/btf: Fix string handling to support multi-split BTF", " - cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs", " - i2c: tegra: check msg length in SMBUS block read", " - i2c: npcm: Add clock toggle recovery", " - clk: qcom: gcc-x1e80100: Set FORCE MEM CORE for UFS clocks", " - net: dlink: add synchronization for stats update", " - wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET", " - wifi: ath12k: fix a possible dead lock caused by ab->base_lock", " - wifi: ath11k: Fix QMI memory reuse logic", " - wifi: rtw89: leave idle mode when setting WEP encryption for AP mode", " - tcp: always seek for minimal rtt in tcp_rcv_rtt_update()", " - tcp: remove zero TCP TS samples for autotuning", " - tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows", " - tcp: add receive queue awareness in tcp_rcv_space_adjust()", " - x86/sgx: Prevent attempts to reclaim poisoned pages", " - ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT", " - net: page_pool: Don't recycle into cache on PREEMPT_RT", " - xfrm: validate assignment of maximal possible SEQ number", " - net: atlantic: generate software timestamp just before the doorbell", " - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name()", " - pinctrl: armada-37xx: propagate error from", " armada_37xx_gpio_get_direction()", " - bpf: Pass the same orig_call value to trampoline functions", " - net: stmmac: generate software timestamp just before the doorbell", " - pinctrl: armada-37xx: propagate error from", " armada_37xx_pmx_gpio_set_direction()", " - libbpf: Check bpf_map_skeleton link for NULL", " - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get()", " - net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info", " - net: vertexcom: mse102x: Return code for mse102x_rx_pkt_spi", " - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn()", " - wifi: mac80211: do not offer a mesh path if forwarding is disabled", " - clk: rockchip: rk3036: mark ddrphy as critical", " - hid-asus: check ROG Ally MCU version and warn", " - wifi: iwlwifi: mvm: fix beacon CCK flag", " - f2fs: fix to bail out in get_new_segment()", " - netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX", " - libbpf: Add identical pointer detection to btf_dedup_is_equiv()", " - scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64", " commands", " - scsi: smartpqi: Add new PCI IDs", " - iommu/amd: Ensure GA log notifier callbacks finish running before module", " unload", " - wifi: iwlwifi: pcie: make sure to lock rxq->read", " - wifi: rtw89: 8922a: fix TX fail with wrong VCO setting", " - wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled", " - netdevsim: Mark NAPI ID on skb in nsim_rcv", " - bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index", " - wifi: mac80211: VLAN traffic in multicast path", " - Revert \"mac80211: Dynamically set CoDel parameters per station\"", " - wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0", " - net: bridge: mcast: update multicast contex when vlan state is changed", " - net: bridge: mcast: re-implement br_multicast_{enable, disable}_port", " functions", " - vxlan: Do not treat dst cache initialization errors as fatal", " - bnxt_en: Remove unused field \"ref_count\" in struct bnxt_ulp", " - wifi: ath12k: using msdu end descriptor to check for rx multicast", " packets", " - net: ethernet: ti: am65-cpsw: handle -EPROBE_DEFER", " - software node: Correct a OOB check in software_node_get_reference_args()", " - isofs: fix Y2038 and Y2156 issues in Rock Ridge TF entry", " - pinctrl: mcp23s08: Reset all pins to input at probe", " - wifi: ath12k: fix failed to set mhi state error during reboot with", " hardware grouping", " - scsi: lpfc: Use memcpy() for BIOS version", " - sock: Correct error checking condition for (assign|release)_proto_idx()", " - i40e: fix MMIO write access to an invalid page in i40e_clear_hw", " - ixgbe: Fix unreachable retry logic in combined and byte I2C write", " functions", " - RDMA/hns: initialize db in update_srq_db()", " - ice: fix check for existing switch rule", " - usbnet: asix AX88772: leave the carrier control to phylink", " - f2fs: fix to set atomic write status more clear", " - bpf, sockmap: Fix data lost during EAGAIN retries", " - net: ethernet: cortina: Use TOE/TSO on all TCP", " - octeontx2-pf: Add error log forcn10k_map_unmap_rq_policer()", " - wifi: ath11k: determine PM policy based on machine model", " - wifi: ath12k: fix link valid field initialization in the monitor Rx", " - wifi: ath12k: fix incorrect CE addresses", " - wifi: ath12k: Pass correct values of center freq1 and center freq2 for", " 160 MHz", " - fbcon: Make sure modelist not set on unregistered console", " - watchdog: da9052_wdt: respect TWDMIN", " - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value", " - ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY", " - tee: Prevent size calculation wraparound on 32-bit kernels", " - Revert \"bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices", " first\"", " - fs/xattr.c: fix simple_xattr_list()", " - platform/x86/amd: pmc: Clear metrics table at start of cycle", " - platform/x86/amd: pmf: Prevent amd_pmf_tee_deinit() from running twice", " - platform/x86: dell_rbu: Fix list usage", " - platform/x86: dell_rbu: Stop overwriting data buffer", " - powerpc/vdso: Fix build of VDSO32 with pcrel", " - powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH", " recovery", " - io_uring/kbuf: don't truncate end buffer for multiple buffer peeks", " - io_uring: fix task leak issue in io_wq_create()", " - drivers/rapidio/rio_cm.c: prevent possible heap overwrite", " - platform/loongarch: laptop: Get brightness setting from EC on probe", " - platform/loongarch: laptop: Unregister generic_sub_drivers on exit", " - platform/loongarch: laptop: Add backlight power control support", " - LoongArch: vDSO: Correctly use asm parameters in syscall wrappers", " - LoongArch: Avoid using $r0/$r1 as \"mask\" for csrxchg", " - LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset()", " - jffs2: check that raw node were preallocated before writing summary", " - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places", " - cifs: deal with the channel loading lag while picking channels", " - cifs: serialize other channels when query server interfaces is pending", " - cifs: do not disable interface polling on failure", " - smb: improve directory cache reuse for readdir operations", " - scsi: storvsc: Increase the timeouts to storvsc_timeout", " - scsi: s390: zfcp: Ensure synchronous unit_add", " - nvme: always punt polled uring_cmd end_io work to task_work", " - net_sched: sch_sfq: reject invalid perturb period", " - net: clear the dst when changing skb protocol", " - mm: close theoretical race where stale TLB entries could linger", " - udmabuf: use sgtable-based scatterlist wrappers", " - x86/virt/tdx: Avoid indirect calls to TDX assembly functions", " - selftests/x86: Add a test to detect infinite SIGTRAP handler loop", " - ksmbd: fix null pointer dereference in destroy_previous_session", " - platform/x86: ideapad-laptop: use usleep_range() for EC polling", " - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len", " - platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL", " - sched_ext, sched/core: Don't call scx_group_set_weight() prematurely", " from sched_create_group()", " - atm: Revert atm_account_tx() if copy_from_iter_full() fails.", " - Input: sparcspkr - avoid unannotated fall-through", " - arm64: Restrict pagetable teardown to avoid false warning", " - ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound", " card", " - ALSA: hda/intel: Add Thinkpad E15 to PM deny list", " - ALSA: hda/realtek - Add mute LED support for HP Victus 16-s1xxx and HP", " Victus 15-fa1xxx", " - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged", " - ALSA: hda/realtek: Add quirk for Asus GU605C", " - mm/hugetlb: unshare page tables during VMA split, not before", " - kbuild: rust: add rustc-min-version support function", " - erofs: remove unused trace event erofs_destroy_inode", " - nfsd: use threads array as-is in netlink interface", " - sunrpc: handle SVC_GARBAGE during svc auth processing as auth error", " - drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()`", " - Kunit to check the longest symbol length", " - x86/tools: Drop duplicate unlikely() definition in insn_decoder_test.c", " - ipv6: replace ipcm6_init calls with ipcm6_init_sk", " - smb: fix secondary channel creation issue with kerberos by populating", " hostname when adding channels", " - drm/msm/disp: Correct porch timing for SDM845", " - drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate", " - drm/msm: Fix CP_RESET_CONTEXT_STATE bitfield names", " - drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE", " - drm/ssd130x: fix ssd132x_clear_screen() columns", " - ionic: Prevent driver/fw getting out of sync on devcmd(s)", " - drm/nouveau/bl: increase buffer size to avoid truncate warning", " - drm/i915/pmu: Fix build error with GCOV and AutoFDO enabled", " - hwmon: (occ) Rework attribute registration for stack usage", " - hwmon: (occ) fix unaligned accesses", " - hwmon: (ltc4282) avoid repeated register write", " - pldmfw: Select CRC32 when PLDMFW is selected", " - aoe: clean device rq_list in aoedev_downdev()", " - io_uring/sqpoll: don't put task_struct on tctx setup failure", " - net: ice: Perform accurate aRFS flow match", " - ice: fix eswitch code memory leak in reset scenario", " - workqueue: Initialize wq_isolated_cpumask in workqueue_init_early()", " - ksmbd: add free_transport ops in ksmbd connection", " - net: netmem: fix skb_ensure_writable with unreadable skbs", " - bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start()", " - bnxt_en: Add a helper function to configure MRU and RSS", " - bnxt_en: Update MRU and RSS table of RSS contexts on queue reset", " - ptp: fix breakage after ptp_vclock_in_use() rework", " - ptp: allow reading of currently dialed frequency to succeed on free-", " running clocks", " - wifi: carl9170: do not ping device which has failed to load firmware", " - mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu().", " - atm: atmtcp: Free invalid length skb in atmtcp_c_send().", " - tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen()", " behavior", " - tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer", " - tcp: fix passive TFO socket having invalid NAPI ID", " - eth: fbnic: avoid double free when failing to DMA-map FW msg", " - net: lan743x: fix potential out-of-bounds write in", " lan743x_ptp_io_event_clock_get()", " - ublk: santizize the arguments from userspace when adding a device", " - drm/xe/bmg: Update Wa_16023588340", " - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().", " - mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available", " - net: atm: add lec_mutex", " - net: atm: fix /proc/net/atm/lec handling", " - EDAC/amd64: Correct number of UMCs for family 19h models 70h-7fh", " - dt-bindings: i2c: nvidia,tegra20-i2c: Specify the required properties", " - smb: Log an error when close_all_cached_dirs fails", " - smb: client: fix first command failure during re-negotiation", " - smb: client: fix max_sge overflow in smb_extract_folioq_to_rdma()", " - perf: Fix sample vs do_exit()", " - perf: Fix cgroup state vs ERROR", " - perf/core: Fix WARN in perf_cgroup_switch()", " - arm64/ptrace: Fix stack-out-of-bounds read in", " regs_get_kernel_stack_nth()", " - scsi: elx: efct: Fix memory leak in efct_hw_parse_filter()", " - RISC-V: KVM: Fix the size parameter check in SBI SFENCE calls", " - RISC-V: KVM: Don't treat SBI HFENCE calls as NOPs", " - gpio: pca953x: fix wrong error probe return value", " - perf evsel: Missed close() when probing hybrid core PMUs", " - perf test: Directory file descriptor leak", " - gpio: mlxbf3: only get IRQ for device instance 0", " - cifs: Remove duplicate fattr->cf_dtype assignment from wsl_to_fattr()", " function", " - bpftool: Fix cgroup command to only show cgroup bpf programs", " - alloc_tag: handle module codetag load errors as module load failures", " - sched/rt: Fix race in push_rt_task", " - sched/fair: Adhere to place_entity() constraints", " - firmware: cs_dsp: Fix OOB memory read access in KUnit test", " - ASoC: amd: amd_sdw: Fix unlikely uninitialized variable use in", " create_sdw_dailinks()", " - powerpc64/ftrace: fix clobbered r15 during livepatching", " - powerpc/bpf: fix JIT code size calculation of bpf trampoline", " - s390/pci: Fix __pcilg_mio_inuser() inline assembly", " - anon_inode: raise SB_I_NODEV and SB_I_NOEXEC", " - fs: add S_ANON_INODE", " - nfsd: fix access checking for NLM under XPRTSEC policies", " - NFS: always probe for LOCALIO support asynchronously", " - media: ov08x40: Extend sleep after reset to 5 ms", " - media: rcar-vin: Fix RAW10", " - firmware: ti_sci: Convert CPU latency constraint from us to ms", " - iommu: Allow attaching static domains in iommu_attach_device_pasid()", " - mtd: rawnand: qcom: Fix last codeword read in", " qcom_param_page_type_exec()", " - dm-table: Set BLK_FEAT_ATOMIC_WRITES for target queue limits", " - iio: accel: fxls8962af: Fix temperature calculation", " - io_uring/net: only consider msg_inq if larger than 1", " - iio: adc: ad7173: fix compiling without gpiolib", " - iio: adc: ad7606: fix raw read for 18-bit chips", " - power: supply: gpio-charger: Fix wakeup source leaks on device unbind", " - EDAC/igen6: Skip absent memory controllers", " - ALSA: hda/realtek: Add support for Acer Helios Laptops using CS35L41 HDA", " - drm/amd/display: disable DPP RCG before DPP CLK enable", " - drm/bridge: select DRM_KMS_HELPER for AUX_BRIDGE", " - drm/amdgpu/gfx6: fix CSIB handling", " - media: imx-jpeg: Check decoding is ongoing for motion-jpeg", " - drm/rockchip: inno-hdmi: Fix video timing HSYNC/VSYNC polarity setting", " for rk3036", " - drm/dp: add option to disable zero sized address only transactions.", " - sunrpc: update nextcheck time when adding new cache entries", " - drm/amdgpu: Fix API status offset for MES queue reset", " - drm/amd/display: DCN32 null data check", " - drm/xe: Fix CFI violation when accessing sysfs files", " - drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling", " disable_irq()", " - workqueue: Fix race condition in wq->stats incrementation", " - drm/panel/sharp-ls043t1le01: Use _multi variants", " - exfat: fix double free in delayed_free", " - drm/bridge: anx7625: enable HPD interrupts", " - drm/panthor: Don't update MMU_INT_MASK in panthor_mmu_irq_handler()", " - drm/bridge: anx7625: change the gpiod_set_value API", " - exfat: do not clear volume dirty flag during sync", " - drm/amdkfd: Drop workaround for GC v9.4.3 revID 0", " - drm/amdgpu/gfx11: fix CSIB handling", " - media: nuvoton: npcm-video: Fix stuck due to no video signal error", " - drm/nouveau: fix hibernate on disabled GPU", " - media: i2c: imx334: Enable runtime PM before sub-device registration", " - drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1", " - drm/nouveau/gsp: fix rm shutdown wait condition", " - drm/msm/hdmi: add runtime PM calls to DDC transfer function", " - media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition", " - drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit()", " - media: verisilicon: Enable wide 4K in AV1 decoder", " - drm/amd/display: Skip to enable dsc if it has been off", " - drm/amdgpu: Add basic validation for RAS header", " - dlm: use SHUT_RDWR for SCTP shutdown", " - drm/msm/a6xx: Increase HFI response timeout", " - drm/amd/display: Do Not Consider DSC if Valid Config Not Found", " - media: i2c: imx334: Fix runtime PM handling in remove function", " - drm/amdgpu/gfx10: fix CSIB handling", " - drm: panel-orientation-quirks: Add ZOTAC Gaming Zone", " - media: ccs-pll: Better validate VT PLL branch", " - media: uapi: v4l: Change V4L2_TYPE_IS_CAPTURE condition", " - drm/amd/display: fix zero value for APU watermark_c", " - drm/ttm/tests: fix incorrect assert in ttm_bo_unreserve_bulk()", " - drm/amdgpu/gfx7: fix CSIB handling", " - ext4: ext4: unify EXT4_EX_NOCACHE|NOFAIL flags in", " ext4_ext_remove_space()", " - jfs: fix array-index-out-of-bounds read in add_missing_indices", " - media: ti: cal: Fix wrong goto on error path", " - drm/xe/vf: Fix guc_info debugfs for VFs", " - drm/amd/display: Correct SSC enable detection for DCN351", " - drm/amd/display: Fix Vertical Interrupt definitions for dcn32, dcn401", " - media: cec: extron-da-hd-4k-plus: Fix Wformat-truncation", " - media: rkvdec: Initialize the m2m context before the controls", " - drm/amdgpu: fix MES GFX mask", " - drm/amdgpu: Disallow partition query during reset", " - sunrpc: fix race in cache cleanup causing stale nextcheck time", " - ext4: prevent stale extent cache entries caused by concurrent get", " es_cache", " - drm/amdgpu/gfx8: fix CSIB handling", " - drm/amdgpu/gfx9: fix CSIB handling", " - drm/amd/display: Fix VUpdate offset calculations for dcn401", " - jfs: Fix null-ptr-deref in jfs_ioc_trim", " - drm/amd/pm: Reset SMU v13.0.x custom settings", " - drm/amd/display: Correct prefetch calculation", " - drm/amd/display: Restructure DMI quirks", " - media: renesas: vsp1: Fix media bus code setup on RWPF source pad", " - drm/msm/dpu: don't select single flush for active CTL blocks", " - drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB", " - media: tc358743: ignore video while HPD is low", " - media: platform: exynos4-is: Add hardware sync wait to", " fimc_is_hw_change_mode()", " - media: i2c: imx334: update mode_3840x2160_regs array", " - nios2: force update_mmu_cache on spurious tlb-permission--related", " pagefaults", " - media: rcar-vin: Fix stride setting for RAW8 formats", " - drm/amdgpu: Add indirect L1_TLB_CNTL reg programming for VFs", " - drm/xe/uc: Remove static from loop variable", " - media: qcom: venus: Fix uninitialized variable warning", " - drm/panel: simple: Add POWERTIP PH128800T004-ZZA01 panel entry", " - Bluetooth: btusb: Add RTL8851BE device 0x0bda:0xb850", " - Bluetooth: btmrvl_sdio: Fix wakeup source leaks on device unbind", " - Bluetooth: btmtksdio: Fix wakeup source leaks on device unbind", " - i2c: pasemi: Enable the unjam machine", " - i2c: pasemi: Add registers bits and switch to BIT()", " - clk: qcom: gcc: Set FORCE_MEM_CORE_ON for gcc_ufs_axi_clk for 8650/8750", " - net: phy: mediatek: do not require syscon compatible for pio property", " - net/mlx5: HWS, fix counting of rules in the matcher", " - wifi: rtw88: rtw8822bu VID/PID for BUFFALO WI-U2-866DM", " - ipmi:ssif: Fix a shutdown race", " - rtla: Define __NR_sched_setattr for LoongArch", " - wifi: iwlwifi: dvm: pair transport op-mode enter/leave", " - net/mlx5: HWS, Fix IP version decision", " - vxlan: Add RCU read-side critical sections in the Tx path", " - wifi: ath12k: correctly handle mcast packets for clients", " - wifi: ath12k: make assoc link associate first", " - wifi: rtw88: Set AMPDU factor to hardware for RTL8814A", " - wifi: ath12k: Fix incorrect rates sent to firmware", " - wifi: ath12k: Fix the enabling of REO queue lookup table feature", " - wifi: ath12k: Fix memory leak due to multiple rx_stats allocation", " - net/mlx5: HWS, Harden IP version definer checks", " - watchdog: stm32: Fix wakeup source leaks on device unbind", " - i3c: mipi-i3c-hci: Fix handling status of i3c_hci_irq_handler()", " - platform/x86/amd: pmf: Use device managed allocations", " - io_uring/rsrc: validate buffer count with offset for cloning", " - firmware: cs_dsp: Fix OOB memory read access in KUnit test (ctl cache)", " - firmware: cs_dsp: Fix OOB memory read access in KUnit test (wmfw info)", " - tracing: Fix regression of filter waiting a long time on RCU", " synchronization", " - x86/its: move its_pages array to struct mod_arch_specific", " - io_uring/net: always use current transfer count for buffer put", " - drm/msm/dp: Disable wide bus support for SDM845", " - Octeontx2-pf: Fix Backpresure configuration", " - tools: ynl: parse extack for sub-messages", " - tools: ynl: fix mixing ops and notifications on one socket", " - KVM: arm64: VHE: Synchronize restore of host debug registers", " - perf/x86/intel: Fix crash in icl_update_topdown_event()", " - EDAC/igen6: Fix NULL pointer dereference", " - dm-table: check BLK_FEAT_ATOMIC_WRITES inside limits_lock", " - tracing: Do not free \"head\" on error path of", " filter_free_subsystem_filters()", " - mtd: spinand: Use more specific naming for the (single) read from cache", " ops", " - mtd: spinand: Use more specific naming for the (dual output) read from", " cache ops", " - mtd: spinand: Use more specific naming for the (dual IO) read from cache", " ops", " - mtd: spinand: Use more specific naming for the (quad output) read from", " cache ops", " - mtd: spinand: Use more specific naming for the (quad IO) read from cache", " ops", " - mtd: spinand: winbond: Prevent unsupported frequencies on dual/quad I/O", " variants", " - PCI: pciehp: Ignore belated Presence Detect Changed caused by DPC", " - Revert \"drm/amd/display: Fix VUpdate offset calculations for dcn401\"", " - drm/i915: fix build error some more", " - bridge: mcast: Fix use-after-free during router port configuration", " - perf/core: Fix the WARN_ON_ONCE is out of lock protected region", " - kallsyms: fix build without execinfo", " - ata: ahci: Use correct DMI identifier for ASUSPRO-D840SA LPM quirk", " - smb: client: fix warning when reconnecting channel", " - tools/hv: fcopy: Fix irregularities with size of ring buffer", " - Upstream stable to v6.12.35, v6.15.4", "", " * CVE-2025-39682", " - tls: fix handling of zero-length records on the rx_list", "", " * CVE-2025-38541", " - wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init()", "", " * CVE-2025-38477", " - net/sched: sch_qfq: Fix race condition on qfq_aggregate", " - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in", " qfq_delete_class", "", " * CVE-2025-38500", " - xfrm: interface: fix use-after-free after changing collect_md xfrm", " interface", "", " * CVE-2025-38617", " - net/packet: fix a race in packet_set_ring() and packet_notifier()", "", " * CVE-2025-38618", " - vsock: Do not allow binding to VMADDR_PORT_ANY", "", " * Packaging resync (LP: #1786013)", " - [Packaging] resync git-ubuntu-log", "" ], "package": "linux", "version": "6.14.0-34.34", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2123945, 2103415, 2122527, 2122554, 2121150, 2116908, 2104911, 2121257, 2122072, 2121149, 2122072, 2121266, 2120812, 1786013 ], "author": "Stefan Bader ", "date": "Tue, 16 Sep 2025 15:17:57 +0200" } ], "notes": "linux-modules-6.14.0-35-generic version '6.14.0-35.35' (source package linux version '6.14.0-35.35') was added. linux-modules-6.14.0-35-generic version '6.14.0-35.35' has the same source package name, linux, as removed package linux-modules-6.14.0-33-generic. As such we can use the source package version of the removed package, '6.14.0-33.33', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false } ], "snap": [] }, "removed": { "deb": [ { "name": "linux-image-6.14.0-33-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "6.14.0-33.33", "version": "6.14.0-33.33" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-modules-6.14.0-33-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.14.0-33.33", "version": "6.14.0-33.33" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 25.04 plucky image from release image serial 20251001 to 20251030", "from_series": "plucky", "to_series": "plucky", "from_serial": "20251001", "to_serial": "20251030", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }