-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 30 Dec 2025 23:20:29 +0100 Source: linux Binary: linux-doc linux-doc-6.1 linux-headers-6.1.0-42-common linux-headers-6.1.0-42-common-rt linux-source linux-source-6.1 linux-support-6.1.0-42 Architecture: all Version: 6.1.159-1 Distribution: bookworm Urgency: medium Maintainer: all Build Daemon (x86-grnet-02) Changed-By: Salvatore Bonaccorso Description: linux-doc - Linux kernel specific documentation (meta-package) linux-doc-6.1 - Linux kernel specific documentation for version 6.1 linux-headers-6.1.0-42-common - Common header files for Linux 6.1.0-42 linux-headers-6.1.0-42-common-rt - Common header files for Linux 6.1.0-42-rt linux-source - Linux kernel source (meta-package) linux-source-6.1 - Linux kernel source for version 6.1 with Debian patches linux-support-6.1.0-42 - Support files for Linux 6.1 Closes: 919350 1106411 1114557 1119232 1120602 1120680 Changes: linux (6.1.159-1) bookworm; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.159 - net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083) - perf: Have get_perf_callchain() return NULL if crosstask and user are set - [x86] bugs: Fix reporting of LFENCE retpoline - EDAC/mc_sysfs: Increase legacy channel support to 16 - btrfs: zoned: refine extent allocator hint selection - btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() - btrfs: always drop log root tree reference in btrfs_replay_log() - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() - arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c - mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR - dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp - xhci: dbc: Provide sysfs option to configure dbc descriptors - xhci: dbc: poll at different rate depending on data transfer activity - xhci: dbc: Allow users to modify DbC poll interval via sysfs - xhci: dbc: Improve performance by removing delay in transfer event polling. - xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive. - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event - NFSD: Fix crash in nfsd4_read_release() (CVE-2025-40324) - net: usb: asix_devices: Check return value of usbnet_get_endpoints - fbcon: Set fb_display[i]->mode to NULL when the mode is released - fbdev: atyfb: Check if pll_ops->init_pll failed - ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (CVE-2025-40211) - fbdev: bitblit: bound-check glyph index in bit_putcs* (CVE-2025-40322)* - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (CVE-2025-40321) - fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS - fbdev: valkyriefb: Fix reference count leak in valkyriefb_init - mptcp: restore window probe - [x86] fpu: Ensure XFD state on signal delivery - wifi: ath10k: Fix memory leak on unsupported WMI command - [arm64] drm/msm/a6xx: Fix GMU firmware parser - ALSA: usb-audio: fix control pipe direction - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319) - scsi: ufs: core: Initialize value of an attribute returned by uic cmd - bpf: Do not audit capability check in do_jit() - [arm64] ASoC: fsl_sai: fix bit order for DSD format - libbpf: Fix powerpc's stack register definition in bpf_tracing.h - usbnet: Prevents free active kevent - Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (CVE-2025-40318) - Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset - Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00 - Bluetooth: ISO: Add support for periodic adv reports processing - Bluetooth: ISO: Fix another instance of dst_type handling - [arm64,armhf] drm/etnaviv: fix flush sequence logic - [arm64] net: hns3: return error code when function fails - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland - block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL - block: make REQ_OP_ZONE_OPEN a write operation - regmap: slimbus: fix bus_context pointer in regmap init calls (CVE-2025-40317) - Reapply "Revert drm/amd/display: Enable Freesync Video Mode by default" (Closes: #1119232) - [s390x] pci: Restore IRQ unconditionally for the zPCI device - net: phy: dp83867: Disable EEE support as not implemented - mptcp: change 'first' as a parameter - mptcp: drop bogus optimization in __mptcp_check_push() - can: gs_usb: increase max interface to U8_MAX - cacheinfo: Return error code in init_of_cache_level() - cacheinfo: Check 'cache-unified' property to count cache leaves - ACPI: PPTT: Remove acpi_find_cache_levels() - ACPI: PPTT: Update acpi_find_last_cache_level() to acpi_get_cache_info() - arch_topology: Build cacheinfo from primary CPU - cacheinfo: Initialize variables in fetch_cache_info() - cacheinfo: Fix LLC is not exported through sysfs - drivers: base: cacheinfo: Update cpu_map_populated during CPU Hotplug - [arm64] tegra: Update cache properties - filemap: add a kiocb_invalidate_pages helper - filemap: add a kiocb_invalidate_post_direct_write helper - filemap: update ki_pos in generic_perform_write - fs: factor out a direct_write_fallback helper - direct_write_fallback(): on error revert the ->ki_pos update from buffered write - block: open code __generic_file_write_iter for blkdev writes - block: fix race between set_blocksize and read paths (CVE-2025-38073) - nilfs2: fix deadlock warnings caused by lock dependency in init_nilfs() - usb: gadget: f_fs: Fix epfile null pointer access after ep enable. (CVE-2025-40315) - drm/sysfb: Do not dereference NULL pointer in plane reset - drm/sched: Fix race in drm_sched_entity_select_rq() - [s390x] pci: Avoid deadlock between PCI error recovery and mlx5 crdump - [armhf] soc: aspeed: socinfo: Add AST27xx silicon IDs - bpf: Don't use %pK through printk - pinctrl: single: fix bias pull up/down handling in pin_config_set - [arm64] mmc: host: renesas_sdhi: Fix the actual clock - memstick: Add timeout to prevent indefinite waiting - cpufreq/longhaul: handle NULL policy in longhaul_exit - [arm64,armhf] irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment - ACPI: PRM: Skip handlers with NULL handler_address or NULL VA - ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[] - hwmon: (sbtsi_temp) AMD CPU extended temperature range support - power: supply: sbs-charger: Support multiple devices - [arm64] mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card - ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() - [arm64] tee: allow a driver to allocate a tee_device without a pool - nvmet-fc: avoid scheduling association deletion twice (CVE-2025-40343) - nvme-fc: use lock accessing port_state and rport state (CVE-2025-40342) - [arm64] video: backlight: lp855x_bl: Set correct EPROM start for LP8556 - tools/cpupower: fix error return value in cpupower_write_sysfs() - cpuidle: Fail cpuidle device registration if there is one already - futex: Don't leak robust_list pointer on exec race (CVE-2025-40341) - bpf: Clear pfmemalloc flag when freeing all fragments - nvme: Use non zero KATO for persistent discovery connections - uprobe: Do not emulate/sstep original instruction when ip is changed - [x86] hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex - [x86] hwmon: (dell-smm) Add support for Dell OptiPlex 7040 - [x86] tools/cpupower: Fix incorrect size in cpuidle_state_disable() - [x86] tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage - [x86] tools/power x86_energy_perf_policy: Enhance HWP enable - [x86] tools/power x86_energy_perf_policy: Prefer driver HWP limits - [armhf] mfd: stmpe: Remove IRQ domain upon removal - [armhf] mfd: stmpe-i2c: Add missing MODULE_LICENSE - drm/amd/display: add more cyan skillfish devices - drm/amd/pm: Use cached metrics data on aldebaran - drm/amd/pm: Use cached metrics data on arcturus - drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() - PCI: Disable MSI on RDC PCI to PCIe bridges - drm/amdkfd: return -ENOTTY for unsupported IOCTLs - media: pci: ivtv: Don't create fake v4l2_fh - [x86] vsyscall: Do not require X86_PF_INSTR to emulate vsyscall - net: stmmac: Check stmmac_hw_setup() in stmmac_resume() - ice: Don't use %pK through printk or tracepoints - thunderbolt: Use is_pciehp instead of is_hotplug_bridge - [powerpc*] eeh: Use result of error_detected() in uevent - [s390x] pci: Use pci_uevent_ers() in PCI recovery - bridge: Redirect to backup port when port is administratively down - net: ipv6: fix field-spanning memcpy warning in AH output - media: imon: make send_packet() more robust - drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet - char: misc: Does not request module for miscdevice with dynamic minor - net: When removing nexthops, don't call synchronize_net if it is not necessary - net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call - ALSA: usb-audio: Add validation of UAC2/UAC3 effect units - rds: Fix endianness annotation for RDS_MPATH_HASH - scsi: mpi3mr: Fix controller init failure on fault during queue creation - scsi: pm80xx: Fix race condition caused by static variables - extcon: adc-jack: Fix wakeup source leaks on device unbind - net: phy: fixed_phy: let fixed_phy_unregister free the phy_device - drm/amdkfd: fix vram allocation failure for a special case - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption - media: fix uninitialized symbol warnings - drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2) - scsi: pm8001: Use int instead of u32 to store error codes - ptp: Limit time setting of PTP clocks - dmaengine: sh: setup_xref error handling - dmaengine: mv_xor: match alloc_wc and free_wc - dmaengine: dw-edma: Set status for callback_result - [arm64] drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL - [arm64] drm/msm/dsi/phy_7nm: Fix missing initial VCO rate - drm/amdgpu: Allow kfd CRIU with no buffer objects - ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms - [arm64,armhf] media: verisilicon: Explicitly disable selection api ioctls for decoders - ALSA: usb-audio: apply quirk for MOONDROP Quark2 - net: call cond_resched() less often in __release_sock() - smsc911x: add second read of EEPROM mac when possible corruption seen - [amd64] iommu/amd: Skip enabling command/event buffers for kdump - drm/amd: add more cyan skillfish PCI ids - drm/amdgpu: don't enable SMU on cyan skillfish - drm/amdgpu: add support for cyan skillfish gpu_info - usb: gadget: f_hid: Fix zero length packet transfer - usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget (CVE-2025-40314) - [arm64] drm/msm: make sure to not queue up recovery more than once - media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer - net: phy: marvell: Fix 88e1510 downshift counter errata - wifi: mac80211: Fix HE capabilities element check - [arm64] phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 - net: sh_eth: Disable WoL if system can not suspend - media: redrat3: use int type to store negative error codes - netfilter: nf_reject: don't reply to icmp error messages - [x86] kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT - udp_tunnel: use netdev_warn() instead of netdev_WARN() - watchdog: s3c2410_wdt: Fix max_timeout being calculated larger - net/cls_cgroup: Fix task_get_classid() during qdisc run - wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device - ALSA: serial-generic: remove shared static buffer - drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl - drm/amd: Avoid evicting resources at S5 - page_pool: always add GFP_NOWARN for ATOMIC allocations - ethernet: Extend device_get_mac_address() to use NVMEM - drm/amdgpu: reject gang submissions under SRIOV - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup - scsi: lpfc: Define size of debugfs entry for xri rebalancing - allow finish_no_open(file, ERR_PTR(-E...)) - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs - [arm64,armhf] usb: xhci: plat: Facilitate using autosuspend for xhci plat devices - ipv6: np->rxpmtu race annotation - jfs: Verify inode mode when loading from disk (CVE-2025-40312) - jfs: fix uninitialized waitqueue in transaction manager - [amd64] iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot() - wifi: ath10k: Fix connection after GTK rekeying - net: intel: fm10k: Fix parameter idx set but not used - r8169: set EEE speed down ratio to 1 - [arm64] PCI: cadence: Check for the existence of cdns_pcie::ops before using it - vfio: return -ENOTTY for unsupported device feature - PCI/PM: Skip resuming to D0 if device is disconnected - NFSv4: handle ERR_GRACE on delegation recalls - NFSv4.1: fix mount hang after CREATE_SESSION failure - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing - net: bridge: Install FDB for bridge MAC on VLAN 0 - scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill() - scsi: mpt3sas: Add support for 22.5 Gbps SAS link rate - fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock - ext4: increase IO priority of fastcommit - net/mlx5e: Don't query FEC statistics when FEC is disabled - net: macb: avoid dealing with endianness in macb_set_hwaddr() - Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames - Bluetooth: SCO: Fix UAF on sco_conn_free (CVE-2025-40309) - Bluetooth: bcsp: receive data only if registered (CVE-2025-40308) - ALSA: usb-audio: add mono main switch to Presonus S1824c - exfat: limit log print for IO error - 6pack: drop redundant locking and refcounting - page_pool: Clamp pool size to max 16K pages - orangefs: fix xattr related buffer overflow... (CVE-2025-40306) - ftrace: Fix softlockup in ftrace_module_enable - ksmbd: use sock_create_kern interface to create kernel socket - smb: client: transport: avoid reconnects triggered by pending task work - ACPICA: Update dsmethod.c to get rid of unused variable warning - RDMA/irdma: Fix SD index calculation - RDMA/irdma: Remove unused struct irdma_cq fields - RDMA/irdma: Set irdma_cq cq_num field during CQ create - [arm64] RDMA/hns: Fix the modification of max_send_sge - [arm64] RDMA/hns: Fix wrong WQE data when QP wraps around - btrfs: mark dirty extent range for out of bound prealloc extents - fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink - [arm64] rtc: pcf2127: clear minute/second interrupt - [armhf] clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled - NTB: epf: Allow arbitrary BAR mapping - 9p: fix /sys/fs/9p/caches overwriting itself - 9p: sysfs_init: don't hardcode error to ENOMEM - scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS - ACPI: property: Return present device nodes only on fwnode interface - tools bitmap: Add missing asm-generic/bitsperlong.h include - tools: lib: thermal: don't preserve owner in install - tools: lib: thermal: use pkg-config to locate libnl3 - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (CVE-2025-40304) - kbuild: uapi: Strip comments before size type check - [arm64,armhf] ASoC: meson: aiu-encoder-i2s: fix bit clock polarity - ceph: add checking of wait_for_completion_killable() return value - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again - Revert "wifi: ath10k: avoid unnecessary wait for service ready message" (Closes: #1120680) - Bluetooth: hci_event: validate skb length for unknown CC opcode (CVE-2025-40301) - [armhf] net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for bcm63xx - net: vlan: sync VLAN features with lower device - [armhf] net: dsa: b53: fix resetting speed and pause on forced link - [armhf] net: dsa: b53: fix enabling ip multicast - [armhf] net: dsa: b53: stop reading ARL entries if search is done - sctp: Hold RCU read lock while iterating over address list - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331) - sctp: Hold sock lock while iterating over address list - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup - bnxt_en: Fix a possible memory leak in bnxt_ptp_init - net/mlx5e: SHAMPO, Fix skb size check for 64K pages - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297) - net: bridge: fix MST static key usage - tracing: Fix memory leaks in create_field_var() - Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() (CVE-2025-40294) - rtc: rx8025: fix incorrect register reference - smb: client: validate change notify buffer before copy - lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC - scsi: ufs: ufs-pci: Fix S0ix/S3 for Intel controllers - PM: suspend: Fix pm_suspend_target_state handling for !CONFIG_PM - extcon: adc-jack: Cleanup wakeup source only if it was enabled - drm/amdgpu: Fix function header names in amdgpu_connectors.c - [x86] drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD - [x86] drm/i915: Fix conversion between clock ticks and nanoseconds - smb: client: fix refcount leak in smb2_set_path_attr - drm/amd: Fix suspend failure with secure display TA - compiler_types: Move unused static inline functions warning to W=2 - drm/amd/pm: Disable MCLK switching on SI at high pixel clocks - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices (CVE-2025-40288) - NFS4: Fix state renewals missing after boot - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug - NFS: check if suid/sgid was cleared after a write as needed - smb/server: fix possible memory leak in smb2_read() (CVE-2025-40286) - smb/server: fix possible refcount leak in smb2_sess_setup() (CVE-2025-40285) - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down - wifi: ath11k: Add tx ack signal support for management packets - wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() - net: fec: correct rx_bytes statistic for the case SHIFT16 is set - Bluetooth: MGMT: cancel mesh send timer when hdev removed (CVE-2025-40284) - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (CVE-2025-40283) - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (CVE-2025-40282) - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion - Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions - sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto (CVE-2025-40281) - net/smc: fix mismatch between CLC header and proposal - tipc: Fix use-after-free in tipc_mon_reinit_self(). (CVE-2025-40280)). - net: mdio: fix resource leak in mdiobus_register_device() - wifi: mac80211: skip rate verification for not captured PSDUs - af_unix: Initialise scc_index in unix_add_edge(). (CVE-2025-40214)). - net/sched: act_connmark: transition to percpu stats and rcu - net_sched: act_connmark: use RCU in tcf_connmark_dump() - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279) - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278) - net/mlx5e: Fix maxrate wraparound in threshold between units - net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps - net/mlx5: Expose shared buffer registers bits and structs - net/mlx5e: Add API to query/modify SBPR and SBCM registers - net/mlx5e: Update shared buffer along with device buffer changes - net/mlx5e: Consider internal buffers size in port buffer calculations - net/mlx5e: Remove mlx5e_dbg() and msglvl support - net/mlx5e: Fix potentially misleading debug message - net_sched: limit try_bulk_dequeue_skb() batches - hsr: Fix supervision frame sending on HSRv0 - ACPI: CPPC: Check _CPC validity for only the online CPUs - ACPI: CPPC: Perform fast check switch only for online CPUs - ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs - Bluetooth: L2CAP: export l2cap_chan_hold for modules - acpi,srat: Fix incorrect device handle check for Generic Initiator - regulator: fixed: fix GPIO descriptor leak on register failure - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (CVE-2025-40277) - NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (CVE-2025-40275) - bpf: Add bpf_prog_run_data_pointers() - softirq: Add trace points for tasklet entry/exit - Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' - espintcp: fix skb leaks (CVE-2025-38057) - lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN - asm-generic: Unify uapi bitsperlong.h for arm64, riscv and loongarch - netfilter: nf_tables: reject duplicate device on updates (CVE-2025-38678) - HID: hid-ntrig: Prevent memory leak in ntrig_report_version() - NFSD: free copynotify stateid in nfs4_free_ol_stateid() (CVE-2025-40273) - ksmbd: close accepted socket when per-IP limit rejects connection - strparser: Fix signed/unsigned mismatch bug - dma-mapping: benchmark: Restore padding to ensure uABI remained consistent - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe - wifi: mac80211: reject address change while connecting - fs/proc: fix uaf in proc_readdir_de() (CVE-2025-40271) - [arm64] mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (CVE-2025-40269) - ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check - spi: Try to get ACPI GPIO IRQ earlier - btrfs: do not update last_log_commit when logging inode due to a new name - virtio-net: fix received length check in big packets (CVE-2025-40292) - scsi: ufs: core: Add a quirk to suppress link_startup_again - scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel ADL - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293) - [x86] KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated - net: netpoll: fix incorrect refcount handling causing incorrect cleanup - eventpoll: Replace rwlock with spinlock - mm, percpu: do not consider sleepable allocations atomic - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() - asm-generic: partially revert "Unify uapi bitsperlong.h for arm64, riscv and loongarch" - net/mlx5: Fix memory leak in error flow of port set buffer - net/sched: act_connmark: handle errno on tcf_idr_check_alloc - net/mlx5e: Do not update SBCM when prio2buffer command is invalid - net/mlx5e: Preserve shared buffer capacity during headroom updates - timers: Fix NULL function pointer race in timer_shutdown_sync() - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (Closes: #1114557) - mtdchar: fix integer overflow in read/write ioctls - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector - mptcp: Disallow MPTCP subflows from sockmap - ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264) - Input: cros_ec_keyb - fix an invalid memory access (CVE-2025-40263) - Input: imx_sc_key - fix memory corruption on unload (CVE-2025-40262) - Input: pegasus-notetaker - fix potential out-of-bounds access - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261) - scsi: sg: Do not sleep in atomic context (CVE-2025-40259) - scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() - mptcp: fix race condition in mptcp_schedule_work() (CVE-2025-40258) - mptcp: fix ack generation for fallback msk - mptcp: fix premature close in case of fallback - mptcp: avoid unneeded subflow-level drops - mptcp: do not fallback when OoO is present - [arm64,armhf] drm/tegra: dc: Fix reference leak in tegra_dc_couple() - drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled - xfrm: Determine inner GSO type from packet inner protocol - [arm64,armhf] gpu: host1x: Select context device based on attached IOMMU - [arm64,armhf] drm/tegra: Add call to put_pid() - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254) - nvme-multipath: fix lockdep WARN due to partition scan work - [s390x] ctcm: Fix double-kfree (CVE-2025-40253) - [x86] platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos - kernel.h: Move ARRAY_SIZE() to a separate header - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() - vsock: Ignore signal/timeout on connect() if already established - bcma: don't register devices disabled in OF - cifs: fix typo in enable_gcm_256 module parameter - scsi: core: Fix a regression triggered by scsi_host_busy() - net: tls: Cancel RX async resync request on rcd_delta overflow - mm/secretmem: fix use-after-free race in fault handler (CVE-2025-40272) - mm/mm_init: fix hash table order logging in alloc_large_system_hash() - ALSA: usb-audio: fix uac2 clock source at terminal parser - tracing/tools: Fix incorrcet short option in usage text for --threads - uio_hv_generic: Set event for all channels on the device (Closes: #1120602) - mm/truncate: unmap large folio on split failure - maple_tree: fix tracepoint string pointers - mptcp: decouple mptcp fastclose from tcp close - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257) - mm/mempool: replace kmap_atomic() with kmap_local_page() - mm/mempool: fix poisoning order>0 pages with HIGHMEM - dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups - ata: libata-scsi: Fix system suspend for a security locked drive - HID: amd_sfh: Stop sensor before starting - [armhf] pmdomain: samsung: plug potential memleak during probe - [arm64] pmdomain: arm: scmi: Fix genpd leak on provider registration failure - [armhf] pmdomain: imx: Fix reference count leak in imx_gpc_remove - filemap: cap PTE range to be created to allowed zero fill in folio_map_range() - can: kvaser_usb: leaf: Fix potential infinite loop in command parsers - can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs - can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header - Bluetooth: SMP: Fix not generating mackey and ltk when repairing - [x86] platform/x86: intel: punit_ipc: fix memory corruption - net: aquantia: Add missing descriptor cache invalidation on ATL2 - net/mlx5e: Fix validation logic in rate limiting - net: sxgbe: fix potential NULL dereference in sxgbe_rx() - drm/amdgpu: fix cyan_skillfish2 gpu info fw handling - net: atlantic: fix fragment overflow handling in RX path - mailbox: Allow direct registration to a channel - [amd64,arm64] mailbox: pcc: Use mbox_bind_client - [amd64,arm64] mailbox: pcc: Add support for platform notification handling - [amd64,arm64] mailbox: pcc: Support shared interrupt for multiple subspaces - ACPI: PCC: Add PCC shared memory region command and status bitfields - [amd64,arm64] mailbox: pcc: Check before sending MCTP PCC response ACK - [amd64,arm64] mailbox: pcc: Refactor error handling in irq handler into separate function - [amd64,arm64] mailbox: pcc: don't zero error register - [x86] Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" - iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields - iio:common:ssp_sensors: Fix an error handling path ssp_probe() - iio: accel: bmc150: Fix irq assumption regression (Closes: #1106411) - iio: accel: fix ADXL355 startup race condition - iio: adc: ad7280a: fix ad7280_store_balance_timer() - [mips*] mm: Prevent a TLB shutdown on initial uniquification - [mips*] mm: kmalloc tlb_vpn array to avoid stack overflow - ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 - atm/fore200e: Fix possible data race in fore200e_open() - can: sja1000: fix max irq loop handling - [armhf] can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling - dm-verity: fix unreliable memory allocation - [arm64,armhf] drivers/usb/dwc3: fix PCI parent check - smb: client: fix memory leak in cifs_construct_tcon() - [x86] thunderbolt: Add support for Intel Wildcat Lake - firmware: stratix10-svc: fix bug in saving controller data - [arm64,armhf] serial: amba-pl011: prefer dma_mapping_error() over explicit address checking - usb: cdns3: Fix double resource release in cdns3_pci_probe - usb: gadget: f_eem: Fix memory leak in eem_unwrap - usb: storage: Fix memory leak in USB bulk transport - USB: storage: Remove subclass and protocol overrides from Novatek quirk - usb: storage: sddr55: Reject out-of-bound new_pba - usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer - [arm64,armhf] usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths - USB: serial: ftdi_sio: add support for u-blox EVK-M101 - USB: serial: option: add support for Rolling RW101R-GL - drm/amd/display: Check NULL before accessing - libceph: fix potential use-after-free in have_mon_and_osd_map() - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() - libceph: replace BUG_ON with bounds check for map->max_osd - nfsd: Replace clamp_t in nfsd4_get_drc_mem() - net: macb: fix unregister_netdev call order in macb_remove() (CVE-2025-39805) - mptcp: fix duplicate reset on fastclose - mptcp: Fix proto fallback detection with BPF - staging: rtl8712: Remove driver using deprecated API wext - ksmbd: fix use-after-free in session logoff (CVE-2025-37899) - usb: typec: ucsi: psy: Set max current to zero when disconnected - usb: udc: Add trace event for usb_gadget_set_state - usb: gadget: udc: fix use-after-free in usb_gadget_state_work - scsi: pm80xx: Set phy->enable_completion only when we - [arm64] i2c: xgene-slimpro: Migrate to use generic PCC shmem related macros - HID: core: Harden s32ton() against conversion to 0 bits . [ Ben Hutchings ] * tools/hv: Make the sample hv_get_dhcp_info script more useful * hyperv-daemons: Install the sample network info scripts (Closes: #919350) Checksums-Sha1: 581ac319f0dee5221fc647aa1571a2ba3d8c9684 37136300 linux-doc-6.1_6.1.159-1_all.deb 9c9f4406b39a45f994bfc11bb18c1561e9b0d190 1100 linux-doc_6.1.159-1_all.deb 6a8a4035eed46713153e0073588dc5c04d047137 8618572 linux-headers-6.1.0-42-common-rt_6.1.159-1_all.deb 4f77e1a4908039e4b18c093f5d94e08e503901ae 10272148 linux-headers-6.1.0-42-common_6.1.159-1_all.deb ff92532754863c128779ef2fe1a06f29ea438b53 138925016 linux-source-6.1_6.1.159-1_all.deb aa084046f4984f15251dac0b42887a1656a71cab 1092 linux-source_6.1.159-1_all.deb 7d1a308ef66eddf8a318d3d010bef309786c166d 1117456 linux-support-6.1.0-42_6.1.159-1_all.deb 56e7bb2be0da65aa93dd9b6aa111237ea13f63a0 13517 linux_6.1.159-1_all-buildd.buildinfo Checksums-Sha256: 279d56ff8e14b8af8aff601a2ccb63a496d1ee2a320532b55871a044fda5f9c7 37136300 linux-doc-6.1_6.1.159-1_all.deb 332d6bf0282bc8f6a9e0f0591495d0920aced0de829cb9af79528e3b1cee5531 1100 linux-doc_6.1.159-1_all.deb 7bfde1bc71ec4e5df05dede36e7d7a122dba56360a7180342747b3bb5ed54baa 8618572 linux-headers-6.1.0-42-common-rt_6.1.159-1_all.deb bbc77491f9590fb0571f7c1d9bd414264907e00ce48898f46ee4a1c1b2355d0c 10272148 linux-headers-6.1.0-42-common_6.1.159-1_all.deb 1602a8696f1e609a0f374fe5ee4119e804b6ac48b5fe2154164c1f3458fb3ea2 138925016 linux-source-6.1_6.1.159-1_all.deb 0feb8b6b06177c110a1e0b806ab86cb1dd738d0ea1fd9a5d6a2458955ecceb17 1092 linux-source_6.1.159-1_all.deb 453b137fc3c19d58ce8054ae7027d8f7bf09fa099b49bdba261f52f2149cf28f 1117456 linux-support-6.1.0-42_6.1.159-1_all.deb 4671becb83bdaf5505b4d62d0a6bdf35f975f089a7f4c10e66585dde7b4bf6f4 13517 linux_6.1.159-1_all-buildd.buildinfo Files: feab4e8f1ea68fa79e760145fac28e50 37136300 doc optional linux-doc-6.1_6.1.159-1_all.deb 728948a262aceae25306ff16d01de4a4 1100 doc optional linux-doc_6.1.159-1_all.deb 8702b9c79be92a8edad5241ce972143f 8618572 kernel optional linux-headers-6.1.0-42-common-rt_6.1.159-1_all.deb 5e0caa5a2febaaa5edff0ddf79df2896 10272148 kernel optional linux-headers-6.1.0-42-common_6.1.159-1_all.deb acd4aa2924936f6055c5b421531c97cf 138925016 kernel optional linux-source-6.1_6.1.159-1_all.deb 4dcedea6306cec206c8ac602bcd765e5 1092 kernel optional linux-source_6.1.159-1_all.deb b95e257c71b07fae6c0ef8b195ca95fa 1117456 devel optional linux-support-6.1.0-42_6.1.159-1_all.deb 6d072be0015b19e9e576336dd41dc846 13517 kernel optional linux_6.1.159-1_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEj4Fym5GgeZdPqKhrJm69HxMTN+oFAmlXqbYACgkQJm69HxMT N+pJsA/9GD0iZwrn1aRbKzH1e28TwJk+1CpF51vV3SQohAFEJorQcAtLJj2nQf/z DgHiHSQQ9Z7Q5b6ogXKu5asRUInT/4Gul8NgSS3msRl75N7W+xM2KmOxroB87mHE CAsHxl1yPYz+5f3oTOnpNMwmfGiImAL2wJ7EWtsUh+gJed32RRQn3rsSP/zBjiNb NuvuWmtxZf1v405m4KXH6oHyy1qxle5uyMQ4noQ+LOV7yiyqqT2uMILTyJWjDxdx xh+7/6vEKOvstUEd7H//JEdsiaSJ6h6lwhQi7egCPUxWpcEMn9WSFNe6IcxHTX8l qhJfqoiQ2pikaBlba1QoZou3sBmPjv92vfNFmxcXHb6MfkOPfkmPT2JNU50G0iVW ebWsU6xVGxVqxz1HkYmZjAPgZCD86UxueczQjhN7TA/rRGFI+mo3h56cnnNK7bfL 9G45lSPsrvw5jw+om2OH/4y9rMly6UXzRKULcrGZCq+7nd79nvGXXuGKkZykLgPy p0TwPmYbHJFY4U2Nga7HLsIk+qA7KMqqViueEudw51lQEx3Sd9D25fL++EXb9m4U Nml4jeXaVVszn41c2Pkv+A3aP5e1uJNGYgxb16Jj8DqW3InMsBxr+4TKjwHV7uxh uydZNeS1D6fXi4SwIgpjm9SqxiUxjTFT4tERo2d8tPkF+h6SEb0= =OBeb -----END PGP SIGNATURE-----