* Bionic update: upstream stable patchset 2022-04-13 (LP: #1968932) // CVE- url: https://ubuntu.com/security/CVE-2022-23041 - xen/gnttab: fix gnttab_end_foreign_access() without page specified * Bionic update: upstream stable patchset 2023-01-20 (LP: #2003596) // CVE- url: https://ubuntu.com/security/CVE-2022-49850 - nilfs2: fix deadlock in nilfs_count_free_blocks() * CVE-url: https://ubuntu.com/security/CVE-2024-42305 - ext4: check dot and dotdot of dx_root before making dir indexed * CVE-url: https://ubuntu.com/security/CVE-2024-53168 - sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket * CVE-url: https://ubuntu.com/security/CVE-2024-26915 - drm/amdgpu: Add check to prevent IH overflow - drm/amdgpu: Reset IH OVERFLOW_CLEAR bit * CVE-url: https://ubuntu.com/security/CVE-2024-56770 - net/sched: netem: account for backlog updates from child qdisc - netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() * Bionic update: upstream stable patchset 2022-01-14 (LP: #1957957) // CVE- url: https://ubuntu.com/security/CVE-2021-47587 - net: systemport: Add global locking for descriptor lifecycle * Bionic update: upstream stable patchset 2021-06-01 (LP: #1930472) // CVE- url: https://ubuntu.com/security/CVE-2021-46959 - spi: Fix use-after-free with devm_spi_alloc_* * CVE-url: https://ubuntu.com/security/CVE-2024-26689 - ceph: prevent use-after-free in encode_cap_msg() * CVE-url: https://ubuntu.com/security/CVE-2024-53066 - nfs: Fix KMSAN warning in decode_getfattr_attrs() * CVE-url: https://ubuntu.com/security/CVE-2024-49944 - sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start * CVE-url: https://ubuntu.com/security/CVE-2024-50237 - wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower * CVE-url: https://ubuntu.com/security/CVE-2024-46780 - nilfs2: protect references to superblock parameters exposed in sysfs * CVE-url: https://ubuntu.com/security/CVE-2024-53063 - media: dvbdev: prevent the risk of out of memory access - media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set * CVE-url: https://ubuntu.com/security/CVE-2021-47150 - net: fec: fix the potential memory leak in fec_enet_init() * CVE-url: https://ubuntu.com/security/CVE-2024-53140 - netlink: terminate outstanding dump on socket close * CVE-url: https://ubuntu.com/security/CVE-2025-21971 - net_sched: Prevent creation of classes with TC_H_ROOT * CVE-url: https://ubuntu.com/security/CVE-2023-52572 - cifs: Fix UAF in cifs_demultiplex_thread() * CVE-url: https://ubuntu.com/security/CVE-2025-37785 - ext4: fix OOB read when checking dotdot dir * Bionic update: upstream stable patchset 2021-07-14 (LP: #1936231) // CVE- url: https://ubuntu.com/security/CVE-2021-47277 - kvm: avoid speculation-based attacks from out-of-range memslot accesses * CVE-url: https://ubuntu.com/security/CVE-2022-49740 - wifi: brcmfmac: Check the count value of channel spec to prevent out-of- bounds reads * Bionic update: upstream stable patchset 2022-07-25 (LP: #1982782) // CVE- url: https://ubuntu.com/security/CVE-2022-49404 - RDMA/hfi1: Fix potential integer multiplication overflow errors * Bionic update: upstream stable patchset 2023-03-03 (LP: #2009237) // CVE- url: https://ubuntu.com/security/CVE-2022-49757 - EDAC/highbank: Fix memory leak in highbank_mc_probe() * Bionic update: upstream stable patchset 2022-07-25 (LP: #1982782) // CVE- url: https://ubuntu.com/security/CVE-2022-49395 - um: Fix out-of-bounds read in LDT setup * CVE-url: https://ubuntu.com/security/CVE-2022-49738 - f2fs: fix to do sanity check on summary info - f2fs: should put a page when checking the summary info - f2fs: fix to do sanity check on i_extra_isize in is_alive() * CVE-url: https://ubuntu.com/security/ - ipv6: Define dscp_t and stop taking ECN bits into account in fib6-rules * CVE-url: https://ubuntu.com/security/CVE-2025-21891 - ipvlan: ensure network headers are in skb linear part * CVE-url: https://ubuntu.com/security/CVE-2025-21969 - Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd * CVE-url: https://ubuntu.com/security/CVE-2025-21957 - scsi: qla1280: Fix kernel oops when debug level > 2 * CVE-url: https://ubuntu.com/security/CVE-2025-21948 - HID: appleir: Fix potential NULL dereference at raw event handle * Bionic update: upstream stable patchset 2023-04-05 (LP: #2015399) // CVE- url: https://ubuntu.com/security/CVE-2023-52989 - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region * Bionic update: upstream stable patchset 2023-04-05 (LP: #2015399) // CVE- url: https://ubuntu.com/security/CVE-2023-52932 - mm/swapfile: add cond_resched() in get_swap_pages() * Bionic update: upstream stable patchset 2023-03-03 (LP: #2009237) // CVE- url: https://ubuntu.com/security/CVE-2023-53015 - HID: betop: check shape of output reports * Bionic update: upstream stable patchset 2023-03-03 (LP: #2009237) // CVE- url: https://ubuntu.com/security/CVE-2023-52993 - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL * CVE-url: https://ubuntu.com/security/CVE-2025-21912 - gpio: rcar: Use raw_spinlock to protect register access * CVE-url: https://ubuntu.com/security/CVE-2025-21922 - ppp: Fix KMSAN uninit-value warning with bpf * CVE-url: https://ubuntu.com/security/CVE-2025-21959 - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() * Bionic update: upstream stable patchset 2023-04-05 (LP: #2015399) // CVE- url: https://ubuntu.com/security/CVE-2023-52988 - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() * CVE-url: https://ubuntu.com/security/CVE-2025-21996 - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() * CVE-url: https://ubuntu.com/security/CVE-2025-21917 - usb: renesas_usbhs: Flush the notify_hotplug_work * CVE-url: https://ubuntu.com/security/CVE-2023-53001 - drm/drm_vma_manager: Add drm_vma_node_allow_once() * CVE-url: https://ubuntu.com/security/CVE-2025-21920 - vlan: enforce underlying device type * CVE-url: https://ubuntu.com/security/CVE-2025-21904 - caif_virtio: fix wrong pointer check in cfv_probe() * Bionic update: upstream stable patchset 2021-06-23 (LP: #1933375) // CVE- url: https://ubuntu.com/security/CVE-2021-47320 - net: caif: added cfserl_release function - net: caif: add proper error handling - net: caif: fix memory leak in caif_device_notify * CVE-url: https://ubuntu.com/security/CVE-2021-47342 - ext4: fix memory leak in ext4_fill_super - ext4: fix timer use-after-free on failed mount * Bionic update: upstream stable patchset 2021-08-03 (LP: #1938824) // CVE- url: https://ubuntu.com/security/CVE-2021-47320 - nfs: fix acl memory leak of posix_acl_create() * Bionic update: upstream stable patchset 2022-01-14 (LP: #1957957) // CVE- url: https://ubuntu.com/security/CVE-2021-47602 - mac80211: track only QoS data frames for admission control * CVE-url: https://ubuntu.com/security/CVE-2021-47328 - scsi: iscsi: Fix conn use after free during resets * CVE-url: https://ubuntu.com/security/CVE-2025-21702 - pfifo_tail_enqueue: Drop new packet when sch->limit == 0 * CVE-url: https://ubuntu.com/security/CVE-2024-56658 - net: defer final 'struct net' free in netns dismantle * CVE-url: https://ubuntu.com/security/CVE-2024-50265 - ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() * CVE-url: https://ubuntu.com/security/CVE-2024-46826 - ELF: fix kernel.randomize_va_space double read * CVE-url: https://ubuntu.com/security/CVE-2025-21700 - net: sched: Disallow replacing of child qdisc from one parent to another * CVE-url: https://ubuntu.com/security/CVE-2024-50167 - be2net: fix potential memory leak in be_xmit() * CVE-url: https://ubuntu.com/security/CVE-2024-49952 - netfilter: nf_tables: prevent nf_skb_duplicated corruption * CVE-url: https://ubuntu.com/security/CVE-2024-49948 - net: add more sanity checks to qdisc_pkt_len_init()