* CVE-2025-39743 - jfs: truncate good inode pages when hard link is 0 {CVE-2025-39743} * CVE-2025-39685 - comedi: pcl726: Prevent invalid irq number {CVE-2025-39685} * CVE-2025-38713 - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() {CVE-2025-38713} * CVE-2025-38699 - scsi: bfa: Double-free fix {CVE-2025-38699} * CVE-2025-38697 - jfs: upper bound check of tree index in dbAllocAG {CVE-2025-38697} * CVE-2025-38680 - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() {CVE-2025-38680} * CVE-2025-38677 - f2fs: fix to avoid out-of-boundary access in dnode page {CVE-2025-38677} * CVE-2025-38572 - ipv6: reject malicious packets in ipv6_gso_segment() {CVE-2025-38572} * CVE-2025-38538 - dmaengine: nbpfaxi: Fix memory corruption in probe() {CVE-2025-38538} * CVE-2025-38530 - comedi: pcl812: Fix bit shift out of bounds {CVE-2025-38530} * CVE-2025-38529 - comedi: aio_iiro_16: Fix bit shift out of bounds {CVE-2025-38529} * CVE-2025-38494 - HID: core: do not bypass hid_hw_raw_request {CVE-2025-38494} * CVE-2025-38482 - comedi: das6402: Fix bit shift out of bounds {CVE-2025-38482} * CVE-2025-38428 - Input: ims-pcu - check record size in ims_pcu_flash_firmware() {CVE-2025-38428} * CVE-2025-38416 - NFC: nci: uart: Set tty->disc_data only in success path {CVE-2025-38416} * CVE-2025-38415 - Squashfs: check return result of sb_min_blocksize {CVE-2025-38415} * CVE-2025-38403 - vsock/vmci: Clear the vmci transport packet properly when initializing it {CVE-2025-38403} * CVE-2025-38286 - pinctrl: at91: Fix possible out-of-boundary access {CVE-2025-38286} * CVE-2025-38245 - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). {CVE-2025-38245} * CVE-2025-38212 - ipc: fix to protect IPCS lookups using RCU {CVE-2025-38212} * CVE-2025-38204 - jfs: fix array-index-out-of-bounds read in add_missing_indices {CVE-2025-38204} * CVE-2025-38157 - wifi: ath9k_htc: Abort software beacon handling if disabled {CVE-2025-38157} * CVE-2025-38079 - crypto: algif_hash - fix double free in hash_accept {CVE-2025-38079} * CVE-2025-38051 - smb: client: Fix use-after-free in cifs_fill_dirent {CVE-2025-38051} * CVE-2023-53676 - scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() {CVE-2023-53676} * CVE-2023-53675 - scsi: ses: Fix possible desc_ptr out-of-bounds accesses {CVE-2023-53675} * CVE-2023-53668 - ring-buffer: Fix deadloop issue on reading trace_pipe {CVE-2023-53668} * CVE-2023-53622 - gfs2: Fix possible data races in gfs2_show_options() {CVE-2023-53622} * CVE-2023-53616 - jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount {CVE-2023-53616} * CVE-2023-53608 - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() {CVE-2023-53608} * CVE-2023-53587 - ring-buffer: Sync IRQ works before buffer destruction {CVE-2023-53587} * CVE-2023-53569 - ext2: Check block size validity during mount {CVE-2023-53569} * CVE-2023-53559 - ip_vti: fix potential slab-use-after-free in decode_session6 {CVE-2023-53559} * CVE-2023-53541 - mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write {CVE-2023-53541} * CVE-2023-53521 - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() {CVE-2023-53521} * CVE-2023-53506 - udf: Do not bother merging very long extents {CVE-2023-53506} * CVE-2023-53485 - fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev {CVE-2023-53485} * CVE-2023-53484 - lib: cpu_rmap: Avoid use after free on rmap->obj array entries {CVE-2023-53484} * CVE-2023-53454 - HID: multitouch: Correct devm device reference for hidinput input_dev name {CVE-2023-53454} * CVE-2023-53322 - scsi: qla2xxx: Wait for io return on terminate rport {CVE-2023-53322} * CVE-2023-53311 - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput {CVE-2023-53311} * CVE-2023-53259 - VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF {CVE-2023-53259} * CVE-2023-53219 - media: netup_unidvb: fix use-after-free at del_timer() {CVE-2023-53219} * CVE-2023-53138 - net: caif: Fix use-after-free in cfusbl_device_notify() {CVE-2023-53138} * CVE-2023-53075 - ftrace: Fix invalid address access in lookup_rec() when index is 0 {CVE-2023-53075} * CVE-2023-53035 - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() {CVE-2023-53035} * CVE-2022-50542 - media: si470x: Fix use-after-free in si470x_int_in_callback() {CVE-2022-50542} * CVE-2022-50496 - dm cache: Fix UAF in destroy() {CVE-2022-50496} * CVE-2022-50478 - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() {CVE-2022-50478} * CVE-2022-50470 - xhci: Remove device endpoints from bandwidth list when freeing the device {CVE-2022-50470} * CVE-2022-50432 - kernfs: fix use-after-free in __kernfs_remove {CVE-2022-50432} * CVE-2022-50423 - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() {CVE-2022-50423} * CVE-2022-50419 - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times {CVE-2022-50419} * CVE-2022-50411 - ACPICA: Fix error code path in acpi_ds_call_control_method() {CVE-2022-50411} * CVE-2022-50394 - i2c: ismt: Fix an out-of-bounds bug in ismt_access() {CVE-2022-50394} * CVE-2022-50384 - staging: vme_user: Fix possible UAF in tsi148_dma_list_add {CVE-2022-50384} * CVE-2022-50333 - fs: jfs: fix shift-out-of-bounds in dbDiscardAG {CVE-2022-50333} * CVE-2022-50301 - iommu/omap: Fix buffer overflow in debugfs {CVE-2022-50301} * CVE-2022-50094 - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions {CVE-2022-50094} * CVE-2022-50022 - drivers:md:fix a potential use-after-free bug {CVE-2022-50022} * CVE-2022-49945 - hwmon: (gpio-fan) Fix array out of bounds access {CVE-2022-49945} * CVE-2022-49865 - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network {CVE-2022-49865} * CVE-2022-49775 - tcp: cdg: allow tcp_cdg_release() to be called multiple times {CVE-2022-49775} * CVE-2022-49581 - be2net: Fix buffer overflow in be_get_module_eeprom {CVE-2022-49581} * CVE-2022-49503 - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix {CVE-2022-49503} * CVE-2021-47142 - drm/amdgpu: Fix a use-after-free {CVE-2021-47142} * CVE-url: https://ubuntu.com/security/CVE-2025-38477 - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class * Focal update: v5.4.255 upstream stable release (LP: #2039440) - Bluetooth: L2CAP: Fix use-after-free * Bionic update: upstream stable patchset 2022-11-15 (LP: #1996650) - Bluetooth: L2CAP: Fix user-after-free - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() * Focal update: v5.4.253 upstream stable release (LP: #2038652) - ip6mr: Fix skb_under_panic in ip6mr_cache_report() * Focal update: v5.4.224 upstream stable release (LP: #1999273) - ipvs: use explicitly signed chars - ipvs: fix WARNING in __ip_vs_cleanup_batch() - ipvs: fix WARNING in ip_vs_app_net_cleanup() * Bionic update: upstream stable patchset 2022-10-18 (LP: #1993349) - vt: Clear selection before changing the font * Focal update: v5.4.237 upstream stable release (LP: #2023420) - fs: prevent out-of-bounds array speculation when closing a file descriptor * Focal update: v5.4.231 upstream stable release (LP: #2011226) - netlink: prevent potential spectre v1 gadgets * Bionic update: upstream stable patchset 2022-09-23 (LP: #1990698) - ALSA: bcd2000: Fix a UAF bug on the error path of probing - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() - md-raid10: fix KASAN warning - selinux: Add boundary check in put_entry() - video: fbdev: vt8623fb: Check the size of screen before memset_io() - video: fbdev: arkfb: Check the size of screen before memset_io() - video: fbdev: s3fb: Check the size of screen before memset_io() * Bionic update: upstream stable patchset 2023-02-06 (LP: #2006403) - igb: Do not free q_vector unless new one was allocated * Bionic update: upstream stable patchset 2023-01-20 (LP: #2003596) - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK - net: mdio: fix undefined behavior in bit shift for __mdiobus_register * CVE-url: https://ubuntu.com/security/CVE-2023-1989 - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition * Focal update: v5.4.225 upstream stable release (LP: #2002347) - ntfs: fix use-after-free in ntfs_attr_find() * Focal update: Focal update: v5.4.235 upstream stable release (LP: #2017706) - wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() * Miscellaneous upstream changes - debian: add control and changelog files - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - Merge branch 'master' into master-build - vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint - f2fs: return error when accessing insane flie offset - f2fs: lost matching-pair of trace in f2fs_truncate_inode_blocks - f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() - usb: vhci-hcd: Do not drop references before new references are gained - tracing: Fix oob write in trace_seq_to_buffer() - mtd: inftlcore: Add error check for inftl_read_oob() - jbd2: remove wrong sb->s_sequence check - usb: dwc3: gadget: check that event count does not exceed event buffer length - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control - Bluetooth: hci_core: Fix use-after-free in vhci_flush() - usb: xhci: Fix isochronous Ring Underrun/Overrun event handling - Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" - scsi: target: Fix WRITE_SAME No Data Buffer crash - net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too - HID: core: Harden s32ton() against conversion to 0 bits - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() - wifi: mac80211_hwsim: drop short frames - ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer - scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write