This bug was fixed in the package linux-oem-6.14 - 6.14.0-1007.7
---------------
linux-oem-6.14 (6.14.0-1007.7) noble; urgency=medium
* noble/linux-oem-6.14: 6.14.0-1007.7 -proposed tracker (LP: #2114500)
* [SRU] Add waiting latency for USB port resume (LP: #2115478)
- usb: hub: fix detection of high tier USB3 devices behind suspended hubs
* Enable AMD STX/KRK soundwire support on new Dell GhostRider platform
(LP: #2115200)
- soundwire: amd: change the log level for command response log
- soundwire: amd: serialize amd manager resume sequence during pm_prepare
- soundwire: amd: cancel pending slave status handling workqueue during
remove sequence
- soundwire: amd: fix for handling slave alerts after link is down
* intel-ish-hid keeps timeout while accessing it during suspend
(LP: #2115390)
- SAUCE: HID: intel-ish-hid: Increase ISHTP resume ack timeout to 300ms
* Enable the mute and mic-mute LEDs on HP Elitebook 6 laptops (LP: #2115198)
- ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 6 G1a
* Handle IOMMU IVRS entries with mismatched UID on AMD Strix or newer
platforms (LP: #2115174)
- iommu/amd: Allow matching ACPI HID devices without matching UIDs
* dmesg flooded with errors: amdgpu: DP AUX transfer fail:4 (LP: #2115238)
- drm/amd/display: Correct the reply value when AUX write incomplete
- drm/amd/display: Avoid flooding unnecessary info messages
* Print last reset reason into kernel log on AMD Zen platforms
(LP: #2115171)
- i2c: piix4: Make CONFIG_I2C_PIIX4 dependent on CONFIG_X86
- i2c: piix4, x86/platform: Move the SB800 PIIX4 FCH definitions to
<asm/amd/fch.h>
- platform/x86/amd/pmc: Use FCH_PM_BASE definition
- Documentation: Add AMD Zen debugging document
- x86/CPU/AMD: Print the reason for the last reset
[ Ubuntu: 6.14.0-24.24 ]
* plucky/linux: 6.14.0-24.24 -proposed tracker (LP: #2114501)
* Packaging resync (LP: #1786013)
- [Packaging] update variants
- [Packaging] update annotations scripts
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2025.06.16)
* Apple spi keyboard/trackpad not working 25.04 (LP: #2107976)
- iommu/vt-d: Restore context entry setup order for aliased devices
* Unexpected system reboot at loading GUI session on some AMD platforms
(LP: #2112462)
- drm/amdgpu/hdp4: use memcfg register to post the write for HDP flush
- drm/amdgpu/hdp5: use memcfg register to post the write for HDP flush
- drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush
- drm/amdgpu/hdp6: use memcfg register to post the write for HDP flush
- drm/amdgpu/hdp7: use memcfg register to post the write for HDP flush
* Fix ARL-U/H suspend issues (LP: #2112469)
- platform/x86/intel/pmc: Remove duplicate enum
- platform/x86:intel/pmc: Make tgl_core_generic_init() static
- platform/x86:intel/pmc: Create generic_core_init() for all platforms
- platform/x86/intel/pmc: Remove simple init functions
- platform/x86/intel/pmc: Add Arrow Lake U/H support to intel_pmc_core
driver
- platform/x86/intel/pmc: Fix Arrow Lake U/H NPU PCI ID
* [UBUNTU 24.04] s390/pci: Fix immediate re-add of PCI function after remove
(LP: #2114174)
- s390/pci: Remove redundant bus removal and disable from
zpci_release_device()
- s390/pci: Prevent self deletion in disable_slot()
- s390/pci: Allow re-add of a reserved but not yet removed device
- s390/pci: Serialize device addition and removal
* [UBUNTU 24.04] s390/pci: Fix immediate re-add of PCI function after remove
(LP: #2114174) // CVE-2025-37946
- s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has
child VFs
* [UBUNTU 24.04] s390/pci: Fix immediate re-add of PCI function after remove
(LP: #2114174) // CVE-2025-37974
- s390/pci: Fix missing check for zpci_create_device() error return
* HW accelerated video playback causes VCN timeout on VCN 4.0.5 (AMD Strix)
(LP: #2112582)
- drm/amdgpu: read back register after written for VCN v4.0.5
* kvmppc_set_passthru_irq_hv: Could not assign IRQ map traces are seen when
pci device is attached to kvm guest when "xive=off" is set (LP: #2109951)
- KVM: PPC: Book3S HV: Fix IRQ map warnings with XICS on pSeries KVM Guest
* System will restart while resuming with SATA HDD or nvme installed with
password set (LP: #2110090)
- PCI: Explicitly put devices into D0 when initializing
* VM boots slowly with large-BAR GPU Passthrough (Root Cause Fix SRU)
(LP: #2111861)
- mm: Provide address mask in struct follow_pfnmap_args
- vfio/type1: Convert all vaddr_get_pfns() callers to use vfio_batch
- vfio/type1: Catch zero from pin_user_pages_remote()
- vfio/type1: Use vfio_batch for vaddr_get_pfns()
- vfio/type1: Use consistent types for page counts
- vfio/type1: Use mapping page mask for pfnmaps
* Plucky update: v6.14.6 upstream stable release (LP: #2113881)
- Revert "rndis_host: Flag RNDIS modems as WWAN devices"
- ALSA: hda/realtek - Add more HP laptops which need mute led fixup
- ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface()
- ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset
- ASoC: renesas: rz-ssi: Use NOIRQ_SYSTEM_SLEEP_PM_OPS()
- btrfs: fix COW handling in run_delalloc_nocow()
- cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode
- drm/fdinfo: Protect against driver unbind
- EDAC/altera: Test the correct error reg offset
- EDAC/altera: Set DDR and SDMMC interrupt mask before registration
- i2c: imx-lpi2c: Fix clock count when probe defers
- pinctrl: airoha: fix wrong PHY LED mapping and PHY2 LED defines
- perf/x86/intel: Only check the group flag for X86 leader
- amd-xgbe: Fix to ensure dependent features are toggled with RX checksum
offload
- mm/memblock: pass size instead of end to memblock_set_node()
- mm/memblock: repeat setting reserved region nid if array is doubled
- mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe
- spi: tegra114: Don't fail set_cs_timing when delays are zero
- tracing: Do not take trace_event_sem in print_event_fields()
- x86/boot/sev: Support memory acceptance in the EFI stub under SVSM
- dm-integrity: fix a warning on invalid table line
- dm: always update the array size in realloc_argv on success
- drm/amdgpu: Fix offset for HDP remap in nbio v7.11
- drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS
- iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream
ids
- iommu/arm-smmu-v3: Fix pgsize_bit for sva domains
- iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57)
- platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep
cycles
- platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU
hotplug
- smb: client: fix zero length for mkdir POSIX create context
- cpufreq: Avoid using inconsistent policy->min and policy->max
- cpufreq: Fix setting policy limits when frequency tables are used
- bcachefs: Remove incorrect __counted_by annotation
- drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF
- ASoC: soc-core: Stop using of_property_read_bool() for non-boolean
properties
- ASoC: cs-amp-lib-test: Don't select SND_SOC_CS_AMP_LIB
- firmware: cs_dsp: tests: Depend on FW_CS_DSP rather then enabling it
- ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence
- Revert "UBUNTU: SAUCE: powerpc64/ftrace: fix module loading without
patchable function entries"
- pinctrl: imx: Return NULL if no group is matched and found
- powerpc/boot: Check for ld-option support
- ASoC: Intel: sof_sdw: Add NULL check in asoc_sdw_rt_dmic_rtd_init()
- iommu/arm-smmu-v3: Add missing S2FWB feature detection
- ALSA: hda/realtek - Enable speaker for HP platform
- drm/i915/pxp: fix undefined reference to
`intel_pxp_gsccs_is_ready_for_sessions'
- wifi: iwlwifi: back off on continuous errors
- wifi: iwlwifi: don't warn if the NIC is gone in resume
- wifi: iwlwifi: fix the check for the SCRATCH register upon resume
- powerpc/boot: Fix dash warning
- xsk: Fix offset calculation in unaligned mode
- net/mlx5e: Use custom tunnel header for vxlan gbp
- net/mlx5: E-Switch, Initialize MAC Address for Default GID
- net/mlx5e: TC, Continue the attr process even if encap entry is invalid
- net/mlx5e: Fix lock order in mlx5e_tx_reporter_ptpsq_unhealthy_recover
- net/mlx5: E-switch, Fix error handling for enabling roce
- accel/ivpu: Correct DCT interrupt handling
- cpufreq: Introduce policy->boost_supported flag
- cpufreq: acpi: Set policy->boost_supported
- cpufreq: ACPI: Re-sync CPU boost state on system resume
- Bluetooth: hci_conn: Fix not setting conn_timeout for Broadcast Receiver
- Bluetooth: hci_conn: Fix not setting timeout for BIG Create Sync
- Bluetooth: btintel_pcie: Avoid redundant buffer allocation
- Bluetooth: btintel_pcie: Add additional to checks to clear TX/RX paths
- Bluetooth: L2CAP: copy RX timestamp to new fragments
- net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID
- octeon_ep_vf: Resolve netdevice usage count issue
- bnxt_en: improve TX timestamping FIFO configuration
- rtase: Modify the condition used to detect overflow in
rtase_calc_time_mitigation
- net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when
advised
- net: ethernet: mtk_eth_soc: sync mtk_clks_source_name array
- pds_core: make pdsc_auxbus_dev_del() void
- pds_core: specify auxiliary_device to be created
- ice: Don't check device type when checking GNSS presence
- ice: Remove unnecessary ice_is_e8xx() functions
- ice: fix Get Tx Topology AQ command error on E830
- idpf: fix offloads support for encapsulated packets
- scsi: ufs: core: Remove redundant query_complete trace
- drm/xe/guc: Fix capture of steering registers
- pinctrl: qcom: Fix PINGROUP definition for sm8750
- nvme-pci: fix queue unquiesce check on slot_reset
- drm/tests: shmem: Fix memleak
- drm/mipi-dbi: Fix blanking for non-16 bit formats
- net: dlink: Correct endianness handling of led_mode
- net: mdio: mux-meson-gxl: set reversed bit when using internal phy
- idpf: fix potential memory leak on kcalloc() failure
- idpf: protect shutdown from reset
- igc: fix lock order in igc_ptp_reset
- net: dsa: felix: fix broken taprio gate states after clock jump
- net: ipv6: fix UDPv6 GSO segmentation with NAT
- ALSA: hda/realtek: Fix built-mic regression on other ASUS models
- bnxt_en: Fix ethtool selftest output in one of the failure cases
- bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan()
- bnxt_en: call pci_alloc_irq_vectors() after bnxt_reserve_rings()
- bnxt_en: Fix coredump logic to free allocated buffer
- bnxt_en: Fix ethtool -d byte order for 32-bit values
- nvme-tcp: fix premature queue removal and I/O failover
- nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS
- nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS
- ASoC: stm32: sai: skip useless iterations on kernel rate loop
- ASoC: stm32: sai: add a check on minimal kernel frequency
- bnxt_en: fix module unload sequence
- net: fec: ERR007885 Workaround for conventional TX
- net: hns3: store rx VLAN tag offload state for VF
- net: hns3: fix an interrupt residual problem
- net: hns3: fixed debugfs tm_qset size
- net: hns3: defer calling ptp_clock_register()
- net: vertexcom: mse102x: Fix possible stuck of SPI interrupt
- net: vertexcom: mse102x: Fix LEN_MASK
- net: vertexcom: mse102x: Add range check for CMD_RTS
- net: vertexcom: mse102x: Fix RX error handling
- accel/ivpu: Abort all jobs after command queue unregister
- accel/ivpu: Add handling of VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW
- drm/xe: Invalidate L3 read-only cachelines for geometry streams too
- platform/x86: alienware-wmi-wmax: Add support for Alienware m15 R7
- ublk: add helper of ublk_need_map_io()
- ublk: properly serialize all FETCH_REQs
- ublk: move device reset into ublk_ch_release()
- ublk: improve detection and handling of ublk server exit
- ublk: remove __ublk_quiesce_dev()
- ublk: simplify aborting ublk request
- firmware: arm_ffa: Skip Rx buffer ownership release if not acquired
- arm64: dts: imx95: Correct the range of PCIe app-reg region
- ARM: dts: opos6ul: add ksz8081 phy properties
- arm64: dts: st: Adjust interrupt-controller for stm32mp25 SoCs
- arm64: dts: st: Use 128kB size for aliased GIC400 register access on
stm32mp25 SoCs
- block: introduce zone capacity helper
- btrfs: zoned: skip reporting zone for new block group
- kernel: param: rename locate_module_kobject
- kernel: globalize lookup_or_create_module_kobject()
- drivers: base: handle module_kobject creation
- btrfs: expose per-inode stable writes flag
- btrfs: pass struct btrfs_inode to btrfs_read_locked_inode()
- btrfs: pass struct btrfs_inode to btrfs_iget_locked()
- drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp
- bcachefs: Change btree_insert_node() assertion to error
- dm: fix copying after src array boundaries
- Linux 6.14.6
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37903
- drm/amd/display: Fix slab-use-after-free in hdcp
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37904
- btrfs: fix the inode leak in btrfs_iget()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37905
- firmware: arm_scmi: Balance device refcount when destroying devices
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37906
- ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37907
- accel/ivpu: Fix locking order in ivpu_job_submit
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37908
- mm, slab: clean up slab->obj_exts always
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37933
- octeon_ep: Fix host hang issue during device reboot
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37909
- net: lan743x: Fix memleak issue when GSO enabled
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37910
- ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37894
- net: use sock_gen_put() when sk_state is TCP_TIME_WAIT
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37934
- ASoC: simple-card-utils: Fix pointer check in
graph_util_parse_link_direction
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37911
- bnxt_en: Fix out-of-bound memcpy() during ethtool -w
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37895
- bnxt_en: Fix error handling path in bnxt_init_chip()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37935
- net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37891
- ALSA: ump: Fix buffer overflow at UMP SysEx message conversion
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37912
- ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37913
- net_sched: qfq: Fix double list add in class with netem as child qdisc
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37914
- net_sched: ets: Fix double list add in class with netem as child qdisc
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37915
- net_sched: drr: Fix double list add in class with netem as child qdisc
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37916
- pds_core: remove write-after-free of client_id
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37917
- net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx
poll
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37918
- Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37919
- ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37896
- spi: spi-mem: Add fix to avoid divide error
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37920
- xsk: Fix race condition in AF_XDP generic RX path
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37921
- vxlan: vnifilter: Fix unlocked deletion of default FDB entry
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37897
- wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37898
- powerpc64/ftrace: fix module loading without patchable function entries
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37922
- book3s64/radix : Align section vmemmap start address to PAGE_SIZE
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37923
- tracing: Fix oob write in trace_seq_to_buffer()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37899
- ksmbd: fix use-after-free in session logoff
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37924
- ksmbd: fix use-after-free in kerberos authentication
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37926
- ksmbd: fix use-after-free in ksmbd_session_rpc_open
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37900
- iommu: Fix two issues in iommu_copy_struct_from_user()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37927
- iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37928
- dm-bufio: don't schedule in atomic context
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37990
- wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37901
- irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37936
- perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's
value.
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37991
- parisc: Fix double SIGFPE crash
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37929
- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37930
- drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37931
- btrfs: adjust subpage bit start based on sectorsize
* Support Sony IMX471 camera sensor for Intel IPU7 platforms (LP: #2107320)
- SAUCE: media: ipu-bridge: Support imx471 sensor
* deadlock on cpu_hotplug_lock in __accept_page() (LP: #2109543)
- mm/page_alloc: fix deadlock on cpu_hotplug_lock in __accept_page()
* Plucky fails to boot on (older) Macs (LP: #2105402)
- SAUCE: hack: efi/libstub: enable t14s boot failure hack only on arm64
* CVE-2025-37798
- sch_htb: make htb_qlen_notify() idempotent
- sch_htb: make htb_deactivate() idempotent
- sch_drr: make drr_qlen_notify() idempotent
- sch_hfsc: make hfsc_qlen_notify() idempotent
- sch_qfq: make qfq_qlen_notify() idempotent
- sch_ets: make est_qlen_notify() idempotent
- selftests/tc-testing: Add a test case for FQ_CODEL with HTB parent
- selftests/tc-testing: Add a test case for FQ_CODEL with QFQ parent
- selftests/tc-testing: Add a test case for FQ_CODEL with HFSC parent
- selftests/tc-testing: Add a test case for FQ_CODEL with DRR parent
- selftests/tc-testing: Add a test case for FQ_CODEL with ETS parent
* CVE-2025-37997
- netfilter: ipset: fix region locking in hash types
* CVE-2025-37890
- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child
qdisc
- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice
-- Kuan-Ying Lee <kuan-ying....@canonical.com> Mon, 30 Jun 2025
13:40:42 +0800
** Changed in: linux-oem-6.14 (Ubuntu Noble)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37891
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37894
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37895
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37896
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37897
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37898
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37899
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37900
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37901
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37903
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37904
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37905
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37906
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37907
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37908
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37909
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37910
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37911
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37912
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37913
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37914
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37915
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37916
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37917
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37918
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37919
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37920
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37921
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37922
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37923
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37924
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37926
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37927
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37928
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37929
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37930
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37931
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37933
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37934
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37935
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37936
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37946
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37974
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37990
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37991
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-6.14 in Ubuntu.
https://bugs.launchpad.net/bugs/2115174
Title:
Handle IOMMU IVRS entries with mismatched UID on AMD Strix or newer
platforms
Status in HWE Next:
New
Status in linux package in Ubuntu:
Fix Released
Status in linux-oem-6.11 package in Ubuntu:
Invalid
Status in linux-oem-6.14 package in Ubuntu:
Invalid
Status in linux source package in Noble:
Invalid
Status in linux-oem-6.11 source package in Noble:
Fix Released
Status in linux-oem-6.14 source package in Noble:
Fix Released
Status in linux source package in Oracular:
Won't Fix
Status in linux-oem-6.11 source package in Oracular:
Invalid
Status in linux-oem-6.14 source package in Oracular:
Invalid
Status in linux source package in Plucky:
Fix Committed
Status in linux-oem-6.11 source package in Plucky:
Invalid
Status in linux-oem-6.14 source package in Plucky:
Invalid
Status in linux source package in Questing:
Fix Released
Status in linux-oem-6.11 source package in Questing:
Invalid
Status in linux-oem-6.14 source package in Questing:
Invalid
Bug description:
[ SRU Justification ]
[ Impact ]
A BIOS upgrade has changed the IVRS DTE UID for a device that no
longer matches the UID in the SSDT and may potentially affect s0i3 on
Linux systems.
[ Test Plan ]
1. Dump IVRS table:
```
# install acpica-tools
$ sudo apt-get install --no-install-recommends --yes acpica-tools
$ sudo acpidump -o acpi.dump
$ acpixtract -a acpi.dump
$ iasl -d ivrs.dat
```
2. Search for subtable type F0 in decoded ivrs.dsl:
```
[176h 0374 001h] Subtable Type : F0 [Device Entry: ACPI HID
Named Device]
[177h 0375 002h] Device ID : 00A5
[179h 0377 001h] Data Setting (decoded below) : 40
INITPass : 0
EIntPass : 0
NMIPass : 0
Reserved : 0
System MGMT : 0
LINT0 Pass : 1
LINT1 Pass : 0
[17Ah 0378 008h] ACPI HID : "AMDI0020"
[182h 0386 008h] ACPI CID : 0000000000000000
[18Ah 0394 001h] UID Format : 02
[18Bh 0395 001h] UID Length : 04
[18Ch 0396 004h] UID : "ID01"
```
3. Locate the MHSP device from SSDT tables:
```
grep -n 'Device (MHSP)' -A4 ssdt*.dsl
ssdt34.dsl:25: Device (MHSP)
ssdt34.dsl-26- {
ssdt34.dsl-27- Name (_ADR, Zero) // _ADR: Address
ssdt34.dsl-28- Name (_HID, "MSFT0201") // _HID: Hardware ID
ssdt34.dsl-29- Name (_UID, One) // _UID: Unique ID
```
4. From IVRS the UID is "ID01" yet it's numeric 1 from SSDT, so this
system is affected.
[ Where problems could occur ]
This restore the ability to match UID correctly as before. No side
effect.
[ Other Info ]
Such BIOS upgrade may occur for Strix, Krackan, Strix Halo, and Gorgon
Point systems. Nominate for series with v6.11+ kernels.
========== original bug report ==========
A future BIOS upgrade may occur for Strix, Krackan, Strix Halo, and
Gorgon Point systems that has the potential to break s0i3 on Ubuntu.
OEMs may choose to roll this out.
This BIOS upgrade modifies the ACPI IVRS UID entry for a device from a
numeric value "1" to a string value, for example, "_SB.MHSP". The
upgrade however DOES NOT modify the matching SSDT entry, that one
remains "1".
In the current AMD Linux IOMMU driver this causes the device not to be
configured by the IOMMU. Suspending the system when this device is not
configured by the IOMMU will cause an unrecoverable page fault.
This mismatch however is intentional from the BIOS team and stems from
how the IOMMU spec is interpreted by Microsoft vs from AMD Linux IOMMU
driver. For this reason; it's going to be important to allow this to
work from Linux as well.
v6.16-rc1:
https://git.kernel.org/pub/scm/linux/kernel/git/iommu/linux.git/commit/?h=next&id=51c33f333bbf7bdb6aa2a327e3a3e4bbb2591511
---
ProblemType: Bug
ApportVersion: 2.28.1-0ubuntu3.6
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC1: ubuntu 1954 F.... wireplumber
/dev/snd/controlC0: ubuntu 1954 F.... wireplumber
/dev/snd/seq: ubuntu 1950 F.... pipewire
CasperMD5CheckMismatches: ./casper/initrd ./casper/vmlinuz
./casper/minimal.standard.live.hotfix.manifest
./casper/minimal.standard.live.hotfix.size ./casper/minimal.standard.live.size
./casper/minimal.manifest ./casper/minimal.standard.manifest
./casper/minimal.standard.size ./casper/minimal.hotfix.size
./casper/minimal.standard.live.hotfix.squashfs
./casper/minimal.standard.hotfix.squashfs ./casper/minimal.standard.hotfix.size
./casper/minimal.standard.hotfix.manifest ./casper/minimal.hotfix.squashfs
./casper/minimal.standard.live.manifest ./casper/minimal.size
./boot/grub/grub.cfg
CasperMD5CheckResult: fail
DistributionChannelDescriptor:
# This is the distribution channel descriptor for Ubuntu 24.04 for HP
# For more information see
http://wiki.ubuntu.com/DistributionChannelDescriptor
canonical-oem-stella-noble-oem-24.04b-proposed-20250605-516
DistroRelease: Ubuntu 24.04
InstallationDate: Installed on 2025-06-18 (13 days ago)
InstallationMedia: Ubuntu OEM 24.04.2 LTS "Noble Numbat" - Release amd64
(20250603)
MachineType: HP HP ZBook 8 G1as 14 inch Mobile Workstation PC
Package: linux (not installed)
ProcFB: 0 amdgpudrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-6.11.0-1024-oem
root=UUID=7cff2a62-b4d8-41cc-92d8-9079d9eb3989 ro quiet splash vt.handoff=7
ProcVersionSignature: Ubuntu 6.11.0-1024.24-oem 6.11.11
RelatedPackageVersions:
linux-restricted-modules-6.11.0-1024-oem N/A
linux-backports-modules-6.11.0-1024-oem N/A
linux-firmware 20240318.git3b128b60-0ubuntu2.14
Tags: noble
Uname: Linux 6.11.0-1024-oem x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: N/A
_MarkForUpload: True
dmi.bios.date: 05/23/2025
dmi.bios.release: 2.1
dmi.bios.vendor: HP
dmi.bios.version: X84 Ver. 01.02.01
dmi.board.name: 8E1A
dmi.board.vendor: HP
dmi.board.version: KBC Version 54.24.00
dmi.chassis.type: 10
dmi.chassis.vendor: HP
dmi.ec.firmware.release: 84.36
dmi.modalias:
dmi:bvnHP:bvrX84Ver.01.02.01:bd05/23/2025:br2.1:efr84.36:svnHP:pnHPZBook8G1as14inchMobileWorkstationPC:pvrSBKPF,SBKPFV2:rvnHP:rn8E1A:rvrKBCVersion54.24.00:cvnHP:ct10:cvr:sku1234567#ABA:
dmi.product.family: 103C_5336AN HP ZBook
dmi.product.name: HP ZBook 8 G1as 14 inch Mobile Workstation PC
dmi.product.sku: 1234567#ABA
dmi.product.version: SBKPF,SBKPFV2
dmi.sys.vendor: HP
---
ProblemType: Bug
ApportVersion: 2.28.1-0ubuntu3.6
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC1: ubuntu 1954 F.... wireplumber
/dev/snd/controlC0: ubuntu 1954 F.... wireplumber
/dev/snd/seq: ubuntu 1950 F.... pipewire
CasperMD5CheckMismatches: ./casper/initrd ./casper/vmlinuz
./casper/minimal.standard.live.hotfix.manifest
./casper/minimal.standard.live.hotfix.size ./casper/minimal.standard.live.size
./casper/minimal.manifest ./casper/minimal.standard.manifest
./casper/minimal.standard.size ./casper/minimal.hotfix.size
./casper/minimal.standard.live.hotfix.squashfs
./casper/minimal.standard.hotfix.squashfs ./casper/minimal.standard.hotfix.size
./casper/minimal.standard.hotfix.manifest ./casper/minimal.hotfix.squashfs
./casper/minimal.standard.live.manifest ./casper/minimal.size
./boot/grub/grub.cfg
CasperMD5CheckResult: fail
DistributionChannelDescriptor:
# This is the distribution channel descriptor for Ubuntu 24.04 for HP
# For more information see
http://wiki.ubuntu.com/DistributionChannelDescriptor
canonical-oem-stella-noble-oem-24.04b-proposed-20250605-516
DistroRelease: Ubuntu 24.04
InstallationDate: Installed on 2025-06-18 (13 days ago)
InstallationMedia: Ubuntu OEM 24.04.2 LTS "Noble Numbat" - Release amd64
(20250603)
MachineType: HP HP ZBook 8 G1as 14 inch Mobile Workstation PC
Package: linux (not installed)
ProcFB: 0 amdgpudrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-6.11.0-1024-oem
root=UUID=7cff2a62-b4d8-41cc-92d8-9079d9eb3989 ro quiet splash vt.handoff=7
ProcVersionSignature: Ubuntu 6.11.0-1024.24-oem 6.11.11
RelatedPackageVersions:
linux-restricted-modules-6.11.0-1024-oem N/A
linux-backports-modules-6.11.0-1024-oem N/A
linux-firmware 20240318.git3b128b60-0ubuntu2.14
Tags: noble
Uname: Linux 6.11.0-1024-oem x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: N/A
_MarkForUpload: True
dmi.bios.date: 05/23/2025
dmi.bios.release: 2.1
dmi.bios.vendor: HP
dmi.bios.version: X84 Ver. 01.02.01
dmi.board.name: 8E1A
dmi.board.vendor: HP
dmi.board.version: KBC Version 54.24.00
dmi.chassis.type: 10
dmi.chassis.vendor: HP
dmi.ec.firmware.release: 84.36
dmi.modalias:
dmi:bvnHP:bvrX84Ver.01.02.01:bd05/23/2025:br2.1:efr84.36:svnHP:pnHPZBook8G1as14inchMobileWorkstationPC:pvrSBKPF,SBKPFV2:rvnHP:rn8E1A:rvrKBCVersion54.24.00:cvnHP:ct10:cvr:sku1234567#ABA:
dmi.product.family: 103C_5336AN HP ZBook
dmi.product.name: HP ZBook 8 G1as 14 inch Mobile Workstation PC
dmi.product.sku: 1234567#ABA
dmi.product.version: SBKPF,SBKPFV2
dmi.sys.vendor: HP
To manage notifications about this bug go to:
https://bugs.launchpad.net/hwe-next/+bug/2115174/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
