This bug was fixed in the package linux-azure - 6.17.0-1015.15
---------------
linux-azure (6.17.0-1015.15) questing; urgency=medium
* questing/linux-azure: 6.17.0-1015.15 -proposed tracker (LP:
#2151080)
[ Ubuntu: 6.17.0-29.29 ]
* questing/linux: 6.17.0-29.29 -proposed tracker (LP: #2151099)
* CVE-2026-31419
- net: bonding: fix use-after-free in bond_xmit_broadcast()
* CVE-2026-31431
- crypto: algif_aead - Revert to operating out-of-place
- crypto: algif_aead - snapshot IV for async AEAD requests
- crypto: authencesn - Do not place hiseq at end of dst for out-of-place
decryption
- crypto: authencesn - Fix src offset when decrypting in-place
- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
- crypto: algif_aead - Fix minimum RX size check for decryption
* CVE-2026-31533
- net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption
* CVE-2026-31504
- net: fix fanout UAF in packet_release() via NETDEV_UP race
linux-azure (6.17.0-1014.14) questing; urgency=medium
* questing/linux-azure: 6.17.0-1014.14 -proposed tracker (LP:
#2149976)
* Enable CirrusLogic audio solution CS42L45+CS35L63 on AMD and Intel PTL
(LP: #2143104)
- [Config] azure: Enable SND_SOC_ACPI_AMD_SDCA_QUIRKS
* [Mana][Backport] net: mana: Fix use-after-free in reset service rescan
path & net: mana: Fix double destroy_workqueue on service rescan PCI path
(LP: #2146588)
- net: mana: Fix use-after-free in reset service rescan path
- net: mana: Fix double destroy_workqueue on service rescan PCI path
- net/mana: Null service_wq on setup error to prevent double destroy
- net: mana: fix use-after-free in mana_hwc_destroy_channel() by
reordering teardown
[ Ubuntu: 6.17.0-28.28 ]
* questing/linux: 6.17.0-28.28 -proposed tracker (LP: #2150051)
* Linux kernel 6.17.0-22.22 breaks amdxdna (LP: #2149766)
- Revert "iommu: disable SVA when CONFIG_X86 is set"
[ Ubuntu: 6.17.0-24.24 ]
* questing/linux: 6.17.0-24.24 -proposed tracker (LP: #2148025)
* Remount ext4 to readonly with data=journal mode may dump call trace
(LP: #2147400)
- ext4: fix stale xarray tags after writeback
* System hangs during stress-ng stack test (LP: #2137755)
- mm, swap: fix swap cache index error when retrying reclaim
* BUG: kernel NULL pointer dereference when starting VM inside a container
(LP: #2147374)
- apparmor: fix NULL pointer dereference in __unix_needs_revalidation
* BUG: kernel NULL pointer dereference in amdgpu (LP: #2144577)
- drm/amdgpu: validate the flush_gpu_tlb_pasid()
- drm/amdgpu: Fix validating flush_gpu_tlb_pasid()
* Jellyfin Desktop Flatpak doesn't work with the current AppArmor profile
(LP: #2142956)
- SAUCE: apparmor5.0.0 [53/57]: apparmor: fix af_unix local addr mediation
binding
* Fine grained network mediation was broken if v8/v9 was used (LP: #2142860)
- SAUCE: apparmor5.0.0 [29/57]: apparmor: fix fine grained inet mediation
sock_file_perm
* Enable CirrusLogic audio solution CS42L45+CS35L63 on AMD and Intel PTL
(LP: #2143104)
- ASoC: amd: acp: Add ACP7.0 match entries for cs35l56 and cs42l43
- ASoC: amd: acp: soc-acpi: add is_device_rt712_vb() helper
- ASoC: amd: acp: Sort match table into most specific first
- ASoC: amd: acp: Rename Cirrus Logic component match entries to include
link and uid
- ASoC: amd: acp: Sort Cirrus Logic match entries
- ASoC: amd: acp: Add ACP7.0 match entries for Cirrus Logic parts
- ASoC: amd: acp: Fix Kconfig dependencies for
SND_SOC_ACPI_AMD_SDCA_QUIRKS
- [Config] Enable SND_SOC_ACPI_AMD_SDCA_QUIRKS
- soundwire: amd: add clock init control function
- soundwire: amd: refactor bandwidth calculation logic
* CVE-2026-23112
- nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
* Canonical Kmod 2025 key rotation (LP: #2147447)
- [Packaging] ubuntu-compatible-signing -- make Ubuntu-Compatible-Signing
extensible
- [Packaging] ubuntu-compatible-signing -- allow consumption of positive
certs
- [Packaging] ubuntu-compatible-signing -- report the livepatch:2025 key
- [Config] prepare for Canonical Kmod key rotation
- [Packaging] ubuntu-compatible-signing -- report the kmod:2025 key
- [Packaging] ensure our cert rollups are always fresh
* Questing update: upstream stable patchset 2026-03-24 (LP: #2146193)
- mptcp: fallback earlier on simult connection
- mm: consider non-anon swap cache folios in folio_expected_ref_count()
- mptcp: ensure context reset on disconnect()
- wifi: mac80211: Discard Beacon frames to non-broadcast address
- net: phy: mediatek: fix nvmem cell reference leak in
mt798x_phy_calibration
- drm/amdgpu: Forward VMID reservation errors
- sched/fair: Small cleanup to sched_balance_newidle()
- sched/fair: Small cleanup to update_newidle_cost()
- sched/fair: Proportional newidle balance
- Revert "iommu/amd: Skip enabling command/event buffers for kdump"
- sched/proxy: Yield the donor task
- drm: nova: depend on CONFIG_64BIT
- sched/core: Add comment explaining force-idle vruntime snapshots
- mm/huge_memory: merge uniform_split_supported() and
non_uniform_split_supported()
- drm/amdgpu: don't attach the tlb fence for SI
- sched_ext: fix uninitialized ret on alloc_percpu() failure
- idpf: fix LAN memory regions command on some NVMs
- Bluetooth: MGMT: report BIS capability flags in supported settings
- powerpc/tools: drop `-o pipefail` in gcc check scripts
- net: airoha: Move net_devs registration in a dedicated routine
- net: wangxun: move PHYLINK dependency
- platform/x86/intel/pmt: Fix kobject memory leak on init failure
- bng_en: update module description
- mcb: Add missing modpost build support
- net: mdio: rtl9300: use scoped for loops
- tools/sched_ext: fix scx_show_state.py for scx_root change
- platform/x86/intel/pmt/discovery: use valid device pointer in
dev_err_probe
- net: fib: restore ECMP balance from loopback
- RDMA/mana_ib: check cqe length for kernel CQs
- drm/gem-shmem: Fix the MODULE_LICENSE() string
- kunit: Enforce task execution in {soft,hard}irq contexts
- ublk: don't pass q_id to ublk_queue_cmd_buf_size()
- ublk: implement NUMA-aware memory allocation
- ublk: scan partition in async way
- drm/xe/guc: READ/WRITE_ONCE g2h_fence->done
- IB/rxe: Fix missing umem_odp->umem_mutex unlock on error path
- hisi_acc_vfio_pci: Add .match_token_uuid callback in
hisi_acc_vfio_pci_migrn_ops
- mm, swap: do not perform synchronous discard during allocation
- clk: qcom: mmcc-sdm660: Add missing MDSS reset
- clk: qcom: Fix SM_VIDEOCC_6350 dependencies
- [Config] set CONFIG_SM_GCC_6350, CONFIG_SM_VIDEOCC_6350 to '-'
- clk: qcom: Fix dependencies of QCS_{DISP,GPU,VIDEO}CC_615
- [Config] set CONFIG_QCS_{DISP,GPU,VIDEO}CC_615 to '-'
- arm64: dts: ti: k3-am62d2-evm: Fix regulator properties
- arm64: dts: ti: k3-am62d2-evm: Fix PMIC padconfig
- arm64: dts: st: Add memory-region-names property for stm32mp257f-ev1
- arm64: dts: qcom: sm6350: Fix wrong order of freq-table-hz for UFS
- NFSD: Make FILE_SYNC WRITEs comply with spec
- nvmet: pci-epf: move DMA initialization to EPC init callback
- PCI: dwc: Add support for ELBI resource mapping
- PCI: meson: Fix parsing the DBI register region
- power: supply: max77705: Fix potential IRQ chip conflict when probing
two devices
- media: iris: Refine internal buffer reconfiguration logic for resolution
change
- LoongArch: Fix arch_dup_task_struct() for CONFIG_RANDSTRUCT
- mm/damon/tests/core-kunit: fix memory leak in
damon_test_set_filters_default_reject()
- mm/damon/tests/core-kunit: handle alloc failures on
damon_test_set_filters_default_reject()
- mm/damon/tests/core-kunit: handle alloc failures on
damos_test_filter_out()
- af_unix: don't post cmsg for SO_INQ unless explicitly asked for
- kernel/kexec: change the prototype of kimage_map_segment()
- selftests/mm: fix thread state check in uffd-unit-tests
- LoongArch: BPF: Save return address register ra to t0 before trampoline
- LoongArch: BPF: Enable trampoline-based tracing for module functions
- LoongArch: BPF: Adjust the jump offset of tail calls
- platform/x86: samsung-galaxybook: Fix problematic pointer cast
- platform/x86: alienware-wmi-wmax: Add support for new Area-51 laptops
- platform/x86: alienware-wmi-wmax: Add AWCC support for Alienware x16
- platform/x86: alienware-wmi-wmax: Add support for Alienware 16X Aurora
- drm/amdgpu/sdma6: Update SDMA 6.0.3 FW version to include UMQ protected-
fence fix
- drm/rockchip: Set VOP for the DRM DMA device
- drm/mediatek: mtk_hdmi: Fix probe device leaks
- drm/mediatek: ovl_adaptor: Fix probe device leaks
- drm/amd: Fix unbind/rebind for VCN 4.0.5
- drm/rockchip: vop2: Use OVL_LAYER_SEL configuration instead of use
win_mask calculate used layers
- drm/bridge: ti-sn65dsi83: ignore PLL_UNLOCK errors
- drm/nouveau/gsp: Allocate fwsec-sb at boot
- drm/xe/eustall: Disallow 0 EU stall property values
- drm/xe/svm: Fix a debug printout
- powercap: intel_rapl: Add support for Wildcat Lake platform
- powercap: intel_rapl: Add support for Nova Lake processors
- LoongArch: BPF: Enhance the bpf_arch_text_poke() function
- SAUCE: remove git merge section marker
- Upstream stable to v6.12.65, v6.18.4
* Questing update: upstream stable patchset 2026-03-24 (LP: #2146193) //
CVE-2025-71141
- drm/tilcdc: Fix removal actions in case of failed probe
* Questing update: upstream stable patchset 2026-03-24 (LP: #2146193) //
CVE-2025-71090
- nfsd: fix nfsd_file reference leak in nfsd4_add_rdaccess_to_wrdeleg()
* Questing update: upstream stable patchset 2026-03-24 (LP: #2146193) //
CVE-2025-71139
- kernel/kexec: fix IMA when allocation happens in CMA area
* Questing update: upstream stable patchset 2026-03-24 (LP: #2146193) //
CVE-2025-71152
- net: dsa: properly keep track of conduit reference
* Questing update: upstream stable patchset 2026-03-24 (LP: #2146193) //
CVE-2025-71142
- cpuset: fix warning when disabling remote partition
* Questing update: upstream stable patchset 2026-03-24 (LP: #2146193) //
CVE-2025-71155
- KVM: s390: Fix gmap_helper_zap_one_page() again
* Questing update: upstream stable patchset 2026-03-24 (LP: #2146193) //
CVE-2025-71134
- mm/page_alloc: change all pageblocks migrate type on coalescing
* CVE-2026-23394
- af_unix: Give up GC if MSG_PEEK intervened.
* [SRU] MIPI camera is not working after upgrading to 6.17-oem
(LP: #2145171)
- SAUCE: ACPI: respect items already in honor_dep before skipping
* ADATA SU680 causes repeated SATA resets and I/O errors on Ubuntu unless
link power management is forced to max_performance (LP: #2144060)
- ata: libata-core: disable LPM on ADATA SU680 SSD
* [SRU] Fix for i915 PSR issue on SDC panels on Intel PTL (LP: #2144637)
- drm/i915/psr: Panel Replay SU cap dpcd read return value
- drm/i915/psr: Add panel granularity information into intel_connector
- drm/i915/psr: Use SU granularity information available in
intel_connector
- drm/dp: Add definition for Panel Replay full-line granularity
- drm/i915/psr: Fix for Panel Replay X granularity DPCD register handling
* Got black screen after clicked logout button (LP: #2143100)
- drm/i915/alpm: ALPM disable fixes
* Dell Machines cannot boot into OS with 6.17.0-1012-oem (LP: #2144522)
- drm/amd: Disable MES LR compute W/A
- drm/amd: Set minimum version for set_hw_resource_1 on gfx11 to 0x52
* [SRU] Duplicated entries in /proc/<pid>/mountinfo (LP: #2143083)
- namespace: fix proc mount iteration
* CVE-2026-23274
- netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels
* macvlan: observe an RCU grace period in macvlan_common_newlink() error
path (LP: #2144380) // CVE-2026-23209
- macvlan: observe an RCU grace period in macvlan_common_newlink() error
path
* CVE-2026-23351
- netfilter: nft_set_pipapo: split gc into unlink and reclaim phase
* CVE-2026-23231
- netfilter: nf_tables: fix use-after-free in nf_tables_addchain()
-- John Cabaj <[email protected]> Wed, 06 May 2026 11:31:18
-0500
** Changed in: linux-azure (Ubuntu Questing)
Status: Fix Committed => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2025-71090
** CVE added: https://cve.org/CVERecord?id=CVE-2025-71134
** CVE added: https://cve.org/CVERecord?id=CVE-2025-71139
** CVE added: https://cve.org/CVERecord?id=CVE-2025-71141
** CVE added: https://cve.org/CVERecord?id=CVE-2025-71142
** CVE added: https://cve.org/CVERecord?id=CVE-2025-71152
** CVE added: https://cve.org/CVERecord?id=CVE-2025-71155
** CVE added: https://cve.org/CVERecord?id=CVE-2026-23112
** CVE added: https://cve.org/CVERecord?id=CVE-2026-23209
** CVE added: https://cve.org/CVERecord?id=CVE-2026-23231
** CVE added: https://cve.org/CVERecord?id=CVE-2026-23274
** CVE added: https://cve.org/CVERecord?id=CVE-2026-23351
** CVE added: https://cve.org/CVERecord?id=CVE-2026-23394
** CVE added: https://cve.org/CVERecord?id=CVE-2026-31419
** CVE added: https://cve.org/CVERecord?id=CVE-2026-31431
** CVE added: https://cve.org/CVERecord?id=CVE-2026-31504
** CVE added: https://cve.org/CVERecord?id=CVE-2026-31533
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2146588
Title:
[Mana][Backport] net: mana: Fix use-after-free in reset service rescan
path & net: mana: Fix double destroy_workqueue on service rescan PCI
path
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/2146588/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
