Linux LTS Kernel 5.10.257, 5.15.208, 6.1.174, 6.6.141, 6.12.91, and 6.18.33 released

Linux 3364 Published by

The latest Linux stable kernel updates harden the networking stack by fixing shared fragment marker leaks that could enable memory corruption via ESP decryption and correcting SMB AES-256 key derivation for Kerberos authentication. Graphics drivers receive targeted patches to prevent infinite loops in V3D, resolve VRAM eviction issues on Intel hardware, fix return value leaks in Panfrost, and clean up I2C adapter reference counting on legacy GMA500 systems. Virtualization and security routines get tightened with bounds checking for KVM dirty ring tracking and AMD IOMMU device lookups, alongside a correction to audit logging that was misreporting capability sets. Core kernel improvements include reverting aggressive scheduler preemption logic, fixing BPF verifier register tracking for 32-bit operations, and resolving workqueue allocation leaks during failed unbound queue setups.





Linux Stable LTS Kernel Update Fixes GPU Crashes, SMB Encryption Bugs, and FUSE Readahead Panics

The latest round of stable kernel updates just landed, and this batch is heavy on networking stack hardening, GPU driver memory leaks, and filesystem stability. System administrators running mixed Intel and AMD hardware have reported that certain older laptop models simply refuse to boot past early initialization when DMAR is left enabled, which explains why the new quirk entry for the Q35 integrated graphics matters so much right now. The maintainers also cleaned up several race conditions in virtualization, fixed a readahead bug that could easily crash FUSE mounts on systems with large page sizes, and patched encryption routines that were silently breaking Kerberos authentication across SMB shares.

Kernel

Network and Filesystem Stability Upgrades

The networking layer received a significant injection of sanity checks around shared fragment markers in the socket buffer handling code. When network packets get split across multiple memory pages, the kernel tracks whether those pages are externally owned or backed by page cache. Several helper functions were silently dropping that tracking flag during packet duplication and coalescing operations. Without the marker intact, ESP decryption routines would skip safety copies and write directly into read-only cached pages, which opens a clear path for unprivileged processes to corrupt root-owned memory through crafted network rules. The fix forces the kernel to preserve the shared fragment state across all relevant transfer paths, effectively closing that attack vector without adding noticeable overhead.

SMB client encryption also gets a long overdue correction for AES-256 key derivation. Previous code hardcoded a sixteen byte input length when pulling session keys from Kerberos authentication contexts. Modern Active Directory setups routinely hand out thirty two byte cryptographic keys, and the old logic would silently truncate them before generating encryption material. Mounts using require_gcm_256 flags would fail outright because the client and server ended up speaking different cipher languages. The updated routine now respects the full session key length for encryption operations while keeping signing routines on their original sixteen byte baseline, which restores compatibility with enterprise environments that enforce stronger ciphers.

Filesystem stability sees targeted fixes across Ceph, FUSE, and netfs. A race condition in the Ceph extended attribute builder could trigger a hard kernel panic when concurrent capability grants resized the xattr tree while a flush operation was mid flight. The patch forces the code to recalculate required buffer sizes after the rebuild completes, preventing stale size checks from allocating undersized memory blocks. FUSE readahead on architectures with sixty four kilobyte base pages also gets corrected. When the server advertises a small maximum read size, the old loop would allocate zero page frames and hand back a pointer that looked valid but actually pointed to kernel memory offset sixteen. Dereferencing that value during folio position lookups caused immediate page faults. The updated path bails out cleanly when no pages can be allocated, letting the fallback read routine handle the request without crashing the mount.

GPU Driver Patching and Memory Accounting Fixes

Graphics drivers continue to absorb a heavy load of memory safety patches, particularly around buffer object lifecycle management and userspace extension validation. The V3D driver gets a straightforward but critical guard against crafted multisync extensions that could trigger infinite loops in kernel context. A local user could previously pass back references with zero sync counts, bypassing duplicate checks and pegging CPU cores indefinitely. Rejecting empty multisync structures early stops the loop before it touches any hardware state.

Intel graphics drivers see multiple fixes targeting eviction walks and request tracking. The TTM memory manager was incorrectly translating cgroup limit violations into retry codes instead of space exhaustion errors. That mismatch caused eviction loops to terminate prematurely, leaving GPU contexts starved of VRAM during heavy workloads. Converting the error code ensures the scheduler keeps hunting for reclaimable buffers until the operation succeeds or the system genuinely runs out of memory. The i915 driver also gets a guard against skipping already signaled requests after hardware resets. When the hardware scratchpad clears, completed commands appear incomplete to the software state machine. Marking them as guilty without checking their actual fence status triggered assertion failures during heartbeat reset paths on older Sandy Bridge silicon.

Panfrost and legacy GMA500 drivers clean up return value leaks and I2C adapter reference counting. The Panfrost wait buffer ioctl was passing positive jiffies values back to userspace as error codes, which confused applications expecting standard POSIX errno ranges. Setting the return variable explicitly on success paths keeps the interface predictable. Oaktrail support finally drops its I2C adapter references when falling back to allocated adapters or hitting late initialization errors. Those leaked references previously prevented display connectors from being properly deregistered during hotplug events and caused indefinite hangs when the driver unloaded after a failed probe.

Virtualization, Security, and Hardware Quirks

Virtualization hosts get several patches that tighten bounds checking and fix memory accounting edge cases. The KVM dirty ring tracking logic was vulnerable to sixty four bit offset wrap arounds. Crafted entries could bypass range checks by overflowing the addition used for boundary validation, which eventually fed near maximum address values into legacy MMU shadow paging routines. Those values triggered out of bounds loads that corrupted page table writable flags. Adding an independent range check on the offset before any arithmetic ensures the calculation stays within valid memory slot boundaries.

AMD IOMMU initialization gets a bounds guard around device lookup tables. Virtualized environments with sparse IVRS tables previously caused the kernel to read past allocated slab objects when probing PCI endpoints that lacked explicit passthrough descriptions. The overread returned adjacent heap contents, which the probe routine then dereferenced as valid IOMMU structures, causing immediate general protection faults during boot. Guarding the array access skips unlisted devices cleanly and lets the system initialize without crashing.

Security auditing routines also receive a correction for capability set records. A copy paste error in the audit logging code was writing effective capability values into the inheritable field. Compliance tools relying on those records would miss privilege escalation attempts where processes modified their inheritable caps before execve calls. Swapping the source variable to match the actual inheritable state restores forensic accuracy without changing how capabilities are enforced at runtime.

Core Kernel and Scheduling Tweaks

The scheduler gets a targeted revert that removes aggressive force wakeup preemption logic. The original patch assumed waking tasks should immediately preempt run queue parity checks, but that assumption broke down when delayed tasks or load balancing pulled different processes into the mix. The result was unnecessary reschedule storms that degraded latency for real time workloads and misaligned slice protections. Dropping the forced preemption lets yield to task and sync wake flags handle priority transitions more predictably.

BPF verifier logic around thirty two bit arithmetic gets corrected to stop tracking incorrect register bounds. Linked registers that passed through alu32 operations were zero extended by hardware but not flagged in the verifier state machine. The old code checked the wrong register ID when propagating linked states, which caused the tracer to believe sixty four bit values fell outside valid ranges while the CPU actually produced correct results. Checking both directions of the linked relationship ensures bounds tracking stays aligned with actual hardware behavior.

Workqueue allocation paths get cleaned up to prevent percpu pointer leaks during failed unbound queue setups. The old error path returned early without routing through the cleanup label that freed allocated tables, which meant every failed workqueue creation leaked memory proportional to the number of online CPUs. Routing failures through the existing cleanup routine restores proper accounting and prevents gradual memory pressure on systems that frequently create and destroy dynamic workqueues.

These updates cover a wide range of hardware generations and workload profiles, so applying them early will likely smooth out several lingering stability issues across desktop, server, and embedded deployments. The maintainers clearly prioritized closing attack surfaces in the network stack while keeping older silicon from tripping over modern scheduling assumptions. Keep an eye on your distribution stable repos for the backports to land, and test any custom kernel configurations before rolling them into production environments.

Linux kernel 5.10.257 released

Linux kernel version 5.10.257 is now available:

Full source: https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.10.257.tar.xz
Patch: https://cdn.kernel.org/pub/linux/kernel/v5.x/patch-5.10.257.xz
PGP Signature: https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.10.257.tar.sign

You can view the summary of the changes at the following URL:
https://git.kernel.org/stable/ds/v5.10.257/v5.10.256

Linux kernel 5.15.208 released

Linux kernel version 5.15.208 is now available:

Full source: https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.208.tar.xz
Patch: https://cdn.kernel.org/pub/linux/kernel/v5.x/patch-5.15.208.xz
PGP Signature: https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.208.tar.sign

You can view the summary of the changes at the following URL:
https://git.kernel.org/stable/ds/v5.15.208/v5.15.207

Linux kernel 6.1.174 released

Linux kernel version 6.1.174 is now available:

Full source: https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.1.174.tar.xz
Patch: https://cdn.kernel.org/pub/linux/kernel/v6.x/patch-6.1.174.xz
PGP Signature: https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.1.174.tar.sign

You can view the summary of the changes at the following URL:
https://git.kernel.org/stable/ds/v6.1.174/v6.1.173

Linux kernel 6.6.141 released

Linux kernel version 6.6.141 is now available:

Full source: https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.6.141.tar.xz
Patch: https://cdn.kernel.org/pub/linux/kernel/v6.x/patch-6.6.141.xz
PGP Signature: https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.6.141.tar.sign

You can view the summary of the changes at the following URL:
https://git.kernel.org/stable/ds/v6.6.141/v6.6.140

Linux kernel 6.12.91 released

Linux kernel version 6.12.91 is now available:

Full source: https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.12.91.tar.xz
Patch: https://cdn.kernel.org/pub/linux/kernel/v6.x/patch-6.12.91.xz
PGP Signature: https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.12.91.tar.sign

You can view the summary of the changes at the following URL:
https://git.kernel.org/stable/ds/v6.12.91/v6.12.90

Linux kernel 6.18.33 released

Linux kernel version 6.18.33 is now available:

Full source: https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.18.33.tar.xz
Patch: https://cdn.kernel.org/pub/linux/kernel/v6.x/patch-6.18.33.xz
PGP Signature: https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.18.33.tar.sign

You can view the summary of the changes at the following URL:
https://git.kernel.org/stable/ds/v6.18.33/v6.18.32

Grab a coffee, run your updates, and let the scheduler do its job without unnecessary interference.

Linux Kernel 7.0.10 released

Manjaro Linux 26.1 Bian-May Preview 3 released

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...