-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 10 Aug 2024 08:09:03 +0200 Source: linux Binary: linux-doc linux-doc-5.10 linux-headers-5.10.0-32-common linux-headers-5.10.0-32-common-rt linux-source linux-source-5.10 linux-support-5.10.0-32 Architecture: all Version: 5.10.223-1 Distribution: bullseye-security Urgency: high Maintainer: all Build Daemon (x86-grnet-02) Changed-By: Salvatore Bonaccorso Description: linux-doc - Linux kernel specific documentation (meta-package) linux-doc-5.10 - Linux kernel specific documentation for version 5.10 linux-headers-5.10.0-32-common - Common header files for Linux 5.10.0-32 linux-headers-5.10.0-32-common-rt - Common header files for Linux 5.10.0-32-rt linux-source - Linux kernel source (meta-package) linux-source-5.10 - Linux kernel source for version 5.10 with Debian patches linux-support-5.10.0-32 - Support files for Linux 5.10 Closes: 1076864 Changes: linux (5.10.223-1) bullseye-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.222 - Compiler Attributes: Add __uninitialized macro - [arm64,armhf] drm/lima: fix shared irq handling on driver remove - media: dvb: as102-fe: Fix as10x_register_addr packing - media: dvb-usb: dib0700_devices: Add missing release_firmware() - IB/core: Implement a limit on UMAD receive List - scsi: qedf: Make qedf_execute_tmf() non-preemptible - crypto: aead,cipher - zeroize key buffer after use - drm/amdgpu: Initialize timestamp for some legacy SOCs - drm/amd/display: Check index msg_id before read or write - drm/amd/display: Check pipe offset before setting vblank - drm/amd/display: Skip finding free audio for unknown engine_id - media: dw2102: Don't translate i2c read into write - sctp: prefer struct_size over open coded arithmetic - firmware: dmi: Stop decoding on broken entry - Input: ff-core - prefer struct_size over open coded arithmetic - [arm64,armhf] net: dsa: mv88e6xxx: Correct check for empty list - media: dvb-frontends: tda18271c2dd: Remove casting during div - media: s2255: Use refcount_t instead of atomic_t for num_channels - media: dvb-frontends: tda10048: Fix integer overflow - i2c: i801: Annotate apanel_addr as __ro_after_init - [powerpc*] 64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n - orangefs: fix out-of-bounds fsid access - kunit: Fix timeout message - [powerpc*] xmon: Check cpu id in commands "c#", "dp#" and "dx#" - bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD - jffs2: Fix potential illegal address access in jffs2_free_inode - [s390x] pkey: Wipe sensitive data on failure - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() - tcp_metrics: validate source addr length - wifi: wilc1000: fix ies_len type in connect path - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (CVE-2024-39487) - inet_diag: Initialize pad field in struct inet_diag_req_v2 - nilfs2: fix inode number range checks - nilfs2: add missing check for inode numbers on directory entries - mm: optimize the redundant loop of mm_update_owner_next() - mm: avoid overflows in dirty throttling logic - Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct - fsnotify: Do not generate events for O_PATH file descriptors - Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes - drm/amdgpu/atomfirmware: silence UBSAN warning - mtd: rawnand: Bypass a couple of sanity checks during NAND identification - bnx2x: Fix multiple UBSAN array-index-out-of-bounds - bpf, sockmap: Fix sk->sk_forward_alloc warn_on in sk_stream_kill_queues - ima: Avoid blocking in RCU read-side critical section (CVE-2024-40947) - media: dw2102: fix a potential buffer overflow - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 - nvme-multipath: find NUMA path only for online numa-node - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset - [x86] platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet - [x86] platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro - nvmet: fix a possible leak when destroy a ctrl during qp establishment - kbuild: fix short log for AS in link-vmlinux.sh - nilfs2: fix incorrect inode allocation from reserved inodes - mm: prevent derefencing NULL ptr in pfn_section_valid() - filelock: fix potential use-after-free in posix_lock_inode - fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading - vfs: don't mod negative dentry count when on shrinker list - tcp: fix incorrect undo caused by DSACK of TLP retransmit - net: lantiq_etop: add blank line after declaration - net: ethernet: lantiq_etop: fix double free in detach - ppp: reject claimed-as-LCP but actually malformed packets - ethtool: netlink: do not return SQI value if link is down - udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). - net/sched: Fix UAF when resolving a clash - [s390x] Mark psw in __load_psw_mask() as __unitialized - tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() - tcp: avoid too many retransmit packets (CVE-2024-41007) - net: ks8851: Fix potential TX stall after interface reopen - USB: serial: option: add Telit generic core-dump composition - USB: serial: option: add Telit FN912 rmnet compositions - USB: serial: option: add Fibocom FM350-GL - USB: serial: option: add support for Foxconn T99W651 - USB: serial: option: add Netprisma LCUK54 series modules - USB: serial: option: add Rolling RW350-GL variants - USB: serial: mos7840: fix crash on resume - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor - hpet: Support 32-bit userspace - nvmem: meson-efuse: Fix return value of nvmem callbacks - ALSA: hda/realtek: Enable Mute LED on HP 250 G7 - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX - libceph: fix race between delayed_work() and ceph_monc_stop() - wireguard: allowedips: avoid unaligned 64-bit memory accesses - wireguard: queueing: annotate intentional data race in cpu round robin - wireguard: send: annotate intentional data race in checking empty queue - x86/retpoline: Move a NOENDBR annotation to the SRSO dummy return thunk - ipv6: annotate data-races around cnf.disable_ipv6 - ipv6: prevent NULL dereference in ip6_output() (CVE-2024-36901) - bpf: Allow reads from uninit stack - nilfs2: fix kernel bug on rename operation of broken directory - i2c: mark HostNotify target address as used https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.223 - gcc-plugins: Rename last_stmt() for GCC 14+ - filelock: Remove locks reliably when fcntl/close race is detected (CVE-2024-41012) - scsi: qedf: Set qed_slowpath_params to zero before use - ACPI: EC: Abort address space access upon error - ACPI: EC: Avoid returning AE_OK on errors in address space handler - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() - Input: silead - Always support 10 fingers - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() - ila: block BH in ila_output() - [arm64] armv8_deprecated: Fix warning in isndep cpuhp starting process - null_blk: fix validation of block size - kconfig: gconf: give a proper initial state to the Save button - kconfig: remove wrong expr_trans_bool() - fs/file: fix the check in find_next_fd() - mei: demote client disconnect warning on suspend to debug - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check - [powerpc*] KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() - ALSA: hda/realtek: Add more codec ID to no shutup pins list - [mips*] fix compat_sys_lseek syscall - Input: elantech - fix touchpad state on resume for Lenovo N24 - Input: i8042 - add Ayaneo Kun to i8042 quirk table - [x86] bytcr_rt5640 : inverse jack detect for Archos 101 cesium - [arm*] ALSA: dmaengine: Synchronize dma channel after drop() - [armhf] ASoC: ti: davinci-mcasp: Set min period size using FIFO config - can: kvaser_usb: fix return value for hif_usb_send_regout - [s390x] sclp: Fix sclp_init() cleanup on failure - btrfs: qgroup: fix quota root leak after quota disable failure - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx - ALSA: dmaengine_pcm: terminate dmaengine before synchronize - net: usb: qmi_wwan: add Telit FN912 compositions - net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() - [powerpc*] pseries: Whitelist dtl slub object for copying to userspace - [powerpc*] eeh: avoid possible crash when edev->pdev changes - scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed - Bluetooth: hci_core: cancel all works upon hci_unregister_dev() - fs: better handle deep ancestor chains in is_subdir() - spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices - hfsplus: fix uninit-value in copy_name - spi: mux: set ctlr->bits_per_word_mask - [arm*] 9324/1: fix get_user() broken with veneer - ACPI: processor_idle: Fix invalid comparison with insertion sort for latency - bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009) - bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue (CVE-2024-36938) - scsi: core: Fix a use-after-free (CVE-2022-48666) - ext4: fix error code saved on super block during file system abort - ext4: Send notifications on error - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() - net: relax socket state check at accept time. (CVE-2024-36484) - ocfs2: add bounds checking to ocfs2_check_dir_entry() - jfs: don't walk off the end of ealist - ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 - [arm64] dts: qcom: msm8996: Disable SS instance in Parkmode for USB - [arm*] ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused - filelock: Fix fcntl/close race recovery compat path - tun: add missing verification for short frame (CVE-2024-41091) - tap: add missing verification for short frame (CVE-2024-41090) . [ Salvatore Bonaccorso ] * Bump ABI to 32 * fs/nfsd: Enable NFSD_V2 and NFSD_V2_ACL. Re-enable lost NFSv2 kernel support due to upstream backporting of 2f3a4b2ac2f2 ("nfsd: allow disabling NFSv2 at compile time") in 5.10.220. (Closes: #1076864) * netfilter: ipset: Add list flush to cancel_gc Checksums-Sha1: 6f2e5a3980c131b4eda6c10cebccbc5c06ad26a0 30505884 linux-doc-5.10_5.10.223-1_all.deb 8aad7ec1b7f7845a1499155260f539d9b46f9239 1104 linux-doc_5.10.223-1_all.deb 9e03f4b154c15136e8b323d0de16c659e5ced493 7584688 linux-headers-5.10.0-32-common-rt_5.10.223-1_all.deb b366cb8a89cdcede8981085c24f850205a45168d 9249768 linux-headers-5.10.0-32-common_5.10.223-1_all.deb 74642348dc22a9852eaea83704ac50ef0deb9adf 121562870 linux-source-5.10_5.10.223-1_all.deb 0d7a776b1cca78046a69d494b1f4812522322983 1100 linux-source_5.10.223-1_all.deb 2ce8611bc73c9f5a2e4a1afe6e5fb431bf3bb787 773136 linux-support-5.10.0-32_5.10.223-1_all.deb ad9c65900acde7f6e7fcc2e19e6a28f024e37e55 12707 linux_5.10.223-1_all-buildd.buildinfo Checksums-Sha256: d4a0f718d4cbea58063a98e199815c7f943e729297e3f62d1590f523930a765d 30505884 linux-doc-5.10_5.10.223-1_all.deb 42a6c04f894714320a2000fc124c7e33ca8b9ec4fe37735b396ee3671e1572c7 1104 linux-doc_5.10.223-1_all.deb 464a0aa006d4908c81a302dd6509d0e36d142f3ef848a663dbf6569afaf1d02b 7584688 linux-headers-5.10.0-32-common-rt_5.10.223-1_all.deb b5ae0213861bd47260ee0193d4e074db35cb78444f54e4f5aafcb03bd9ff5ed8 9249768 linux-headers-5.10.0-32-common_5.10.223-1_all.deb f733d27d239d65598d96d7a72f71ac50f49f2380192a1b3b4ca2f5ad5144dd63 121562870 linux-source-5.10_5.10.223-1_all.deb 5bbdc666d0da31af2953850c4f00452e352f6ac9917de43a6e0b5f37f1ba166f 1100 linux-source_5.10.223-1_all.deb 4c60f6584e1887c4b66c909eb3ee10218bb57b907412e028b2b8cf8b6320679c 773136 linux-support-5.10.0-32_5.10.223-1_all.deb 495a187fb432bda7306d49698e577252abf8aee2d52c0a1884c81a79f06a44f3 12707 linux_5.10.223-1_all-buildd.buildinfo Files: ac64d572ef9273d0cb6cef934ce978e6 30505884 doc optional linux-doc-5.10_5.10.223-1_all.deb a45c71a5002c7f0d5ec782572a9b96da 1104 doc optional linux-doc_5.10.223-1_all.deb 15e7585ed2bce22701a523a6c8a9ab3b 7584688 kernel optional linux-headers-5.10.0-32-common-rt_5.10.223-1_all.deb 61dc6a37336f501d12ff95a1ed39323d 9249768 kernel optional linux-headers-5.10.0-32-common_5.10.223-1_all.deb 001e12b3199101f73be8069728e27687 121562870 kernel optional linux-source-5.10_5.10.223-1_all.deb d732f79f6ac8215e01e641721606451a 1100 kernel optional linux-source_5.10.223-1_all.deb 5f1b73c12b1aa23a117ca5bb1b252479 773136 devel optional linux-support-5.10.0-32_5.10.223-1_all.deb 58323ef05eb7b13102d437c9b62ca212 12707 kernel optional linux_5.10.223-1_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEQsM0t1ygJv2xcx3e4cagXJhOTXsFAma3OC0ACgkQ4cagXJhO TXsIARAArgYjEHVCtR2eEGKXY/w5fqMVZ351KiMVUFtrLqhtxyLNGUeFfZtcPyix Q9tEa5Tbe19xpOpWTlu7Ni/oEpP5D1wYEYnmplqMidvcTrK52kUYDw+qQBzIrSZD dXhuC/FPKMr8drnL7cxmtTTrFe0N8lxJ7nyUUTwlpwgjUsBvkKahpSc2FLLwgBS7 mouQxM09F4RNuSDHdvAPtRdHAfC+UMyn7pdY0TkvR88bwRBk41fCZALhsDd3yQIF 9VmRKnf1CZjABfqcOHdxbZeJDwmS/ZIcruhDpdbSlhSrM/yjW7gt9VDnMjF1zBpT JvkQXhA2s5TKz13OVY+v2dI8eOcfl/pFnYJ9yoBPKyFhShZmfPiumPt76n6h+OfG 9gbLsTo53tnA0POh63ZGCsmaqtHmBIquHG5Obb1sL0TucZcB853SSqVAe/VzNluF qMbpreAkIOSc/GQbsS5h/JCqhKOolBEW5H+7OFebzsB8H8RRSAJtpayRQl9VAtWO D4dEBqGfIiltbvxL1x+/PCur90mCKkdFPgQAjRHtMLCF+bYk779moOJ85bXRJEcw kOnKS10p+E3Q8LEIPNoRW/+gWZ7VD2T22mPVg9r6kMGC6Zx4prI+XTIazpNjCj55 x02O7RgmFUmImmmzdtKaf687FK+th0ualWeUenWJof5rPgagJLg= =W2d4 -----END PGP SIGNATURE-----