-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 16 Oct 2022 23:18:41 +0200 Source: linux Architecture: source Version: 5.10.148-1 Distribution: bullseye-security Urgency: high Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 1019248 Changes: linux (5.10.148-1) bullseye-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.141 - [s390x] mm: do not trigger write fault when vma does not allow VM_WRITE - kbuild: Fix include path in scripts/Makefile.modpost - Bluetooth: L2CAP: Fix build errors in some archs - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report - media: pvrusb2: fix memory leak in pvr_probe - HID: hidraw: fix memory leak in hidraw_release() - net: fix refcount bug in sk_psock_get (2) - fbdev: fb_pm2fb: Avoid potential divide by zero error - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead - drm/amd/display: Avoid MPC infinite loop - drm/amd/display: For stereo keep "FLIP_ANY_FRAME" - drm/amd/display: clear optc underflow before turn off odm clock - neigh: fix possible DoS due to net iface start/stop loop - [s390x] hypfs: avoid error message under KVM - drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid - drm/amd/display: Fix pixel clock programming - drm/amdgpu: Increase tlb flush timeout for sriov - netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y - lib/vdso: Mark do_hres_timens() and do_coarse_timens() __always_inline() - kprobes: don't call disarm_kprobe() for disabled kprobes - io_uring: disable polling pollfree files - xfs: remove infinite loop when reserving free block pool - xfs: always succeed at setting the reserve pool size - xfs: fix overfilling of reserve pool - xfs: fix soft lockup via spinning in filestream ag selection loop - xfs: revert "xfs: actually bump warning counts when we send warnings" - net: neigh: don't call kfree_skb() under spin_lock_irqsave() https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.142 - [arm64] drm/msm/dsi: fix the inconsistent indenting - [arm64] drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 - [arm64] drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg - [arm64] drm/msm/dsi: Fix number of regulators for SDM660 - [x86] platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask - iio: adc: mcp3911: make use of the sign bit - bpf, cgroup: Fix kernel BUG in purge_effective_progs - ieee802154/adf7242: defer destroy_workqueue call - ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg - ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() - Revert "xhci: turn off port power in shutdown" - net: sched: tbf: don't call qdisc_put() while holding tree lock - net/sched: fix netdevice reference leaks in attach_default_qdiscs() - sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb - tcp: annotate data-race around challenge_timestamp - Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb" - net/smc: Remove redundant refcount increase - [arm64] serial: fsl_lpuart: RS485 RTS polariy is inverse - staging: rtl8712: fix use after free bugs - [powerpc*] align syscall table for ppc32 - vt: Clear selection before changing the font - [arm64] tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag - iio: ad7292: Prevent regulator double disable - iio: adc: mcp3911: use correct formula for AD conversion - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id - [arm*] binder: fix UAF of ref->proc caused by race condition (CVE-2022-20421) - [x86] drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported" - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops - Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops" - clk: core: Fix runtime PM sequence in clk_core_unprepare() - [arm64,armhf] clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate - [arm64,armhf] clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() - [arm64,armhf] clk: bcm: rpi: Prevent out-of-bounds access - [arm64,armhf] clk: bcm: rpi: Add missing newline - [armel,armhf] hwmon: (gpio-fan) Fix array out of bounds access - [arm64,armhf] gpio: pca953x: Add mutex_lock for regcache sync in PM - [x86] KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() - mm: pagewalk: Fix race between unmap and page walker - xen-blkback: Advertise feature-persistent as user requested - xen-blkfront: Advertise feature-persistent as user requested - [x86] thunderbolt: Use the actual buffer in tb_async_error() - media: mceusb: Use new usb_control_msg_*() routines - xhci: Add grace period after xHC start to prevent premature runtime suspend. - USB: serial: cp210x: add Decagon UCA device id - USB: serial: option: add support for OPPO R11 diag port - USB: serial: option: add Quectel EM060K modem - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles - [arm*] usb: dwc2: fix wrong order of phy_power_on and phy_init - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) - usb-storage: Add ignore-residue quirk for NXP PN7462AU - [s390x] hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages - [s390x] fix nospec table alignments - USB: core: Prevent nested device-reset calls - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS - driver core: Don't probe devices after bus_type.match() probe deferral - wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected - wifi: mac80211: Fix UAF in ieee80211_scan_rx() - ip: fix triggering of 'icmp redirect' - net: Use u64_stats_fetch_begin_irq() for stats fetch. - net: mac802154: Fix a condition in the receive path - ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 - ALSA: seq: oss: Fix data-race for max_midi_devs access - ALSA: seq: Fix data-race at module auto-loading - [x86] drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk - btrfs: harden identification of a stale device - mmc: core: Fix UHS-I SD 1.8V workaround branch - [arm64,armhf] usb: dwc3: fix PHY disable sequence - [arm64,armhf] usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup - [arm64,armhf] usb: dwc3: disable USB core PHY management - USB: serial: ch341: fix lost character on LCR updates - USB: serial: ch341: fix disabled rx timer on older devices https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.143 - NFSD: Fix verifier returned in stable WRITEs - xen-blkfront: Cache feature_persistent value before advertisement - tty: n_gsm: initialize more members at gsm_alloc_mux() - tty: n_gsm: avoid call of sleeping functions from atomic context - efi: capsule-loader: Fix use-after-free in efi_capsule_write (CVE-2022-40307) - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() - fs: only do a memory barrier for the first set_buffer_uptodate() - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX - scsi: megaraid_sas: Fix double kfree() - drm/gem: Fix GEM handle release errors - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup. - drm/radeon: add a force flush to delay work when radeon - [arm64] cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level - net/core/skbuff: Check the return value of skb_copy_bits() - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() - ALSA: aloop: Fix random zeros in capture data when using jiffies timer - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() - kprobes: Prohibit probes in gate area - debugfs: add debugfs_lookup_and_remove() - nvmet: fix a use-after-free - [x86] drm/i915: Implement WaEdpLinkRateDataReload - scsi: mpt3sas: Fix use-after-free warning - scsi: lpfc: Add missing destroy_workqueue() in error path - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree - cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() - smb3: missing inode locks in punch hole - regulator: core: Clean up on enable failure - [arm64] tee: fix compiler warning in tee_shm_register() - RDMA/cma: Fix arguments order in net device validation - [arm64] RDMA/hns: Fix supported page size - [arm64] RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift - netfilter: br_netfilter: Drop dst references before setting. - netfilter: nf_tables: clean up hook list when offload flags check fails - netfilter: nf_conntrack_irc: Fix forged IP logic (CVE-2022-2663) - ALSA: usb-audio: Inform the delayed registration more properly - ALSA: usb-audio: Register card again for iface over delayed_register option - rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2() - afs: Use the operation issue time instead of the reply time for callbacks - sch_sfb: Don't assume the skb is still around after enqueueing to child - tipc: fix shift wrapping bug in map_get() - ice: use bitmap_free instead of devm_kfree - i40e: Fix kernel crash during module removal - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed - ipv6: sr: fix out-of-bounds read when setting HMAC data. - IB/core: Fix a nested dead lock as part of ODP flow - RDMA/mlx5: Set local port to one when accessing counters - nvme-tcp: fix UAF when detecting digest errors - nvme-tcp: fix regression that causes sporadic requests to time out - tcp: fix early ETIMEDOUT after spurious non-SACK RTO - sch_sfb: Also store skb len before calling child enqueue - swiotlb: avoid potential left shift overflow - [amd64] iommu/amd: use full 64-bit value in build_completion_wait() - [arm64] errata: add detection for AMEVCNTR01 incrementing incorrectly https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.144 - [armhf] dts: imx: align SPI NOR node name with dtschema - [amd64] iommu/vt-d: Correctly calculate sagaw value of IOMMU - tracefs: Only clobber mode/uid/gid on remount if asked - Input: goodix - add support for GT1158 - [arm64] drm/msm/rd: Fix FIFO-full deadlock - [amd64] hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message - tg3: Disable tg3 device on system reboot to avoid triggering AER - ieee802154: cc2520: add rc code in cc2520_tx() - Input: iforce - add support for Boeder Force Feedback Wheel - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 - [arm*] perf/arm_pmu_platform: fix tests for platform_get_irq() failure - [x86] platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes - mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() - [x86] Revert "x86/ftrace: Use alternative RET encoding" - [x86] ibt,ftrace: Make function-graph play nice - [x86] ftrace: Use alternative RET encoding - Input: goodix - add compatible string for GT1158 https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.145 - [ppc64el] KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs - [ppc64el] KVM: PPC: Tick accounting should defer vtime accounting 'til after IRQ handling - serial: 8250: Fix reporting real baudrate value in c_ospeed field - [powerpc*] pseries/mobility: refactor node lookup during DT update - [powerpc*] pseries/mobility: ignore ibm, platform-facilities updates - [x86] platform/x86/intel: hid: add quirk to support Surface Go 3 - [arm64,armhf] net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports - of: fdt: fix off-by-one error in unflatten_dt_nodes() - [arm64] pinctrl: sunxi: Fix name for A100 R_PIO - NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0 - [arm64] gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx - [arm64] drm/meson: Correct OSD1 global alpha value - [arm64] drm/meson: Fix OSD1 RGB to YCbCr coefficient - tracing: hold caller_addr to hardirq_{enable,disable}_ip - of/device: Fix up of_dma_configure_id() stub - cifs: revalidate mapping when doing direct writes - cifs: don't send down the destination address to sendmsg for a SOCK_STREAM - video: fbdev: i740fb: Error out if 'pixclock' equals zero (CVE-2022-3061) - Revert "serial: 8250: Fix reporting real baudrate value in c_ospeed field" - [x86] ASoC: nau8824: Fix semaphore unbalance at error paths - [armhf] regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() - rxrpc: Fix local destruction being repeated - rxrpc: Fix calc of resend age - wifi: mac80211_hwsim: check length for virtio packets - ALSA: hda/sigmatel: Keep power up while beep is enabled - [arm64,armhf] ALSA: hda/tegra: Align BDL entry to 4KB boundary - net: usb: qmi_wwan: add Quectel RM520N - afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked - [misp64el,mipsel] OCTEON: irq: Fix octeon_irq_force_ciu_mapping() - mksysmap: Fix the mismatch of 'L0' symbols in System.map - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (CVE-2022-39842) - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() - ALSA: hda/sigmatel: Fix unused variable warning for beep power change https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.146 - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega - drm/amdgpu: indirect register access for nv12 sriov - drm/amdgpu: Separate vf2pf work item init from virt data exchange - drm/amdgpu: make sure to init common IP before gmc - [arm64,armhf] usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind - [arm64,armhf] usb: dwc3: Issue core soft reset before enabling run/stop - [arm64,armhf] usb: dwc3: gadget: Prevent repeat pullup() - [arm64,armhf] usb: dwc3: gadget: Refactor pullup() - [arm64,armhf] usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup() - [arm64,armhf] usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure - vfio/type1: Change success value of vaddr_get_pfn() - vfio/type1: Prepare for batched pinning with struct vfio_batch - vfio/type1: Unpin zero pages - USB: core: Fix RST error in hub.c - USB: serial: option: add Quectel BG95 0x0203 composition - USB: serial: option: add Quectel RM520N - ALSA: hda/tegra: set depop delay for tegra - ALSA: hda: add Intel 5 Series / 3400 PCI DID - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop - ALSA: hda/realtek: Re-arrange quirk table entries - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop - [amd64] iommu/vt-d: Check correct capability for sagaw determination - media: flexcop-usb: fix endpoint type check - [x86] efi: x86: Wipe setup_data on pure EFI boot - efi: libstub: check Shim mode using MokSBStateRT - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully - [arm64,armhf] can: flexcan: flexcan_mailbox_read() fix return value for drop = true - mm/slub: fix to return errno if kmalloc() fails - KVM: SEV: add cache flush to solve SEV cache incoherency issues (CVE-2022-0171) - xfs: fix up non-directory creation in SGID directories (CVE-2021-4037) - xfs: reorder iunlink remove operation in xfs_ifree - xfs: validate inode fork size against fork format - [arm64] dts: rockchip: Pull up wlan wake# on Gru-Bob - netfilter: nf_conntrack_sip: fix ct_sip_walk_headers - netfilter: nf_conntrack_irc: Tighten matching on DCC message (CVE-2022-2663) - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() - iavf: Fix cached head and tail value for iavf_get_tx_pending - ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header - net: let flow have same hash in two directions - net: core: fix flow symmetric hash - net: phy: aquantia: wait for the suspend/resume operations to finish - scsi: mpt3sas: Force PCIe scatterlist allocations to be within same 4 GB region - scsi: mpt3sas: Fix return value check of dma_get_required_mask() - net: bonding: Share lacpdu_mcast_addr definition - net: bonding: Unsync device addresses on ndo_stop - net: team: Unsync device addresses on ndo_stop - [arm64,armhf] drm/panel: simple: Fix innolux_g121i1_l01 bus_format - iavf: Fix bad page state - iavf: Fix set max MTU size with port VLAN and jumbo frames - i40e: Fix VF set max MTU size - i40e: Fix set max_tx_rate when it is lower than 1 Mbps - sfc: fix TX channel offset when using legacy interrupts - sfc: fix null pointer dereference in efx_hard_start_xmit - of: mdio: Add of_node_put() when breaking out of for_each_xx - wireguard: ratelimiter: disable timings test by default - wireguard: netlink: avoid variable-sized memcpy on sockaddr - [arm64] net: enetc: move enetc_set_psfp() out of the common enetc_set_features() - net: socket: remove register_gifconf - net/sched: taprio: avoid disabling offload when it was never enabled - net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs - netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain() - netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain() - netfilter: ebtables: fix memory leak when blob is malformed - can: gs_usb: gs_can_open(): fix race dev->can.state condition - net/smc: Stop the CLC flow if no link to map buffers on - net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD - net: sched: fix possible refcount leak in tc_new_tfilter() - drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV - serial: Create uart_xmit_advance() - [arm64,armhf] serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting - [s390x] dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup - vfio/type1: fix vaddr_get_pfns() return in vfio_pin_page_external() - drm/amdgpu: Fix check for RAS support - cifs: use discard iterator to discard unneeded network data more efficiently - cifs: always initialize struct msghdr smb_msg completely - [x86] Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region - [x86] drm/gma500: Fix BUG: sleeping function called from invalid context errors - drm/amdgpu: use dirty framebuffer helper - drm/amd/display: Limit user regamma to a valid value - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage - [arm64] drm/rockchip: Fix return type of cdn_dp_connector_mode_valid - workqueue: don't skip lockdep work dependency in cancel_work_sync() - [arm64,armhf] i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible - [amd64,arm64] devdax: Fix soft-reservation memory description - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 - ext4: limit the number of retries after discarding preallocations blocks - ext4: make directory inode spreading reflect flexbg size https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.147 - [x86] thunderbolt: Add support for Intel Maple Ridge - [x86] thunderbolt: Add support for Intel Maple Ridge single port controller - [arm64,armhf] ALSA: hda/tegra: Use clk_bulk helpers - [arm64,armhf] ALSA: hda/tegra: Reset hardware - ALSA: hda/hdmi: let new platforms assign the pcm slot dynamically - ALSA: hda: Fix Nvidia dp infoframe - btrfs: fix hang during unmount when stopping a space reclaim worker - [arm64,x86] usb: typec: ucsi: Remove incorrect warning - [x86] thunderbolt: Explicitly reset plug events delay back to USB4 spec value - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 - mm/page_alloc: fix race condition between build_all_zonelists and page allocation - mm: prevent page_frag_alloc() from corrupting the memory - mm/migrate_device.c: flush TLB while holding PTL - mm: fix madivse_pageout mishandling on non-LRU page - swiotlb: max mapping size takes min align mask into account - [arm64] scsi: hisi_sas: Revert "scsi: hisi_sas: Limit max hw sectors for v3 HW" - [arm64,armhf] soc: sunxi: sram: Actually claim SRAM regions - [arm64,armhf] soc: sunxi: sram: Prevent the driver from being unbound - [arm64,armhf] soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() - [arm64,armhf] soc: sunxi: sram: Fix probe function ordering issues - [arm64,armhf] soc: sunxi: sram: Fix debugfs info for A64 SRAM C - [arm64,armhf] Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time" - usbnet: Fix memory leak in usbnet_disconnect() - net: sched: act_ct: fix possible refcount leak in tcf_ct_init() - cxgb4: fix missing unlock on ETHOFLD desc collect fail path - nvme: add new line after variable declatation - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices - net: stmmac: power up/down serdes in stmmac_open/release - [armhf] clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks - [x86] KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest - [x86] alternative: Fix race in try_get_desc() - ALSA: hda/hdmi: fix warning about PCM count when used with SOF https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.148 - nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() - nilfs2: fix use-after-free bug of struct nilfs_root - nilfs2: fix leak of nilfs_root in case of writer thread creation failure - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure - ceph: don't truncate file in atomic_open - docs: update mediator information in CoC docs - xsk: Inherit need_wakeup flag for shared sockets - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (CVE-2022-3303) - mm: gup: fix the fast GUP race against THP collapse - [powerpc*] 64s/radix: don't need to broadcast IPI for radix pmd collapse flush - fs: fix UAF/GPF bug in nilfs_mdt_destroy - compiler_attributes.h: move __compiletime_{error|warning} - scsi: qedf: Fix a UAF bug in __qedf_probe() - net/ieee802154: fix uninit value bug in dgram_sendmsg - ALSA: hda/hdmi: Fix the converter reuse for the silent stream - net: atlantic: fix potential memory leak in aq_ndev_close() - drm/amd/display: update gamut remap if plane has changed - drm/amd/display: skip audio setup when audio stream is enabled - mmc: core: Replace with already defined values for readability - mmc: core: Terminate infinite loop in SD-UHS voltage switch - usb: mon: make mmapped memory read only - USB: serial: ftdi_sio: fix 300 bps rate for SIO - [arm64] rpmsg: qcom: glink: replace strncpy() with strscpy_pad() - Revert "clk: ti: Stop using legacy clkctrl names for omap4 and 5" - random: restore O_NONBLOCK support - random: clamp credited irq bits to maximum mixed - ALSA: hda: Fix position reporting on Poulsbo - efi: Correct Macmini DMI match in uefi cert quirk - scsi: stex: Properly zero out the passthrough command structure - USB: serial: qcserial: add new usb-id for Dell branded EM7455 - random: avoid reading two cache lines on irq randomness - random: use expired timer rather than wq for mixing fast pool - wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() (CVE-2022-41674) - wifi: cfg80211/mac80211: reject bad MBSSID elements - wifi: cfg80211: ensure length byte is present before access - wifi: cfg80211: fix BSS refcounting bugs (CVE-2022-42720) - wifi: cfg80211: avoid nontransmitted BSS list corruption (CVE-2022-42721) - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate - wifi: mac80211: fix crash in beacon protection for P2P-device (CVE-2022-42722) - wifi: cfg80211: update hidden BSSes to avoid WARN_ON - Input: xpad - add supported devices as contributed on github - Input: xpad - fix wireless 360 controller breaking after suspend . [ Aurelien Jarno ] * [arm64] Add support for misalignment fixups for multiword loads from next branch. Enable COMPAT_ALIGNMENT_FIXUPS. . [ Salvatore Bonaccorso ] * [x86] drivers/edac: Enable EDAC_I10NM as module (Closes: #1019248) * Bump ABI to 19 * Refresh "Export symbols needed by Android drivers" * [rt] Update to 5.10.140-rt73 * io_uring/af_unix: defer registered files gc to io_uring release (CVE-2022-2602) * ext4: fix check for block being out of directory size (CVE-2022-1184) . [ Uwe Kleine-König ] * mac80211: mlme: find auth challenge directly * wifi: mac80211: don't parse mbssid in assoc response * wifi: mac80211: fix MBSSID parsing use-after-free (CVE-2022-42719) Checksums-Sha1: 1b5bea4d648e8bd50618133e09ce8860e72a529e 197238 linux_5.10.148-1.dsc 759138419ac61b79cedaf8cd342ad86c8adf8a03 121774584 linux_5.10.148.orig.tar.xz 3de36fe3652726a4f8f981cd9fda63924053b29b 1551604 linux_5.10.148-1.debian.tar.xz a8d85ecec8a77d884f5bce5af0e653fa981791d5 6681 linux_5.10.148-1_source.buildinfo Checksums-Sha256: ddb108ec73e726e774bce4b4ee9d119aa9181d768f46d116a9203c51abeb97f8 197238 linux_5.10.148-1.dsc 2039d5857a1ed32b22a5be0783e3999473d7ed781117657351408a81d6f61542 121774584 linux_5.10.148.orig.tar.xz 056e028568772b24c2bf3388b14d104dd21777b0be30db74afc72e1d2ff26319 1551604 linux_5.10.148-1.debian.tar.xz 70cf3a04e2253cecbc7ee3fe6fd6ef4ead35f3c775ad052bd7481479bcc06a2d 6681 linux_5.10.148-1_source.buildinfo Files: 185a7af579fcaf1007b8f41382adbb02 197238 kernel optional linux_5.10.148-1.dsc 68a34c2232cb572e7b7b86cb634829a9 121774584 kernel optional linux_5.10.148.orig.tar.xz da1603753e5b2a86bbf1ff625fb0c28a 1551604 kernel optional linux_5.10.148-1.debian.tar.xz 652a80682428b824e9719399ac2ed2d8 6681 kernel optional linux_5.10.148-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNMdW9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EpHsP+QGZtOKoQCgUf8kpWA7Y9N5N+91QX+Qu +dItIJDDDvzrr8YRpjBoDJF0GxWs+sM0JmjfuUn2GLTGiLTJEnlvO0PyWKDP2CXV GGtxQuMffNf2dzRGN2CkaTCIcMpDTOCEd1WaaUUSsfhaX8zqd7QawCMJSw3rdGk6 LzHsyPdM/JBGITKlD4hFzDQI4EFfPwrjfb7hHm4pteFKZfSL6rtQgk4VLDZp0hwA vqsop9lF24V0EW07xV2cj8qqQa/tYgLf/woBy03g9+2LT2DwlFSgjYvdN+3zA4sB +60IHausON8GB+7DnOjc5yT+KBHoTpPJjAvl2qWoGIpKJqL39pYT17P8fFiI56bt 5uVjK1H67LfwHexjfZPcF2bM88vpjJRF9hFML4MsvkjMnlIRNxswbPSt3Xt4y6CA Ec6GLNTDbLFBrts+Eb67g8SKPVRXLrzSPMP+jdHF/RuVrBrQNKgJZQetULbkqrYM eX96Cwv837Ep7471eInW7XYS2zZ4gVAA4aTCnlV3EIF2Ni0p8TguZCvAL8mUVS2C NrYlUIrMTTU3wLbYYa6D52MqnnG9PJTGZp8/bC/da7U439rQs+/8PyvIXYGzZKcg XXQ+6VRMAdDhXPsnFPBOS6HhUT2VRsKAjBz3MKUlbFqys7zG2Aji79GndyHVyCyT QRfcmXq5Lnrz =6GdT -----END PGP SIGNATURE-----
