-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 21 Jan 2023 15:35:48 +0100
Source: linux-signed-amd64
Architecture: source
Version: 5.10.162+1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Changes:
linux-signed-amd64 (5.10.162+1) bullseye-security; urgency=high
.
* Sign kernel from linux 5.10.162-1
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.159
- [armhf] dts: rockchip: fix node name for hym8563 rtc
- [armhf] dts: rockchip: fix ir-receiver node names
- [arm64] dts: rockchip: fix ir-receiver node names
- [armel,armhf] 9266/1: mm: fix no-MMU ZERO_PAGE() implementation
- 9p/fd: Use P9_HDRSZ for header size
- ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event
- btrfs: send: avoid unaligned encoded writes when attempting to clone range
- ASoC: soc-pcm: Add NULL check in BE reparenting
- [armhf] regulator: twl6030: fix get status of twl6032 regulators
- fbcon: Use kzalloc() in fbcon_prepare_logo()
- [arm64,armhf] usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End
Transfer
- 9p/xen: check logical size for buffer size
- net: usb: qmi_wwan: add u-blox 0x1342 composition
- mm/khugepaged: take the right locks for page table retraction
- mm/khugepaged: fix GUP-fast interaction by sending IPI
- mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
- rtc: mc146818: Prevent reading garbage
- rtc: mc146818: Detect and handle broken RTCs
- rtc: mc146818: Dont test for bit 0-5 in Register D
- rtc: cmos: remove stale REVISIT comments
- rtc: mc146818-lib: change return values of mc146818_get_time()
- rtc: Check return value from mc146818_get_time()
- rtc: mc146818-lib: fix RTC presence check
- rtc: mc146818-lib: extract mc146818_avoid_UIP
- rtc: cmos: avoid UIP when writing alarm time
- rtc: cmos: avoid UIP when reading alarm time
- rtc: cmos: Replace spin_lock_irqsave with spin_lock in hard IRQ
- rtc: mc146818: Reduce spinlock section in mc146818_set_time()
- media: videobuf2-core: take mmap_lock in vb2_get_unmapped_area()
- media: v4l2-dv-timings.c: fix too strict blanking sanity checks
- memcg: fix possible use-after-free in memcg_write_event_control()
- mm/gup: fix gup_pud_range() for dax
- Bluetooth: btusb: Add debug message for CSR controllers
- Bluetooth: Fix crash when replugging CSR fake controllers
- [s390x] KVM: s390: vsie: Fix the initialization of the epoch extension
(epdx) field
- [x86] drm/vmwgfx: Don't use screen objects when SEV is active
- drm/shmem-helper: Remove errant put in error path
- drm/shmem-helper: Avoid vm_open error paths
- HID: usbhid: Add ALWAYS_POLL quirk for some mice
- HID: hid-lg4ff: Add check for empty lbuf
- HID: core: fix shift-out-of-bounds in hid_report_raw_event
- can: af_can: fix NULL pointer dereference in can_rcv_filter
- mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page
(CVE-2022-3623)
- rtc: cmos: Disable irq around direct invocation of cmos_interrupt()
- rtc: mc146818-lib: fix locking in mc146818_set_time
- rtc: mc146818-lib: fix signedness bug in mc146818_get_time()
- netfilter: nft_set_pipapo: Actually validate intervals in fields after the
first one
- ieee802154: cc2520: Fix error return code in cc2520_hw_init()
- netfilter: ctnetlink: fix compilation warning after data race fixes in ct
mark
- e1000e: Fix TX dispatch condition
- igb: Allocate MSI-X vector when testing
- [arm64,armhf] drm: bridge: dw_hdmi: fix preference of RGB modes over
YUV420
- af_unix: Get user_ns from in_skb in unix_diag_get_exact().
- [x86] vmxnet3: correctly report encapsulated LRO packet
- Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn()
- Bluetooth: Fix not cleanup led when bt_init fails
- mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
- xen-netfront: Fix NULL sring after live migration
- [arm64,armhf] net: mvneta: Prevent out of bounds read in
mvneta_config_rss()
- i40e: Fix not setting default xps_cpus after reset
- i40e: Fix for VF MAC address 0
- i40e: Disallow ip4 and ip6 l4_4_bytes
- nvme initialize core quirks before calling nvme_init_subsystem
- net: stmmac: fix "snps,axi-config" node property parsing
- ip_gre: do not report erspan version on GRE interface
- [arm64] net: thunderx: Fix missing destroy_workqueue of nicvf_rx_mode_wq
- [arm64] net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
- [arm64] net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
- tipc: Fix potential OOB in tipc_link_proto_rcv()
- ipv4: Fix incorrect route flushing when source address is deleted
- ipv4: Fix incorrect route flushing when table ID 0 is used
- tipc: call tipc_lxc_xmit without holding node_read_lock
- [x86] net: plip: don't call kfree_skb/dev_kfree_skb() under
spin_lock_irq()
- ipv6: avoid use-after-free in ip6_fragment()
- [arm64,armhf] net: mvneta: Fix an out of bounds check
- macsec: add missing attribute validation for offload
- can: esd_usb: Allow REC and TEC to return to zero
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.160
- [x86] smpboot: Move rcu_cpu_starting() earlier
- vfs: fix copy_file_range() regression in cross-fs copies
- vfs: fix copy_file_range() averts filesystem freeze protection
- nfp: fix use-after-free in area_cache_get() (CVE-2022-3545)
- fuse: always revalidate if exclusive create
- io_uring: add missing item types for splice request (CVE-2022-4696)
- ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
- can: mcba_usb: Fix termination command argument
- [armel,armhf] ASoC: cs42l51: Correct PGA Volume minimum value
- nvme-pci: clear the prp2 field when not used
- ASoC: ops: Correct bounds check for second channel on SX controls
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.161
- udf: Discard preallocation before extending file with a hole
- udf: Fix preallocation discarding at indirect extent boundary
- udf: Do not bother looking for prealloc extents if i_lenExtents matches
i_size
- udf: Fix extending file within last block
- usb: gadget: uvc: Prevent buffer overflow in setup handler
- USB: serial: option: add Quectel EM05-G modem
- USB: serial: cp210x: add Kamstrup RF sniffer PIDs
- USB: serial: f81232: fix division by zero on line-speed change
- USB: serial: f81534: fix division by zero on line-speed change
- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N
- igb: Initialize mailbox message for VF reset
- HID: ite: Add support for Acer S1002 keyboard-dock
- HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch 10E
- HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10
- HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk
- Bluetooth: L2CAP: Fix u8 overflow (CVE-2022-45934)
- net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.162
- kernel: provide create_io_thread() helper
- iov_iter: add helper to save iov_iter state
- saner calling conventions for unlazy_child()
- fs: add support for LOOKUP_CACHED
- fix handling of nd->depth on LOOKUP_CACHED failures in try_to_unlazy*
- Make sure nd->path.mnt and nd->path.dentry are always valid pointers
- fs: expose LOOKUP_CACHED through openat2() RESOLVE_CACHED
- tools headers UAPI: Sync openat2.h with the kernel sources
- net: provide __sys_shutdown_sock() that takes a socket
- net: add accept helper not installing fd
- signal: Add task_sigpending() helper
- fs: make do_renameat2() take struct filename
- file: Rename __close_fd_get_file close_fd_get_file
- fs: provide locked helper variant of close_fd_get_file()
- entry: Add support for TIF_NOTIFY_SIGNAL
- task_work: Use TIF_NOTIFY_SIGNAL if available
- [x86] Wire up TIF_NOTIFY_SIGNAL
- [arm64] add support for TIF_NOTIFY_SIGNAL
- [powerpc*] add support for TIF_NOTIFY_SIGNAL
- [mips*] add support for TIF_NOTIFY_SIGNAL
- [s390x] add support for TIF_NOTIFY_SIGNAL
- [armel,armhf] add support for TIF_NOTIFY_SIGNAL
- task_work: remove legacy TWA_SIGNAL path
- kernel: remove checking for TIF_NOTIFY_SIGNAL
- coredump: Limit what can interrupt coredumps
- kernel: allow fork with TIF_NOTIFY_SIGNAL pending
- entry/kvm: Exit to user mode when TIF_NOTIFY_SIGNAL is set
- arch: setup PF_IO_WORKER threads like PF_KTHREAD
- arch: ensure parisc/powerpc handle PF_IO_WORKER in copy_thread()
- [x86] process: setup io_threads more like normal user space threads
- kernel: stop masking signals in create_io_thread()
- kernel: don't call do_exit() for PF_IO_WORKER threads
- task_work: add helper for more targeted task_work canceling
- io_uring: import 5.15-stable io_uring
- signal: kill JOBCTL_TASK_WORK
- task_work: unconditionally run task_work from get_signal()
- net: remove cmsg restriction from io_uring based send/recvmsg calls
- Revert "proc: don't allow async path resolution of /proc/thread-self
components"
- Revert "proc: don't allow async path resolution of /proc/self components"
- eventpoll: add EPOLL_URING_WAKE poll wakeup flag
- eventfd: provide a eventfd_signal_mask() helper
- io_uring: pass in EPOLL_URING_WAKE for eventfd signaling and wakeups
.
[ Salvatore Bonaccorso ]
* linux-kbuild: Include scripts/pahole-flags.sh (Closes: #1008501)
* Bump ABI to 21
* Refresh "Export symbols needed by Android drivers"
* ASoC: Intel/SOF: use set_stream() instead of set_tdm_slots() for HDAudio
(Closes: #1027430, #1027483)
* ASoC/SoundWire: dai: expand 'stream' concept beyond SoundWire
(Closes: #1027430, #1027483)
* [rt] Update to 5.10.162-rt78
* i2c: ismt: Fix an out-of-bounds bug in ismt_access() (CVE-2022-2873)
* [x86] drm/vmwgfx: Validate the box size for the snooped cursor
(CVE-2022-36280)
* media: dvb-core: Fix UAF due to refcount races at releasing (CVE-2022-41218)
* net: sched: disallow noqueue for qdisc classes (CVE-2022-47929)
* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
(CVE-2023-0266)
* net: sched: cbq: dont intepret cls results when asked to drop
(CVE-2023-23454)
* net: sched: atm: dont intepret cls results when asked to drop
(CVE-2023-23455)
* netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits
(CVE-2023-0179)
* ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
(CVE-2023-0394)
* [rt] arm64: make _TIF_WORK_MASK bits contiguous
.
[ Ben Hutchings ]
* Disable SECURITY_LOCKDOWN_LSM and MODULE_SIG where we don't sign code
(Closes: #825141)
Checksums-Sha1:
66727c33a7e8c463264ade25dd1afbe418ef6472 8609 linux-signed-amd64_5.10.162+1.dsc
17a6fceeed22ae9d38376152459c45f1be2e332f 2819648 linux-signed-amd64_5.10.162+1.tar.xz
Checksums-Sha256:
e5d7486674933035a693594bf022ba09bd92ded3e9130dc7cd461c2f7cb1c33f 8609 linux-signed-amd64_5.10.162+1.dsc
46beabb28af67282b9e630b7e0e9cf954a3aeaba0d2231f8a7b5cc84716393f1 2819648 linux-signed-amd64_5.10.162+1.tar.xz
Files:
d82c199514690dfc98b00891f71c33ec 8609 kernel optional linux-signed-amd64_5.10.162+1.dsc
c2ebbdd3d507bb27392b6ffcee17d331 2819648 kernel optional linux-signed-amd64_5.10.162+1.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmPMrdIACgkQi0FRiLdO
Nzb4hw/8DraGx2qjAWH33B6b8QRxB3V2AQP3Ge2dHmIyf58yg7HsZxX5FS+8Csxs
iqabHp66LT2zKfTKWEXZKs7jOssVHHQreuWoP8BNBsyyf22dpa7ho/ChpV1nXfip
QDYcR1A82o8TKsuhbYiFvMrV7gIp2ypDxZDvoy0eoCoxjhtZIA/wm1DzP9JYIqZw
3iOquY+49O77D+s21sfFMKX43aDMnSvO8JgCBPtmA+rTFX5EctVeGxzAOtbAfwSl
jTCbN9/6+liug63k2C8JNkSgJ+NBCx4cwmLiVjIsuxX/7ygqIEWMnFcs0ojV46aC
o2c38JJv4gXFR7MrESTDKE4AlfQ2ImKgxiQPl/37ABykB19SoJOwFIM0PjNIAjo/
pTGcaSJHSS75okGvUzJKLdbi2tg7sY5LUkwxTQU31z0n3uyyn/7mnty0EHUA/ZEl
xMPiBlvos9cwdSRFuT2WPy4+1yk3J7x3rhn3smKNh/2n0L/jFUQqipVZ56jSa9h+
7H075lYDexrppW32vbHfbzU6qW4O3DkBHDYvZG90N2FedSLl/mMXvNJ93eb7pN6L
3rzoxXXTfKqexi08ICgu2KJQFN9fjDFb13coCQSma3RxJvZ4MBXXgyZhTfTU7psX
qFhG23NK3u1NwSls8Vw5f4C5ov+XAjrKtadsZa90skTQnPbRpKw=
=fAkS
-----END PGP SIGNATURE-----
