-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 01 Jun 2024 11:24:36 +0200 Source: linux Architecture: source Version: 5.10.218-1 Distribution: bullseye-security Urgency: high Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 1068365 Changes: linux (5.10.218-1) bullseye-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.217 - [arm64,armhf] dmaengine: pl330: issue_pending waits until WFP state - dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" - wifi: nl80211: don't free NULL coalescing rule - eeprom: at24: Use dev_err_probe for nvmem register failure - eeprom: at24: Probe for DDR3 thermal sensor in the SPD case - eeprom: at24: fix memory corruption race condition (CVE-2024-35848) - [armhf] pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T - [arm64] pinctrl/meson: fix typo in PDM's pin name - pinctrl: core: delete incorrect free in pinctrl_enable() - sunrpc: add a struct rpc_stats arg to rpc_create_args - nfs: expose /proc/net/sunrpc/nfs in net namespaces - nfs: make the rpc_stat per net namespace - nfs: Handle error of rpc_proc_register() in nfs_net_init(). - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() - [s390x] mm: Fix storage key clearing for guest huge pages - [s390x] mm: Fix clearing storage keys for huge pages - bna: ensure the copied buf is NUL terminated - nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). - net l2tp: drop flow hash on forward - [s390x] vdso: Add CFI for RA register to asm macro vdso_func - net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() - net: qede: use return from qede_parse_flow_attr() for flower - net: qede: use return from qede_parse_flow_attr() for flow_spec - net: qede: use return from qede_parse_actions() - cxgb4: Properly lock TX queue for the selftest. - [arm64,armhf] net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 - net: bridge: fix multicast-to-unicast with fraglist GSO - net: core: reject skb_copy(_expand) for fraglist GSO skbs - net: gro: add flush check in udp_gro_receive_segment - [arm64] clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change - [arm64] KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id - [arm64] KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() - scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic - gfs2: Fix invalid metadata access in punch_hole - wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc - wifi: cfg80211: fix rdev_dump_mpp() arguments order - net: mark racy access on sk->sk_rcvbuf - scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload - btrfs: return accurate error code on open failure in open_fs_devices() - ALSA: line6: Zero-initialize message buffers - net: bcmgenet: Reset RBUF on first open - ata: sata_gemini: Check clk_enable() result - firewire: ohci: mask bus reset interrupts between ISR and bottom half - btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve - btrfs: always clear PERTRANS metadata during commit - scsi: target: Fix SELinux error when systemd-modules loads the target module - blk-iocost: avoid out of bounds shift - [arm64,armhf] gpu: host1x: Do not setup DMA for virtual devices - [mips64el,mipsel]: scall: Save thread_info.syscall unconditionally on entry (Closes: #1068365) - fs/9p: only translate RWX permissions for plain 9P2000 - fs/9p: translate O_TRUNC into OTRUNC - 9p: explicitly deny setlease attempts - gpio: wcove: Use -ENOTSUPP consistently - gpio: crystalcove: Use -ENOTSUPP consistently - clk: Don't hold prepare_lock when calling kref_put() - fs/9p: drop inodes immediately on non-.L too - drm/nouveau/dp: Don't probe eDP ports twice harder - net:usb:qmi_wwan: support Rolling modules - xfrm: Preserve vlan tags for transport mode software GRO - tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets - tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). - Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (CVE-2024-27398) - Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (CVE-2024-27399) - rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation - [x86] hwmon: (corsair-cpro) Use a separate buffer for sending commands - [x86] hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() - [x86] hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock - phonet: fix rtm_phonet_notify() skb allocation - kcov: Remove kcov include from sched.h and move it to its users. - net: bridge: fix corrupted ethernet header on multicast-to-unicast - ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() - [arm64] net: hns3: use appropriate barrier function after setting a bit value - btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() - firewire: nosy: ensure user_length is taken into account when fetching packet contents (CVE-2024-27401) - [arm64] dts: qcom: Fix 'interrupt-map' parent address cells - usb: typec: ucsi: Check for notifications after init - usb: typec: ucsi: Fix connector check on init - usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device - usb: ohci: Prevent missed ohci interrupts - usb: gadget: composite: fix OS descriptors w_value logic - usb: gadget: f_fs: Fix a race condition when processing setup packets. - usb: xhci-plat: Don't include xhci.h - usb: dwc3: core: Prevent phy suspend during init - ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU - iio:imu: adis16475: Fix sync mode setting - iio: accel: mxc4005: Interrupt handling fixes - net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() - dyndbg: fix old BUG_ON in >control parser - mei: me: add lunar lake point M DID - drm/vmwgfx: Fix invalid reads in fence signaled events - net: fix out-of-bounds access in ops_init - regulator: core: fix debugfs creation regression - keys: Fix overwrite of key expiration on instantiation - md: fix kmemleak of rdev->serial (CVE-2024-26900) https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.218 - pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() - [x86] xen: Drop USERGS_SYSRET64 paravirt call - [arm64] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access - [arm64] net: bcmgenet: synchronize UMAC_CMD access - ima: fix deadlock when traversing "ima_default_rules". - netlink: annotate lockless accesses to nlk->max_recvmsg_len - [x86] KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection - firmware: arm_scmi: Harden accesses to the reset domains (CVE-2022-48655) - mptcp: ensure snd_nxt is properly initialized on connect - btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() - drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() (CVE-2023-52585) - usb: typec: ucsi: displayport: Fix potential deadlock - serial: kgdboc: Fix NMI-safety problems from keyboard reset code - docs: kernel_include.py: Cope with docutils 0.21 . [ Salvatore Bonaccorso ] * Bump ABI to 30 Checksums-Sha1: 3d646b6226bb63236f4e14f16b01333d044a978d 205890 linux_5.10.218-1.dsc dc5f727fed17982e90cedcfe160c5ab3fe019206 121946232 linux_5.10.218.orig.tar.xz bd86a886948f858e69b17116b7bc6894dfbd4de6 1669672 linux_5.10.218-1.debian.tar.xz 16249d386518106424c894b27e4977978dad1e56 6815 linux_5.10.218-1_source.buildinfo Checksums-Sha256: fc0020c86209e345b13767cbb95be68760f821c4bac474b354ddbb52157e8a4b 205890 linux_5.10.218-1.dsc f04ed0fa9bbfb5602b1c2227b993ae104bcdabb6803b69178129ad77b5191f3f 121946232 linux_5.10.218.orig.tar.xz 37e7dc1bd2c06052e23f7621e53d3f565f722b4f209bf01af71eacdc609cfbb5 1669672 linux_5.10.218-1.debian.tar.xz f0848ca0c822a0a43b740d03c79dbde7137bfa4d8dfd90620f3359fc5a83e220 6815 linux_5.10.218-1_source.buildinfo Files: 0dfd34533c9a9938d32e7db006dda8bc 205890 kernel optional linux_5.10.218-1.dsc 2348f072dfeba490bc837f3fb16756f4 121946232 kernel optional linux_5.10.218.orig.tar.xz b316821467a1d1dd06b13b4e31ed384c 1669672 kernel optional linux_5.10.218-1.debian.tar.xz 7a73b934e1a325b1ba7ab8d885f97d1d 6815 kernel optional linux_5.10.218-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZa6UpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E2mMP/2iLrAMcBzrWTVt9NN9m1DWZ3agVrKpQ BNavnQRBsGB12zStWmPLXdoWY2HqyA4sLmH2An5efI6vhmt8ROgBqaDDRUqm1CBw VRvUVjrKh8v6JOGdx71aJxUYsXrByfBZtctwVZzyQmvYW4FQ0frjtXBKJXJebKaU Eit9jsTiSYvwr0j9NjLtteckE7ZPDL3ho/d8stMAoc+4DS6gwLH3zSlJZNVztfGU Ead5uPXTGVIPqXm3KMQDkc3b3kG4s2veb4NTmBvGK5rg+IRaK8xqOP6UmbqNMtOh 0SpwuTlyo5EiwVv13AAU+X0x6e8h1W6Ulw4XVX7lWZASU+mR0uvq0Yk0k7wON8es NvqZ9iISpbrFU+cOUhhTYMgLpHQgtVHRseSI1d4q2Akaq064AV0k2LQUgOqlROEI oOtOIjqLo3ccTxsOk1/WneMg+ll3/eIW7Y58kd/1CY+aXhKyQVArbB8l41qap4Pm izUB1sioJhXjqSaqy3NN7rk9+Rmp9KmuJN7mCq2PaItOxpaCQj173lC+cFZ2L4e2 l7mk4fV7QCAEZ5j7SyEKMXA1xG5NDIZgsUqgboAf2/cb1Mqs0Edji/fpXeVNO6q9 gVkJi666S6Vm4alnDreuuLpJJm5HQEKx0DVeOonKruQrox1CoeiyUUOtOYg4Fvdv tNl/at2BBvvv =0dpp -----END PGP SIGNATURE-----