Accepted linux 5.10.251-1 (source) into oldoldstable-security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 09 Mar 2026 12:26:03 +0100
Source: linux
Architecture: source
Version: 5.10.251-1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <benh@debian.org>
Closes: 1127597
Changes:
 linux (5.10.251-1) bullseye-security; urgency=high
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.250
     - rbd: check for EOD after exclusive lock is ensured to be held
     - KVM: Don't clobber irqfd routing type when deassigning irqfd
       (CVE-2026-23198)
     - netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
       (CVE-2025-38201)
     - binderfs: fix ida_alloc_max() upper bound
     - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined
       (CVE-2025-71224)
     - wifi: wlcore: ensure skb headroom before skb_push (CVE-2025-71222)
     - net: usb: sr9700: support devices with virtual driver CD
     - block,bfq: fix aux stat accumulation destination
     - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL
     - [amd64] HID: intel-ish-hid: Reset enum_devices_done before enumeration
     - [x86] ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk
     - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list
     - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101)
     - ring-buffer: Avoid softlockup in ring_buffer_resize() during memory free
     - wifi: mac80211: collect station statistics earlier when disconnect
     - wifi: cfg80211: Fix bitrate calculation overflow for HE rates
     - scsi: target: iscsi: Fix use-after-free in
       iscsit_dec_session_usage_count() (CVE-2026-23193)
     - scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
       (CVE-2026-23216)
     - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice
     - [x86] platform/x86: toshiba_haps: Fix memory leaks in add/remove routines
       (CVE-2026-23176)
     - [x86] platform/x86: intel_telemetry: Fix PSS event register mask
     - net: liquidio: Initialize netdev pointer before queue setup
     - net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup
     - net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup
     - macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209)
     - tipc: use kfree_sensitive() for session key material
     - [armhf] hwmon: (occ) Mark occ_init_attribute() as __printf
     - nvmet-tcp: add an helper to free the cmd buffers
     - nvmet-tcp: fix memory leak when performing a controller reset
     - nvmet-tcp: fix regression in data_digest calculation
     - nvmet-tcp: don't map pages which can't come from HIGHMEM
     - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
       (CVE-2026-23112)
     - [amd64] ASoC: amd: fix memory leak in acp3x pdm dma ops (CVE-2026-23190)
     - [x86] platform/x86: intel_telemetry: Fix swapped arrays in PSS output
     - gve: Fix stats report corruption on queue count change
     - tracing: Fix ftrace event field alignments
     - gve: Correct ethtool rx_dropped calculation
     - nvmet-tcp: pass iov_len instead of sg->length to bvec_set_page()
     https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.251
     - [armhf] crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists
       correctly (CVE-2026-23222)
     - crypto: virtio - Add spinlock protection with virtqueue notification
       (CVE-2026-23229)
     - nilfs2: Fix potential block overflow that cause system hang
       (CVE-2025-71237)
     - scsi: qla2xxx: Delay module unload while fabric scan in progress
       (CVE-2025-71235)
     - scsi: qla2xxx: Query FW again before proceeding with login
     - [armhf] gpio: omap: do not register driver in probe()
     - [x86] ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU
     - romfs: check sb_set_blocksize() return value (CVE-2026-23238)
     - [x86] platform/x86: classmate-laptop: Add missing NULL pointer checks
       (CVE-2026-23237)
     - gpiolib: acpi: Fix gpio count with string references
     - fs: dlm: fix invalid derefence of sb_lvbptr (CVE-2022-50516)
     - crypto: virtio - Remove duplicated virtqueue_kick in
       virtio_crypto_skcipher_crypt_req
     - scsi: qla2xxx: Validate sp before freeing associated memory
       (CVE-2025-71236)
     - scsi: qla2xxx: Free sp in error path to fix system crash (CVE-2025-71232)
     - scsi: qla2xxx: Fix bsg_done() causing double free (CVE-2025-71238)
     - fbdev: smscufx: properly copy ioctl memory to kernelspace
       (CVE-2026-23236)
     - f2fs: fix out-of-bounds access in sysfs attribute read/write
       (CVE-2026-23235)
     - f2fs: fix to avoid UAF in f2fs_write_end_io() (CVE-2026-23234)
     - USB: serial: option: add Telit FN920C04 RNDIS compositions
 .
   [ Ben Hutchings ]
   * [armhf] Revert "ARM: 9468/1: fix memset64() on big-endian"
   * ip6_tunnel: Fix usage of skb_vlan_inet_prepare() (Closes: #1127597)
   * CI: Delete support for ccache, which was removed from common pipeline
   * CI: Update build job to work after another common pipeline change
   * [rt] Update to 5.10.251-rt146
 .
   [ Salvatore Bonaccorso ]
   * apparmor: fix kernel-doc complaints
   * apparmor: Fix kernel-doc warnings in apparmor/policy.c
   * apparmor: validate DFA start states are in bounds in unpack_pdb
   * apparmor: fix memory leak in verify_header
   * apparmor: replace recursive profile removal with iterative approach
   * apparmor: fix: limit the number of levels of policy namespaces
   * apparmor: fix side-effect bug in match_char() macro usage
   * apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
   * apparmor: Fix double free of ns_name in aa_replace_profiles()
   * apparmor: fix unprivileged local user can do privileged policy management
   * apparmor: fix differential encoding verification
   * apparmor: fix race on rawdata dereference
   * apparmor: fix race between freeing data and fs accessing it
Checksums-Sha1:
 e34cbd7e2a375272d496a1d1f515eb64519532ee 209429 linux_5.10.251-1.dsc
 4eb6fc52d0275cb73f77c7303bf9751d0528a910 122143548 linux_5.10.251.orig.tar.xz
 d908a9078a357c3fdc2807324abadefe00b8e1e1 1794760 linux_5.10.251-1.debian.tar.xz
 c33b6010dbde2de54ad872d12e556db5b0451db1 6215 linux_5.10.251-1_source.buildinfo
Checksums-Sha256:
 99eb045af1b72195eff8865032c1612f0cae96c78b9c0622e384acc50f0a4e2e 209429 linux_5.10.251-1.dsc
 706a020b79d01b7a14fe639554fcf6adcd93b81e4c3194218f5c8c523ef9a753 122143548 linux_5.10.251.orig.tar.xz
 0666875fb2facc9c141d91085e6fd731064fc04327512f402c9d1d77d7d0510a 1794760 linux_5.10.251-1.debian.tar.xz
 4a9c5f763391599ce7669498394ad0effd6a9c2a331ff7bc032c9e14a0dfb36c 6215 linux_5.10.251-1_source.buildinfo
Files:
 6800b1e31fd2fd05ccd77e7374fa5990 209429 kernel optional linux_5.10.251-1.dsc
 07c0163109b8263be1918e8861498a9a 122143548 kernel optional linux_5.10.251.orig.tar.xz
 44aab2e94107c7153efb6b3620f225d7 1794760 kernel optional linux_5.10.251-1.debian.tar.xz
 7405ee77e36de5a06e8b9aedf9bda093 6215 kernel optional linux_5.10.251-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAmmzHpgACgkQ57/I7JWG
EQnctxAAsnfIAFkK0lvdy2gVcxk+viacefDvJe1tewQ7T8GSJJMR43ak1uQ6PE/W
tP9huSej6dgVA2ZWpfgQI7AuzqRuGx4wDTZ9ZvzgPrKYiH7JHL9uArYjhs3xgLwt
ByL1Jhhc4WiLJN++QCUDlCz2l++7YfE7IYdchMQiGYGTv5jRre+pVzGe3vrTr/OH
BPW8FUxsns8QV4LbWbhnWUHU7gc1hTsP7EsTbnd+ImQuyzw/T6N7ZY/Ci3M9IOOI
VwDswwnlWuULdGyxhaRGdRPePk9eEiK6ArJXL7JE9kavrg5L/Gv09nZVylbbs8vX
ApOLsbGR6FVGepgjoIBZPMAqVFLaGxqtTztICjUZh0lvi/hR1d2Lad0aSd9LPGhr
rn6ZPEuIMFE8TSYL/+GMCD0B7bg0A4WaeA6LSJ4+ir8jg55VEkanUgayK0ejWsSx
CrKfon2Iw4wgedqOd0oqxTEJIq68K4YYzeTfWpSIVQd+5q4BIyZazKqkb2cv58GK
DgyuM2xwVHldh/H8XyeVsRtaiOM8c4RYoHg0TOVQFhId7kCCrkvENnj5kDMck/tU
npOnj7sz/keAKUrwPSZQax4s6VZbixWAP+x5PtDQ8vdaSkt2cG7Vyqzn+HXfRdhg
0u6jaR5ytzMuTmd5o6ZAjrXwcaN84Hc18u1JuWLttuZYbPzWM4A=
=dcdC
-----END PGP SIGNATURE-----