Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted linux-signed-i386 5.10.251+1 (source) into oldoldstable-security
Date: Fri, 13 Mar 2026 10:50:24 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 09 Mar 2026 12:26:03 +0100
Source: linux-signed-i386
Architecture: source
Version: 5.10.251+1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <benh@debian.org>
Changes:
 linux-signed-i386 (5.10.251+1) bullseye-security; urgency=high
 .
   * Sign kernel from linux 5.10.251-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.250
     - rbd: check for EOD after exclusive lock is ensured to be held
     - KVM: Don't clobber irqfd routing type when deassigning irqfd
       (CVE-2026-23198)
     - netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
       (CVE-2025-38201)
     - binderfs: fix ida_alloc_max() upper bound
     - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined
       (CVE-2025-71224)
     - wifi: wlcore: ensure skb headroom before skb_push (CVE-2025-71222)
     - net: usb: sr9700: support devices with virtual driver CD
     - block,bfq: fix aux stat accumulation destination
     - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL
     - [amd64] HID: intel-ish-hid: Reset enum_devices_done before enumeration
     - [x86] ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk
     - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list
     - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101)
     - ring-buffer: Avoid softlockup in ring_buffer_resize() during memory free
     - wifi: mac80211: collect station statistics earlier when disconnect
     - wifi: cfg80211: Fix bitrate calculation overflow for HE rates
     - scsi: target: iscsi: Fix use-after-free in
       iscsit_dec_session_usage_count() (CVE-2026-23193)
     - scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
       (CVE-2026-23216)
     - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice
     - [x86] platform/x86: toshiba_haps: Fix memory leaks in add/remove routines
       (CVE-2026-23176)
     - [x86] platform/x86: intel_telemetry: Fix PSS event register mask
     - net: liquidio: Initialize netdev pointer before queue setup
     - net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup
     - net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup
     - macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209)
     - tipc: use kfree_sensitive() for session key material
     - [armhf] hwmon: (occ) Mark occ_init_attribute() as __printf
     - nvmet-tcp: add an helper to free the cmd buffers
     - nvmet-tcp: fix memory leak when performing a controller reset
     - nvmet-tcp: fix regression in data_digest calculation
     - nvmet-tcp: don't map pages which can't come from HIGHMEM
     - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
       (CVE-2026-23112)
     - [amd64] ASoC: amd: fix memory leak in acp3x pdm dma ops (CVE-2026-23190)
     - [x86] platform/x86: intel_telemetry: Fix swapped arrays in PSS output
     - gve: Fix stats report corruption on queue count change
     - tracing: Fix ftrace event field alignments
     - gve: Correct ethtool rx_dropped calculation
     - nvmet-tcp: pass iov_len instead of sg->length to bvec_set_page()
     https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.251
     - [armhf] crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists
       correctly (CVE-2026-23222)
     - crypto: virtio - Add spinlock protection with virtqueue notification
       (CVE-2026-23229)
     - nilfs2: Fix potential block overflow that cause system hang
       (CVE-2025-71237)
     - scsi: qla2xxx: Delay module unload while fabric scan in progress
       (CVE-2025-71235)
     - scsi: qla2xxx: Query FW again before proceeding with login
     - [armhf] gpio: omap: do not register driver in probe()
     - [x86] ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU
     - romfs: check sb_set_blocksize() return value (CVE-2026-23238)
     - [x86] platform/x86: classmate-laptop: Add missing NULL pointer checks
       (CVE-2026-23237)
     - gpiolib: acpi: Fix gpio count with string references
     - fs: dlm: fix invalid derefence of sb_lvbptr (CVE-2022-50516)
     - crypto: virtio - Remove duplicated virtqueue_kick in
       virtio_crypto_skcipher_crypt_req
     - scsi: qla2xxx: Validate sp before freeing associated memory
       (CVE-2025-71236)
     - scsi: qla2xxx: Free sp in error path to fix system crash (CVE-2025-71232)
     - scsi: qla2xxx: Fix bsg_done() causing double free (CVE-2025-71238)
     - fbdev: smscufx: properly copy ioctl memory to kernelspace
       (CVE-2026-23236)
     - f2fs: fix out-of-bounds access in sysfs attribute read/write
       (CVE-2026-23235)
     - f2fs: fix to avoid UAF in f2fs_write_end_io() (CVE-2026-23234)
     - USB: serial: option: add Telit FN920C04 RNDIS compositions
 .
   [ Ben Hutchings ]
   * [armhf] Revert "ARM: 9468/1: fix memset64() on big-endian"
   * ip6_tunnel: Fix usage of skb_vlan_inet_prepare() (Closes: #1127597)
   * CI: Delete support for ccache, which was removed from common pipeline
   * CI: Update build job to work after another common pipeline change
   * [rt] Update to 5.10.251-rt146
 .
   [ Salvatore Bonaccorso ]
   * apparmor: fix kernel-doc complaints
   * apparmor: Fix kernel-doc warnings in apparmor/policy.c
   * apparmor: validate DFA start states are in bounds in unpack_pdb
   * apparmor: fix memory leak in verify_header
   * apparmor: replace recursive profile removal with iterative approach
   * apparmor: fix: limit the number of levels of policy namespaces
   * apparmor: fix side-effect bug in match_char() macro usage
   * apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
   * apparmor: Fix double free of ns_name in aa_replace_profiles()
   * apparmor: fix unprivileged local user can do privileged policy management
   * apparmor: fix differential encoding verification
   * apparmor: fix race on rawdata dereference
   * apparmor: fix race between freeing data and fs accessing it
Checksums-Sha1:
 2636804245ab662f2290a18c88a8f93ca48bba27 13657 linux-signed-i386_5.10.251+1.dsc
 3938c2618a1c9d49f2d05e77c613d3dd2dbf7525 634684 linux-signed-i386_5.10.251+1.tar.xz
Checksums-Sha256:
 7d5658eb89997f8440b41d1aa59a6b9219701eb91a64dbe24b10999094af3901 13657 linux-signed-i386_5.10.251+1.dsc
 280ec024e1d3f3f167b7e51eeedda30083828af3feae36f39551e06d862d6dad 634684 linux-signed-i386_5.10.251+1.tar.xz
Files:
 5361559c8ab028aa2cf9990833fa4fe7 13657 kernel optional linux-signed-i386_5.10.251+1.dsc
 ddbf1b00f8304e77eaad3e8f6e8dc352 634684 kernel optional linux-signed-i386_5.10.251+1.tar.xz

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQSInBJdRTWyTRy0ztFCTVFtUgONCgUCabPfzwAKCRBCTVFtUgON
ClrwAQDgeQTZmGkczLUB05G0m05zbpREFTr91AmpuCp8V9Ee8gEA84O+XJ5LUfox
sQH7z21BT0i1+gtWoG+TLhwfIfHFKwk=
=NDxm
-----END PGP SIGNATURE-----
News for package linux-signed-i386
