-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 15 May 2026 08:13:13 +0200 Source: linux Architecture: source Version: 7.0.7-1 Distribution: unstable Urgency: high Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 1119093 1131025 Changes: linux (7.0.7-1) unstable; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v7.x/ChangeLog-7.0.5 https://www.kernel.org/pub/linux/kernel/v7.x/ChangeLog-7.0.6 https://www.kernel.org/pub/linux/kernel/v7.x/ChangeLog-7.0.7 - scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show() - ipmi: Add limits to event and receive message requests - ipmi: Check event message buffer response for bad data - ipmi:si: Return state to normal if message allocation fails - fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free - [arm64] ACPI: arm64: cpuidle: Tolerate platforms with no deep PSCI idle states - ACPI: scan: Use acpi_dev_put() in object add error paths - ACPI: video: Add backlight=native quirk for Dell OptiPlex 7770 AIO - ACPI: CPPC: Fix related_cpus inconsistency during CPU hotplug - ACPI: video: force native backlight on HP OMEN 16 (8A44) - tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func() - iommufd: Fix a race with concurrent allocation and unmap - ASoC: SOF: Don't allow pointer operations on unconfigured streams - wifi: mt76: mt7925: fix incorrect TLV length in CLC command - [arm64,armhf] spi: rockchip: fix controller deregistration - ksmbd: rewrite stop_sessions() with restartable iteration - [amd64] KVM: x86: Fix shadow paging use-after-free due to unexpected GFN - flow_dissector: do not dissect PPPoE PFC frames - smb: client/smbdirect: fix MR registration for coalesced SG lists - net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked - exit: prevent preemption of oopsing TASK_DEAD task - wifi: mt76: mt7925: fix AMPDU state handling in mt7925_tx_check_aggr - wifi: mt76: mt7925: fix incorrect length field in txpower command - wifi: mt76: mt7921: fix a potential clc buffer length underflow - wifi: mt76: mt7921: fix ROC abort flow interruption in mt7921_roc_work - wifi: b43legacy: enforce bounds check on firmware key index in RX path - wifi: mac80211: drop stray 'static' from fast-RX rx_result - wifi: rsi: fix kthread lifetime race between self-exit and external-stop - wifi: mac80211: use safe list iteration in radar detect work - wifi: ath5k: do not access array OOB (Closes: #1119093) - wifi: mac80211: remove station if connection prep fails - wifi: b43: enforce bounds check on firmware key index in b43_rx() - wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task - usb: usblp: fix heap leak in IEEE 1284 device ID via short response - usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl - ALSA: usb-audio: midi2: Restart output URBs on resume - ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3() - ALSA: usb-audio: Fix UAC3 cluster descriptor size check - usb: dwc3: Move GUID programming after PHY initialization - USB: omap_udc: DMA: Don't enable burst 4 mode - USB: serial: option: add Telit Cinterion LE910Cx compositions - usb: ulpi: fix memory leak on ulpi_register() error paths - usb: typec: tcpm: fix debug accessory mode detection for sink ports - ALSA: hda: cs35l56: Propagate ASP TX source control errors - ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger - ALSA: hda/realtek: Fix speaker silence after S3 resume on Xiaomi Mi Laptop Pro 15 - ALSA: firewire-tascam: Do not drop unread control events - ALSA: core: Serialize deferred fasync state checks - ALSA: seq: Fix UMP group 16 filtering - [amd64] x86/efi: Restore IRQ state in EFI page fault handler - sched_ext: Read scx_root under scx_cgroup_ops_rwsem in cgroup setters - xfrm: provide message size for XFRM_MSG_MAPPING - xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete - ipv6: xfrm6: release dst on error in xfrm6_rcv_encap() - xfrm: ah: account for ESN high bits in async callbacks - selinux: fix avdcache auditing - selinux: use sk blob accessor in socket permission helpers - selinux: don't reserve xattr slot when we won't fill it - selinux: shrink critical section in sel_write_load() - selinux: prune /sys/fs/selinux/checkreqprot - selinux: prune /sys/fs/selinux/disable - selinux: prune /sys/fs/selinux/user - selinux: allow multiple opens of /sys/fs/selinux/policy - io_uring/kbuf: support min length left for incremental buffers - io_uring/tw: serialize ctx->retry_llist with ->uring_lock - [loong64] KVM: Fix missing EMULATE_FAIL in kvm_emu_mmio_read() - Bluetooth: virtio_bt: clamp rx length before skb_put - Bluetooth: virtio_bt: validate rx pkt_type header length - Bluetooth: btmtk: validate WMT event SKB length before struct access - Bluetooth: hci_conn: fix potential UAF in create_big_sync - Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt - Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb() - Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb() - Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndtimeo_cb() - rust: drm: gem: clean up GEM state in init failure case - rust: allow `clippy::collapsible_match` globally - rust: allow `clippy::collapsible_if` globally - rust: pin-init: internal: move alignment check to `make_field_check` - [armhf] spi: sun4i: fix controller deregistration - [armhf] spi: ti-qspi: fix controller deregistration - spi: sun6i: fix controller deregistration - [arm64,armhf] spi: tegra114: fix controller deregistration - [arm64,armhf] spi: tegra20-sflash: fix controller deregistration - staging: rtl8723bs: os_dep: avoid NULL pointer dereference in rtw_cbuf_alloc - staging: vme_user: fix root device leak on init failure - fanotify: fix false positive on permission events - [arm64] KVM: arm64: Fix kvm_vcpu_initialized() macro parameter - mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show() - [arm64] signal: Preserve POR_EL0 if poe_context is missing - mm/hugetlb_cma: round up per_node before logging it - [loong64] Fix SYM_SIGFUNC_START definition for 32BIT - [loong64] KVM: Compile switch.S directly into the kernel - net: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo - mptcp: pm: ADD_ADDR rtx: skip inactive subflows - [amd64] perf/x86/intel: Improve validation and configuration of ACR masks - rseq: Set rseq::cpu_id_start to 0 on unregistration - rseq: Protect rseq_reset() against interrupts - rseq: Don't advertise time slice extensions if disabled - [amd64] accel/ivpu: Disallow re-exporting imported GEM objects - sound: ua101: fix division by zero at probe - [ppc64el] pseries/papr-hvpipe: Fix race with interrupt handler - [ppc64el] pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace - [ppc64el] pseries/papr-hvpipe: Fix null ptr deref in papr_hvpipe_dev_create_handle() - [ppc64el] pseries/papr-hvpipe: Fix & simplify error handling in papr_hvpipe_init() - [ppc64el] pseries/papr-hvpipe: Fix the usage of copy_to_user() - net: libwx: fix VF illegal register access - ip6_gre: Use cached t->net in ip6erspan_changelink(). - net: libwx: use request_irq for VF misc interrupt - netpoll: pass buffer size to egress_dev() to avoid MAC truncation - net/rds: handle zerocopy send cleanup before the message is queued - net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler - ovl: fix verity lazy-load guard broken by fsverity_active() semantic change - [amd64] x86/efi: Fix graceful fault handling after FPU softirq changes - hwmon: (ltc2992) Clamp threshold writes to hardware range - hwmon: (ltc2992) Fix u32 overflow in power read path - clk: rk808: fix OF node reference imbalance - hwmon: (corsair-psu) Close HID device on probe errors - af_unix: Reject SIOCATMARK on non-stream sockets - [arm64] fpsimd: ptrace: zero target's fpsimd_state, not the tracer's - pmdomain: mediatek: fix use-after-free in scpsys_get_bus_protection_legacy() - block: add pgmap check to biovec_phys_mergeable - block: fix zone write plug removal - block: only read from sqe on initial invocation of blkdev_uring_cmd() - cifs: abort open_cached_dir if we don't request leases - cifs: change_conf needs to be called for session setup - extcon: ptn5150: handle pending IRQ events during system resume - fbcon: Avoid OOB font access if console rotation fails - gpio: of: clear OF_POPULATED on hog nodes in remove path - hv: Select CONFIG_SYSFB only for CONFIG_HYPERV_VMBUS - hv_sock: fix ARM64 support - hv_sock: Report EOF instead of -EIO for FIN - hv_sock: Return -EIO for malformed/short packets - ibmveth: Disable GSO for packets with small MSS - ice: fix double free in ice_sf_eth_activate() error path - tracefs: Fix default permissions not being applied on initial mount - udf: reject descriptors with oversized CRC length - [amd64] x86/boot/e820: Re-enable BIOS fallback if e820 table is empty - thermal: core: Free thermal zone ID later during removal - thermal/drivers/sprd: Fix temperature clamping in sprd_thm_temp_to_rawdata - thermal/drivers/sprd: Fix raw temperature clamping in sprd_thm_rawdata_to_temp - tracing/fprobe: Avoid kcalloc() in rcu_read_lock section - tracing/fprobe: Remove fprobe from hash in failure path - tracing/fprobe: Unregister fprobe even if memory allocation fails - tracing/probes: Limit size of event probe to 3K - tracing/fprobe: Check the same type fprobe on table as the unregistered one - [riscv64] clk: microchip: mpfs-ccc: fix out of bounds access during output registration - [amd64] ASoC: amd: yc: Add HP OMEN Gaming Laptop 16-ap0xxx product line in quirk table - [arm64] ASoC: qcom: q6apm-dai: reset queue ptr on trigger stop - [arm64] ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens - [arm64] ASoC: qcom: q6apm: remove child devices when apm is removed - btrfs: do not mark inode incompressible after inline attempt fails - btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak - btrfs: fix double free in create_space_info() error path - btrfs: fix double free in create_space_info_sub_group() error path - btrfs: fix missing last_unlink_trans update when removing a directory - dm-thin: fix metadata refcount underflow - dm: don't report warning when doing deferred remove - dm: fix a buffer overflow in ioctl processing - eventfs: Hold eventfs_mutex and SRCU when remount walks events - dm-verity-fec: correctly reject too-small FEC devices - dm-verity-fec: correctly reject too-small hash devices - dm-verity-fec: fix corrected block count stat - dm-verity-fec: fix reading parity bytes split across blocks (take 3) - dm-verity-fec: fix the size of dm_verity_fec_io::erasures - isofs: validate Rock Ridge CE continuation extent against volume size - isofs: validate block number from NFS file handle in isofs_export_iget - [amd64] iommu/vt-d: Block PASID attachment to nested domain with dirty tracking - [arm64] iommu/arm-smmu-v3: Add a missing dma_wmb() for hitless STE update - lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() - lib/crc: tests: Make crc_kunit test only the enabled CRC variants - lib/scatterlist: fix length calculations in extract_kvec_to_sg - lib/scatterlist: fix temp buffer in extract_user_to_sg() - libceph: Fix slab-out-of-bounds access in auth message processing - md/raid10: fix divide-by-zero in setup_geo() with zero far_copies - nvme-apple: drop invalid put of admin queue reference count - nvmet-tcp: fix race between ICReq handling and queue teardown - nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free - openvswitch: vport: fix self-deadlock on release of tunnel ports - pmdomain: core: Fix detach procedure for virtual devices in genpd - psp: strip variable-length PSP header in psp_dev_rcv() - RDMA/hns: Fix unlocked call to hns_roce_qp_remove() - [riscv64] kvm: fix vector context allocation leak - [s390x] debug: Reject zero-length input in debug_input_flush_fn() - [s390x] debug: Reject zero-length input before trimming a newline - scsi: mpt3sas: Limit NVMe request size to 2 MiB - smb/client: fix out-of-bounds read in smb2_compound_op() - smb/client: fix out-of-bounds read in symlink_data() - smb: client: use kzalloc to zero-initialize security descriptor buffer - smb: client: validate dacloffset before building DACL pointers - [amd64] KVM: x86: check for nEPT/nNPT in slow flush hypercalls - [amd64] KVM: x86: Do IRR scan in __kvm_apic_update_irr even if PIR is empty - mm/damon/lru_sort: detect and use fresh enabled and kdamond_pid values - mm/damon/reclaim: detect and use fresh enabled and kdamond_pid values - mm/damon/stat: detect and use fresh enabled value - mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock - mm/damon/sysfs-schemes: protect path kfree() with damon_sysfs_lock - PCI: Update saved_config_space upon resource assignment (Closes: #1131025) - PCI/AER: Clear only error bits in PCIe Device Status - PCI/AER: Stop ruling out unbound devices as error source - PCI/ASPM: Fix pci_clear_and_set_config_dword() usage - power: supply: max17042: avoid overflow when determining health - [powerpc*] xive: fix kmemleak caused by incorrect chip_data lookup - [amd64] perf/x86/intel: Always reprogram ACR events to prevent stale masks - [amd64] perf/x86/intel: Disable PMI for self-reloaded ACR events - [amd64] perf/x86/intel: Enable auto counter reload for DMR - RDMA/ionic: bound node_desc sysfs read with %.64s - RDMA/ionic: Fix typo in format string - RDMA/mana: Fix error unwind in mana_ib_create_qp_rss() - RDMA/mana: Fix mana_destroy_wq_obj() cleanup in mana_ib_create_qp_rss() - RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss() - RDMA/mana: Validate rx_hash_key_len - RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() - RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq() - RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init() - RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdma_copy_pd_uresp() - RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads - RDMA/rxe: Reject unknown opcodes before ICRC processing - RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path - remoteproc: imx_rproc: Fix NULL vs IS_ERR() bug in imx_rproc_addr_init() - remoteproc: k3: Fix NULL vs IS_ERR() bug in k3_reserved_mem_init() - sched_ext: idle: Recheck prev_cpu after narrowing allowed mask - sched_ext: Use dsq->first_task instead of list_empty() in dispatch_enqueue() FIFO-tail - mptcp: fastclose msk when linger time is 0 - mptcp: use MPJoinSynAckHMacFailure for SynAck HMAC failure - mptcp: use MPTCP_RST_EMPTCP for ACK HMAC validation failure - mptcp: sockopt: set timestamp flags on subflow socket, not msk - mptcp: sockopt: increase seq in mptcp_setsockopt_all_sf - mptcp: fix rx timestamp corruption on fastopen - mptcp: fix scheduling with atomic in timestamp sockopt - mptcp: pm: prio: skip closed subflows - mptcp: pm: kernel: reset fullmesh counter after flush - mptcp: pm: kernel: correctly retransmit ADD_ADDR ID 0 - mptcp: pm: ADD_ADDR rtx: allow ID 0 - mptcp: pm: ADD_ADDR rtx: fix potential data-race - mptcp: pm: ADD_ADDR rtx: always decrease sk refcount - mptcp: pm: ADD_ADDR rtx: free sk if last - mptcp: pm: ADD_ADDR rtx: resched blocked ADD_ADDR quicker - mptcp: pm: ADD_ADDR rtx: return early if no retrans - f2fs: add READ_ONCE() for i_blocks in f2fs_update_inode() - f2fs: fix false alarm of lockdep on cp_global_sem lock - f2fs: fix fiemap boundary handling when read extent cache is incomplete - f2fs: fix fsck inconsistency caused by incorrect nat_entry flag usage - f2fs: fix incorrect file address mapping when inline inode is unwritten - f2fs: fix incorrect multidevice info in trace_f2fs_map_blocks() - f2fs: fix node_cnt race between extent node destroy and writeback - f2fs: fix uninitialized kobject put in f2fs_init_sysfs() - f2fs: refactor f2fs_move_node_folio function - f2fs: fix inline data not being written to disk in writeback path - f2fs: fix fsck inconsistency caused by FGGC of node block - [arm64] KVM: arm64: Wake-up from WFI when iqrchip is in userspace - [arm64] KVM: arm64: vgic: Fix IIDR revision field extracted from wrong value - [arm64] KVM: arm64: Fix initialisation order in __pkvm_init_finalise() - [arm64] KVM: arm64: Fix FEAT_SPE_FnE to use PMSIDR_EL1.FnE, not PMSVer - [arm64] KVM: arm64: Fix FEAT_Debugv8p9 to check DebugVer, not PMUVer - [arm64] KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu() - [loong64] Fix potential ADE in loongson_gpu_fixup_dma_hang() - [loong64] KVM: Cap KVM_CAP_NR_VCPUS by KVM_CAP_MAX_VCPUS - [loong64] KVM: Fix "unreliable stack" for kvm_exc_entry - [loong64] KVM: Fix HW timer interrupt lost when inject interrupt by software - [loong64] KVM: Move unconditional delay into timer clear scenery - [loong64] KVM: Use kvm_set_pte() in kvm_flush_pte() - [loong64] Use per-root-bridge PCIH flag to skip mem resource fixup - bpf: Fix use-after-free in arena_vm_close on fork - octeon_ep_vf: add NULL check for napi_build_skb() - mmc: core: Adjust MDT beyond 2025 - mmc: core: Add quirk for incorrect manufacturing date - mmc: core: Optimize time for secure erase/trim for some Kingston eMMCs - crypto: qat - fix indentation of macros in qat_hal.c - crypto: qat - fix firmware loading failure for GEN6 devices - hfsplus: fix uninit-value by validating catalog record size - hfsplus: fix held lock freed on hfsplus_fill_super() - 8021q: use RCU for egress QoS mappings - 8021q: delete cleared egress QoS mappings - printk: add print_hex_dump_devel() - crypto: caam - guard HMAC key hex dumps in hash_digest_key - net: stmmac: rename STMMAC_GET_ENTRY() -> STMMAC_NEXT_ENTRY() - net: stmmac: Prevent NULL deref when RX memory exhausted - rust: pin-init: fix incorrect accessor reference lifetime - [amd64] x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache - ksmbd: validate inherited ACE SID length . [ Salvatore Bonaccorso ] * ptrace: slightly saner 'get_dumpable()' logic Checksums-Sha1: bdb7e1fbd034dd9fed0e2d77e0bfdaac647b677c 194732 linux_7.0.7-1.dsc 12ad382a2f4e1950cf37d72a450223e8650db54b 160366364 linux_7.0.7.orig.tar.xz 78405e56ed662c127777220c14e0902287d59f0c 1468968 linux_7.0.7-1.debian.tar.xz 2536ac1e279b84c1b255ac6bfa135c95b46eb0bc 6872 linux_7.0.7-1_source.buildinfo Checksums-Sha256: 3dd61ac38ee7357e5e2c010d85f88c1916f7c5d31a99d359e0b85b0f0e91cb1c 194732 linux_7.0.7-1.dsc a14109ce964b753c72ef0d5aef3653686957a491925deea3467c73faaa11ff1d 160366364 linux_7.0.7.orig.tar.xz c50b09443af3d2a06bbf91a1ae8a7f11931065e941e5c0f20ff5ee3c7fa179e2 1468968 linux_7.0.7-1.debian.tar.xz ac35bd612e2612089a371d45dfe22bba4eb6a4edbc17b5bc4235c597efad3baa 6872 linux_7.0.7-1_source.buildinfo Files: 221de020af4ff68409fdc1deb21be3a9 194732 kernel optional linux_7.0.7-1.dsc 3988334628ee990aa5d48fd135f0c77d 160366364 kernel optional linux_7.0.7.orig.tar.xz 16deb5024f5defa802e706107ff8cb5f 1468968 kernel optional linux_7.0.7-1.debian.tar.xz a20bdb2fd34fea159c7f1f858bbcac6a 6872 kernel optional linux_7.0.7-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmoGuoNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ENiIP/itV76theCauQ+TIsZdNWHZ4NSjCl6ce FAeY3WrlQtfiUJFVVavcvr+LnB/my76Hpxwyg2QvmXpxhVN7qGaWt+wbTfbfoplZ jumq4MaiQ7TV0dgU9AsU+/smLIzvbimyRwDKJOl12cSRW+um98S4T6LyjBCPLHLp Bj39+C4G69WpMw3PBZ1Rehi01/ev2aPKAFjT7f9eFE6EPsFa/kUjS4ba95+GAWkp jNrmaH0SjzK535Zvk9H+imzFgb8rgKRiYowcPnmjD60ywdj58W6oSbTvSGdKVgyF bij6/WYfIckcHgRxOkNXO5nM3F2nWRKmP3tUAqiIpialSmZmwWFaaT1WhwYQ4HeD xgYKEExfXneW1vU7Wbg2uu5DZINmNTIGXWArhm+D9MZTNSZRfrA8Qv5eTRjJrROD iakVKnEn7+5cW3zRnNIFMBFy6L4bdxlcTo9xro0KMUgMOMMOQNo8ReCnarThbsFb +jxc5wImHLJxC+aUif9Y/c06tqo7A0sfiyKUjcLY8Kiv5PyRjzfF4Fp0e6xxFbYQ NJKygJDOZMc3NTjjKE1DnvTdehik1quokdKMrlSKffVEZii8xeI313bkfWVB9hVq MdMA3Zr5qhgo2w8Ms2pARA+DeP2zuY61T9mbFL3Gb8SfUR9nJl5NIz/W2CIj+Reo vGtxp9lfSstL =/7mN -----END PGP SIGNATURE-----
