-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 15 May 2026 08:13:13 +0200
Source: linux-signed-amd64
Architecture: source
Version: 7.0.7+1
Distribution: sid
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Changes:
linux-signed-amd64 (7.0.7+1) unstable; urgency=high
.
* Sign kernel from linux 7.0.7-1
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v7.x/ChangeLog-7.0.5
https://www.kernel.org/pub/linux/kernel/v7.x/ChangeLog-7.0.6
https://www.kernel.org/pub/linux/kernel/v7.x/ChangeLog-7.0.7
- scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()
- ipmi: Add limits to event and receive message requests
- ipmi: Check event message buffer response for bad data
- ipmi:si: Return state to normal if message allocation fails
- fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free
- [arm64] ACPI: arm64: cpuidle: Tolerate platforms with no deep PSCI idle
states
- ACPI: scan: Use acpi_dev_put() in object add error paths
- ACPI: video: Add backlight=native quirk for Dell OptiPlex 7770 AIO
- ACPI: CPPC: Fix related_cpus inconsistency during CPU hotplug
- ACPI: video: force native backlight on HP OMEN 16 (8A44)
- tracepoint: balance regfunc() on func_add() failure in
tracepoint_add_func()
- iommufd: Fix a race with concurrent allocation and unmap
- ASoC: SOF: Don't allow pointer operations on unconfigured streams
- wifi: mt76: mt7925: fix incorrect TLV length in CLC command
- [arm64,armhf] spi: rockchip: fix controller deregistration
- ksmbd: rewrite stop_sessions() with restartable iteration
- [amd64] KVM: x86: Fix shadow paging use-after-free due to unexpected GFN
- flow_dissector: do not dissect PPPoE PFC frames
- smb: client/smbdirect: fix MR registration for coalesced SG lists
- net/sched: sch_red: Replace direct dequeue call with peek and
qdisc_dequeue_peeked
- exit: prevent preemption of oopsing TASK_DEAD task
- wifi: mt76: mt7925: fix AMPDU state handling in mt7925_tx_check_aggr
- wifi: mt76: mt7925: fix incorrect length field in txpower command
- wifi: mt76: mt7921: fix a potential clc buffer length underflow
- wifi: mt76: mt7921: fix ROC abort flow interruption in mt7921_roc_work
- wifi: b43legacy: enforce bounds check on firmware key index in RX path
- wifi: mac80211: drop stray 'static' from fast-RX rx_result
- wifi: rsi: fix kthread lifetime race between self-exit and external-stop
- wifi: mac80211: use safe list iteration in radar detect work
- wifi: ath5k: do not access array OOB (Closes: #1119093)
- wifi: mac80211: remove station if connection prep fails
- wifi: b43: enforce bounds check on firmware key index in b43_rx()
- wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog
task
- usb: usblp: fix heap leak in IEEE 1284 device ID via short response
- usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl
- ALSA: usb-audio: midi2: Restart output URBs on resume
- ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()
- ALSA: usb-audio: Fix UAC3 cluster descriptor size check
- usb: dwc3: Move GUID programming after PHY initialization
- USB: omap_udc: DMA: Don't enable burst 4 mode
- USB: serial: option: add Telit Cinterion LE910Cx compositions
- usb: ulpi: fix memory leak on ulpi_register() error paths
- usb: typec: tcpm: fix debug accessory mode detection for sink ports
- ALSA: hda: cs35l56: Propagate ASP TX source control errors
- ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger
- ALSA: hda/realtek: Fix speaker silence after S3 resume on Xiaomi Mi Laptop
Pro 15
- ALSA: firewire-tascam: Do not drop unread control events
- ALSA: core: Serialize deferred fasync state checks
- ALSA: seq: Fix UMP group 16 filtering
- [amd64] x86/efi: Restore IRQ state in EFI page fault handler
- sched_ext: Read scx_root under scx_cgroup_ops_rwsem in cgroup setters
- xfrm: provide message size for XFRM_MSG_MAPPING
- xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete
- ipv6: xfrm6: release dst on error in xfrm6_rcv_encap()
- xfrm: ah: account for ESN high bits in async callbacks
- selinux: fix avdcache auditing
- selinux: use sk blob accessor in socket permission helpers
- selinux: don't reserve xattr slot when we won't fill it
- selinux: shrink critical section in sel_write_load()
- selinux: prune /sys/fs/selinux/checkreqprot
- selinux: prune /sys/fs/selinux/disable
- selinux: prune /sys/fs/selinux/user
- selinux: allow multiple opens of /sys/fs/selinux/policy
- io_uring/kbuf: support min length left for incremental buffers
- io_uring/tw: serialize ctx->retry_llist with ->uring_lock
- [loong64] KVM: Fix missing EMULATE_FAIL in kvm_emu_mmio_read()
- Bluetooth: virtio_bt: clamp rx length before skb_put
- Bluetooth: virtio_bt: validate rx pkt_type header length
- Bluetooth: btmtk: validate WMT event SKB length before struct access
- Bluetooth: hci_conn: fix potential UAF in create_big_sync
- Bluetooth: hci_event: Fix OOB read and infinite loop in
hci_le_create_big_complete_evt
- Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb()
- Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb()
- Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndtimeo_cb()
- rust: drm: gem: clean up GEM state in init failure case
- rust: allow `clippy::collapsible_match` globally
- rust: allow `clippy::collapsible_if` globally
- rust: pin-init: internal: move alignment check to `make_field_check`
- [armhf] spi: sun4i: fix controller deregistration
- [armhf] spi: ti-qspi: fix controller deregistration
- spi: sun6i: fix controller deregistration
- [arm64,armhf] spi: tegra114: fix controller deregistration
- [arm64,armhf] spi: tegra20-sflash: fix controller deregistration
- staging: rtl8723bs: os_dep: avoid NULL pointer dereference in
rtw_cbuf_alloc
- staging: vme_user: fix root device leak on init failure
- fanotify: fix false positive on permission events
- [arm64] KVM: arm64: Fix kvm_vcpu_initialized() macro parameter
- mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()
- [arm64] signal: Preserve POR_EL0 if poe_context is missing
- mm/hugetlb_cma: round up per_node before logging it
- [loong64] Fix SYM_SIGFUNC_START definition for 32BIT
- [loong64] KVM: Compile switch.S directly into the kernel
- net: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in
rtnl_fill_vfinfo
- mptcp: pm: ADD_ADDR rtx: skip inactive subflows
- [amd64] perf/x86/intel: Improve validation and configuration of ACR masks
- rseq: Set rseq::cpu_id_start to 0 on unregistration
- rseq: Protect rseq_reset() against interrupts
- rseq: Don't advertise time slice extensions if disabled
- [amd64] accel/ivpu: Disallow re-exporting imported GEM objects
- sound: ua101: fix division by zero at probe
- [ppc64el] pseries/papr-hvpipe: Fix race with interrupt handler
- [ppc64el] pseries/papr-hvpipe: Prevent kernel stack memory leak to
userspace
- [ppc64el] pseries/papr-hvpipe: Fix null ptr deref in
papr_hvpipe_dev_create_handle()
- [ppc64el] pseries/papr-hvpipe: Fix & simplify error handling in
papr_hvpipe_init()
- [ppc64el] pseries/papr-hvpipe: Fix the usage of copy_to_user()
- net: libwx: fix VF illegal register access
- ip6_gre: Use cached t->net in ip6erspan_changelink().
- net: libwx: use request_irq for VF misc interrupt
- netpoll: pass buffer size to egress_dev() to avoid MAC truncation
- net/rds: handle zerocopy send cleanup before the message is queued
- net: wwan: t7xx: validate port_count against message length in
t7xx_port_enum_msg_handler
- ovl: fix verity lazy-load guard broken by fsverity_active() semantic
change
- [amd64] x86/efi: Fix graceful fault handling after FPU softirq changes
- hwmon: (ltc2992) Clamp threshold writes to hardware range
- hwmon: (ltc2992) Fix u32 overflow in power read path
- clk: rk808: fix OF node reference imbalance
- hwmon: (corsair-psu) Close HID device on probe errors
- af_unix: Reject SIOCATMARK on non-stream sockets
- [arm64] fpsimd: ptrace: zero target's fpsimd_state, not the tracer's
- pmdomain: mediatek: fix use-after-free in
scpsys_get_bus_protection_legacy()
- block: add pgmap check to biovec_phys_mergeable
- block: fix zone write plug removal
- block: only read from sqe on initial invocation of blkdev_uring_cmd()
- cifs: abort open_cached_dir if we don't request leases
- cifs: change_conf needs to be called for session setup
- extcon: ptn5150: handle pending IRQ events during system resume
- fbcon: Avoid OOB font access if console rotation fails
- gpio: of: clear OF_POPULATED on hog nodes in remove path
- hv: Select CONFIG_SYSFB only for CONFIG_HYPERV_VMBUS
- hv_sock: fix ARM64 support
- hv_sock: Report EOF instead of -EIO for FIN
- hv_sock: Return -EIO for malformed/short packets
- ibmveth: Disable GSO for packets with small MSS
- ice: fix double free in ice_sf_eth_activate() error path
- tracefs: Fix default permissions not being applied on initial mount
- udf: reject descriptors with oversized CRC length
- [amd64] x86/boot/e820: Re-enable BIOS fallback if e820 table is empty
- thermal: core: Free thermal zone ID later during removal
- thermal/drivers/sprd: Fix temperature clamping in sprd_thm_temp_to_rawdata
- thermal/drivers/sprd: Fix raw temperature clamping in
sprd_thm_rawdata_to_temp
- tracing/fprobe: Avoid kcalloc() in rcu_read_lock section
- tracing/fprobe: Remove fprobe from hash in failure path
- tracing/fprobe: Unregister fprobe even if memory allocation fails
- tracing/probes: Limit size of event probe to 3K
- tracing/fprobe: Check the same type fprobe on table as the unregistered
one
- [riscv64] clk: microchip: mpfs-ccc: fix out of bounds access during output
registration
- [amd64] ASoC: amd: yc: Add HP OMEN Gaming Laptop 16-ap0xxx product line in
quirk table
- [arm64] ASoC: qcom: q6apm-dai: reset queue ptr on trigger stop
- [arm64] ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens
- [arm64] ASoC: qcom: q6apm: remove child devices when apm is removed
- btrfs: do not mark inode incompressible after inline attempt fails
- btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to
info-leak
- btrfs: fix double free in create_space_info() error path
- btrfs: fix double free in create_space_info_sub_group() error path
- btrfs: fix missing last_unlink_trans update when removing a directory
- dm-thin: fix metadata refcount underflow
- dm: don't report warning when doing deferred remove
- dm: fix a buffer overflow in ioctl processing
- eventfs: Hold eventfs_mutex and SRCU when remount walks events
- dm-verity-fec: correctly reject too-small FEC devices
- dm-verity-fec: correctly reject too-small hash devices
- dm-verity-fec: fix corrected block count stat
- dm-verity-fec: fix reading parity bytes split across blocks (take 3)
- dm-verity-fec: fix the size of dm_verity_fec_io::erasures
- isofs: validate Rock Ridge CE continuation extent against volume size
- isofs: validate block number from NFS file handle in isofs_export_iget
- [amd64] iommu/vt-d: Block PASID attachment to nested domain with dirty
tracking
- [arm64] iommu/arm-smmu-v3: Add a missing dma_wmb() for hitless STE update
- lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()
- lib/crc: tests: Make crc_kunit test only the enabled CRC variants
- lib/scatterlist: fix length calculations in extract_kvec_to_sg
- lib/scatterlist: fix temp buffer in extract_user_to_sg()
- libceph: Fix slab-out-of-bounds access in auth message processing
- md/raid10: fix divide-by-zero in setup_geo() with zero far_copies
- nvme-apple: drop invalid put of admin queue reference count
- nvmet-tcp: fix race between ICReq handling and queue teardown
- nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free
- openvswitch: vport: fix self-deadlock on release of tunnel ports
- pmdomain: core: Fix detach procedure for virtual devices in genpd
- psp: strip variable-length PSP header in psp_dev_rcv()
- RDMA/hns: Fix unlocked call to hns_roce_qp_remove()
- [riscv64] kvm: fix vector context allocation leak
- [s390x] debug: Reject zero-length input in debug_input_flush_fn()
- [s390x] debug: Reject zero-length input before trimming a newline
- scsi: mpt3sas: Limit NVMe request size to 2 MiB
- smb/client: fix out-of-bounds read in smb2_compound_op()
- smb/client: fix out-of-bounds read in symlink_data()
- smb: client: use kzalloc to zero-initialize security descriptor buffer
- smb: client: validate dacloffset before building DACL pointers
- [amd64] KVM: x86: check for nEPT/nNPT in slow flush hypercalls
- [amd64] KVM: x86: Do IRR scan in __kvm_apic_update_irr even if PIR is
empty
- mm/damon/lru_sort: detect and use fresh enabled and kdamond_pid values
- mm/damon/reclaim: detect and use fresh enabled and kdamond_pid values
- mm/damon/stat: detect and use fresh enabled value
- mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock
- mm/damon/sysfs-schemes: protect path kfree() with damon_sysfs_lock
- PCI: Update saved_config_space upon resource assignment (Closes: #1131025)
- PCI/AER: Clear only error bits in PCIe Device Status
- PCI/AER: Stop ruling out unbound devices as error source
- PCI/ASPM: Fix pci_clear_and_set_config_dword() usage
- power: supply: max17042: avoid overflow when determining health
- [powerpc*] xive: fix kmemleak caused by incorrect chip_data lookup
- [amd64] perf/x86/intel: Always reprogram ACR events to prevent stale masks
- [amd64] perf/x86/intel: Disable PMI for self-reloaded ACR events
- [amd64] perf/x86/intel: Enable auto counter reload for DMR
- RDMA/ionic: bound node_desc sysfs read with %.64s
- RDMA/ionic: Fix typo in format string
- RDMA/mana: Fix error unwind in mana_ib_create_qp_rss()
- RDMA/mana: Fix mana_destroy_wq_obj() cleanup in mana_ib_create_qp_rss()
- RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss()
- RDMA/mana: Validate rx_hash_key_len
- RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()
- RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq()
- RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init()
- RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdma_copy_pd_uresp()
- RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads
- RDMA/rxe: Reject unknown opcodes before ICRC processing
- RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path
- remoteproc: imx_rproc: Fix NULL vs IS_ERR() bug in imx_rproc_addr_init()
- remoteproc: k3: Fix NULL vs IS_ERR() bug in k3_reserved_mem_init()
- sched_ext: idle: Recheck prev_cpu after narrowing allowed mask
- sched_ext: Use dsq->first_task instead of list_empty() in
dispatch_enqueue() FIFO-tail
- mptcp: fastclose msk when linger time is 0
- mptcp: use MPJoinSynAckHMacFailure for SynAck HMAC failure
- mptcp: use MPTCP_RST_EMPTCP for ACK HMAC validation failure
- mptcp: sockopt: set timestamp flags on subflow socket, not msk
- mptcp: sockopt: increase seq in mptcp_setsockopt_all_sf
- mptcp: fix rx timestamp corruption on fastopen
- mptcp: fix scheduling with atomic in timestamp sockopt
- mptcp: pm: prio: skip closed subflows
- mptcp: pm: kernel: reset fullmesh counter after flush
- mptcp: pm: kernel: correctly retransmit ADD_ADDR ID 0
- mptcp: pm: ADD_ADDR rtx: allow ID 0
- mptcp: pm: ADD_ADDR rtx: fix potential data-race
- mptcp: pm: ADD_ADDR rtx: always decrease sk refcount
- mptcp: pm: ADD_ADDR rtx: free sk if last
- mptcp: pm: ADD_ADDR rtx: resched blocked ADD_ADDR quicker
- mptcp: pm: ADD_ADDR rtx: return early if no retrans
- f2fs: add READ_ONCE() for i_blocks in f2fs_update_inode()
- f2fs: fix false alarm of lockdep on cp_global_sem lock
- f2fs: fix fiemap boundary handling when read extent cache is incomplete
- f2fs: fix fsck inconsistency caused by incorrect nat_entry flag usage
- f2fs: fix incorrect file address mapping when inline inode is unwritten
- f2fs: fix incorrect multidevice info in trace_f2fs_map_blocks()
- f2fs: fix node_cnt race between extent node destroy and writeback
- f2fs: fix uninitialized kobject put in f2fs_init_sysfs()
- f2fs: refactor f2fs_move_node_folio function
- f2fs: fix inline data not being written to disk in writeback path
- f2fs: fix fsck inconsistency caused by FGGC of node block
- [arm64] KVM: arm64: Wake-up from WFI when iqrchip is in userspace
- [arm64] KVM: arm64: vgic: Fix IIDR revision field extracted from wrong
value
- [arm64] KVM: arm64: Fix initialisation order in __pkvm_init_finalise()
- [arm64] KVM: arm64: Fix FEAT_SPE_FnE to use PMSIDR_EL1.FnE, not PMSVer
- [arm64] KVM: arm64: Fix FEAT_Debugv8p9 to check DebugVer, not PMUVer
- [arm64] KVM: arm64: Fix pin leak and publication ordering in
__pkvm_init_vcpu()
- [loong64] Fix potential ADE in loongson_gpu_fixup_dma_hang()
- [loong64] KVM: Cap KVM_CAP_NR_VCPUS by KVM_CAP_MAX_VCPUS
- [loong64] KVM: Fix "unreliable stack" for kvm_exc_entry
- [loong64] KVM: Fix HW timer interrupt lost when inject interrupt by
software
- [loong64] KVM: Move unconditional delay into timer clear scenery
- [loong64] KVM: Use kvm_set_pte() in kvm_flush_pte()
- [loong64] Use per-root-bridge PCIH flag to skip mem resource fixup
- bpf: Fix use-after-free in arena_vm_close on fork
- octeon_ep_vf: add NULL check for napi_build_skb()
- mmc: core: Adjust MDT beyond 2025
- mmc: core: Add quirk for incorrect manufacturing date
- mmc: core: Optimize time for secure erase/trim for some Kingston eMMCs
- crypto: qat - fix indentation of macros in qat_hal.c
- crypto: qat - fix firmware loading failure for GEN6 devices
- hfsplus: fix uninit-value by validating catalog record size
- hfsplus: fix held lock freed on hfsplus_fill_super()
- 8021q: use RCU for egress QoS mappings
- 8021q: delete cleared egress QoS mappings
- printk: add print_hex_dump_devel()
- crypto: caam - guard HMAC key hex dumps in hash_digest_key
- net: stmmac: rename STMMAC_GET_ENTRY() -> STMMAC_NEXT_ENTRY()
- net: stmmac: Prevent NULL deref when RX memory exhausted
- rust: pin-init: fix incorrect accessor reference lifetime
- [amd64] x86/CPU/AMD: Prevent improper isolation of shared resources in
Zen2's op cache
- ksmbd: validate inherited ACE SID length
.
[ Salvatore Bonaccorso ]
* ptrace: slightly saner 'get_dumpable()' logic
Checksums-Sha1:
be8a80b8275d7a11ceadf5f5b4d4919fa994d4a1 5456 linux-signed-amd64_7.0.7+1.dsc
d20595da56bcd5f307b31492b7b7ca357e86eb1f 695316 linux-signed-amd64_7.0.7+1.tar.xz
Checksums-Sha256:
9f64b1e18268481f8cce6f874efb47fef6ba092af13cb888c9e3550467023745 5456 linux-signed-amd64_7.0.7+1.dsc
424ea45759e46f09475ee0c2146741ffb2abc72b0776c7320f5854ade64f3939 695316 linux-signed-amd64_7.0.7+1.tar.xz
Files:
55d914e7be31c05b4df89302c5b1f7d9 5456 kernel optional linux-signed-amd64_7.0.7+1.dsc
b4fb1febd878c5a72218cebc8751f1aa 695316 kernel optional linux-signed-amd64_7.0.7+1.tar.xz
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQSInBJdRTWyTRy0ztFCTVFtUgONCgUCagcM8QAKCRBCTVFtUgON
CvbJAP953/5IKSbASnAUE6kQYGfmjGLeOnCBqgzfxp1gEAvt7AEAogFw/zGRgZy0
2iI/22LEEHgOVilrrtn8C8aTBEe8ZAM=
=X2MR
-----END PGP SIGNATURE-----
