-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 04 Jul 2026 16:35:01 +0200
Source: linux-signed-amd64
Architecture: source
Version: 7.1.3+1
Distribution: sid
Urgency: medium
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Changes:
linux-signed-amd64 (7.1.3+1) unstable; urgency=medium
.
* Sign kernel from linux 7.1.3-1
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v7.x/ChangeLog-7.1.3
- [amd64] KVM: x86: Fix shadow paging use-after-free due to unexpected role
(CVE-2026-53359)
- batman-adv: tp_meter: keep unacked list in ascending ordered
- batman-adv: tp_meter: initialize dup_acks explicitly
- batman-adv: tp_meter: initialize dec_cwnd explicitly
- batman-adv: tp_meter: avoid window underflow
- batman-adv: tp_meter: avoid divide-by-zero for dec_cwnd
- batman-adv: tp_meter: fix fast recovery precondition
- batman-adv: tp_meter: handle seqno wrap-around for fast recovery detection
- batman-adv: tp_meter: add only finished tp_vars to lists
- batman-adv: bla: annotate lasttime access with READ/WRITE_ONCE
- batman-adv: prevent ELP transmission interval underflow
- batman-adv: tp_meter: initialize last_recv_time during init
- batman-adv: gw: don't deselect gateway with active hardif
- batman-adv: ensure bcast is writable before modifying TTL
- batman-adv: fix (m|b)cast csum after decrementing TTL
- batman-adv: frag: ensure fragment is writable before modifying TTL
- batman-adv: frag: avoid underflow of TTL
- batman-adv: v: prevent OGM aggregation on disabled hardif
- batman-adv: tp_meter: restrict number of unacked list entries
- batman-adv: tp_meter: annotate last_recv_time access with READ/WRITE_ONCE
- batman-adv: tp_meter: prevent parallel modifications of last_recv
- batman-adv: tp_meter: handle overlapping packets
- batman-adv: tt: don't merge change entries with different VIDs
- batman-adv: tt: track roam count per VID
- batman-adv: dat: prevent false sharing between VLANs
- batman-adv: tvlv: enforce 2-byte alignment
- batman-adv: tvlv: avoid race of cifsnotfound handler state
- ipv6: account for fraggap on the paged allocation path (CVE-2026-53362)
- ipv4: account for fraggap on the paged allocation path
- ntfs3: reject direct userspace writes to reserved $LX* xattrs
- wifi: mt76: add wcid publish check in mt76_sta_add
- mac802154: llsec: add skb_cow_data() before in-place crypto
- net: skmsg: preserve sg.copy across SG transforms
- net: ip_gre: require CAP_NET_ADMIN in the device netns for changelink
- PCI/P2PDMA: Add Intel QAT, DSA, IAA devices to whitelist
- apparmor: mediate the implicit connect of TCP fast open sendmsg
- apparmor: fix use-after-free in rawdata dedup loop
- NTB: epf: Avoid pci_iounmap() with offset when PEER_SPAD and CONFIG share
BAR
- fbdev: fix use-after-free in store_modes()
- fscrypt: Fix key setup in edge case with multiple data unit sizes
- kernel/fork: clear PF_BLOCK_TS in copy_process()
- block: invalidate cached plug timestamp after task switch
- [arm64] KVM: arm64: Omit tag sync on stage-2 mappings of the zero page
- err.h: use __always_inline on all error pointer helpers
- gcov: use atomic counter updates to fix concurrent access crashes
- KEYS: fix overflow in keyctl_pkey_params_get_2()
- keys: Pin request_key_auth payload in instantiate paths
- userfaultfd: ensure mremap_userfaultfd_fail() releases mmap_changing
- userfaultfd: build __VMA_UFFD_FLAGS from config-gated masks
- wifi: mt76: mt76x2u: Add support for ELECOM WDC-867SU3S
- wifi: mt76: mt7925: don't disable AP BSS when removing TDLS peer
- wifi: ath11k: fix warning when unbinding
- wifi: rtl8xxxu: Detect the maximum supported channel width
- wifi: rtlwifi: rtl8821ae: Fix C2H bit location in RX descriptor
- wifi: rtw88: increase TX report timeout to fix race condition
- wifi: rtw88: usb: fix memory leaks on USB write failures
- wifi: iwlwifi: mvm: fix race condition in PTP removal
- wifi: iwlwifi: mld: fix race condition in PTP removal
- wifi: iwlwifi: mld: validate sta_mask before ffs() in BA session handlers
- f2fs: fix missing read bio submission on large folio error
- f2fs: pass correct iostat type for single node writes
- f2fs: reject setattr size changes on large folio files
- f2fs: fix to do sanity check on f2fs_get_node_folio_ra()
- f2fs: validate orphan inode entry count
- f2fs: validate compress cache inode only when enabled
- f2fs: atomic: fix UAF issue on f2fs_inode_info.atomic_inode
- f2fs: fix to round down start offset of fallocate for pin file
- f2fs: bound i_inline_xattr_size for non-inline-xattr inodes
- f2fs: validate ACL entry sizes in f2fs_acl_from_disk()
- Revert "f2fs: remove non-uptodate folio from the page cache in
move_data_block"
- f2fs: fix incorrect FI_NO_EXTENT handling in __destroy_extent_node()
- f2fs: keep atomic write retry from zeroing original data
- f2fs: read COW data with the original inode during atomic write
- block: Avoid mounting the bdev pseudo-filesystem in userspace
- bpf: use kvfree() for replaced sysctl write buffer
- exfat: fix potential use-after-free in exfat_find_dir_entry()
- [amd64] KVM: x86/mmu: Ensure hugepage is in by slot before checking max
mapping level
- KVM: Replace guest-triggerable BUG_ON() in ioeventfd datamatch with
get_unaligned()
- gfs2: fix use-after-free in gfs2_qd_dealloc
- pwrseq: core: fix use-after-free in pwrseq_debugfs_seq_next()
- hdlc_ppp: sync per-proto timers before freeing hdlc state
- blk-cgroup: fix UAF in __blkcg_rstat_flush()
- tipc: fix slab-use-after-free Read in tipc_aead_decrypt_done
- [loong64] Report dying CPU to RCU in stop_this_cpu()
- pNFS: Fix use-after-free in pnfs_update_layout()
- sched/mmcid: Fix OOB clear_bit when CID is MM_CID_UNSET in fixup path
- irqchip/imgpdc: Fix resource leak, add missing chained handler cleanup on
remove
- fpga: region: fix use-after-free in child_regions_with_firmware()
- rpmsg: char: Fix use-after-free on probe error path
- ocfs2: reject oversized group bitmap descriptors
- 9p: avoid putting oldfid in p9_client_walk() error path
- [amd64] KVM: x86: hyper-v: Bound the bank index when querying sparse banks
- [amd64] KVM: SVM: Fix page overflow in sev_dbg_crypt() for ENCRYPT path
- power: reset: linkstation-poweroff: fix use-after-free in the
linkstation_poweroff_init()
- [riscv64] mm: Extract helper mark_new_valid_map()
- [riscv64] kfence: Call mark_new_valid_map() for kfence_unprotect()
- ntfs: serialize volume label accesses
- fbdev: Fix fb_new_modelist to prevent null-ptr-deref in
fb_videomode_to_var
- fbdev: fbcon: fix out-of-bounds read in err_out of fbcon_do_set_font()
- fbdev: omap2: fix use-after-free in omapfb_mmap
- fbdev: modedb: fix a possible UAF in fb_find_mode()
- fbdev: modedb: Fix misaligned fields in the 1920x1080-60 mode
- i2c: core: fix adapter registration race
- nfsd: release layout stid on setlease failure
- NFSD: Fix SECINFO_NO_NAME decode error cleanup
- nfsd: fix posix_acl leak on SETACL decode failure
- nfsd: fix inverted cp_ttl check in async copy reaper
- nfsd: fix posix_acl leak and ignored error in nfsd4_create_file
- nfsd: check get_user() return when reading princhashlen
- nfsd: fix dead ACL conflict guard in nfsd4_create
- nfsd: avoid leaking pre-allocated openowner on unconfirmed retry race
- nfsd: reset write verifier on deferred writeback errors
- NFSv4/flexfiles: reject zero filehandle version count
- NFSv4/pNFS: reject zero-length r_addr in nfs4_decode_mp_ds_addr
- NFSv4: clear exception state on successful mkdir retry
- NFS: Prevent resource leak in nfs_alloc_server()
- ksmbd: fix out-of-bounds read in smb_check_perm_dacl()
- net/tcp-ao: fix use-after-free of key in del_async path
- apparmor: advertise the tcp fast open fix is applied
.
[ Aurelien Jarno ]
* [riscv64] Enable CPU_FREQ_DEFAULT_GOV_SCHEDUTIL instead of
CPU_FREQ_DEFAULT_GOV_PERFORMANCE
.
[ Ben Hutchings ]
* [sparc64] udeb: scsi-modules: Use the default module list
Checksums-Sha1:
47591d176ab075fc8618fd185975448ec70d51bb 5456 linux-signed-amd64_7.1.3+1.dsc
b0d8d2aef4f6f989f8c73588af8b5913f22e39f2 689504 linux-signed-amd64_7.1.3+1.tar.xz
Checksums-Sha256:
4dba89d61ce3db2e765080fd223dd858e2bbc937562e809c02815b1ffec9c230 5456 linux-signed-amd64_7.1.3+1.dsc
f4c325ead842b7aa559d772c556d6feafe9e33f6f4932ee5ae4e9ce7d6467ccf 689504 linux-signed-amd64_7.1.3+1.tar.xz
Files:
c1b966f75273fa4743287ac310775309 5456 kernel optional linux-signed-amd64_7.1.3+1.dsc
2d4ebeae226c52bf006718cf63ffe1f6 689504 kernel optional linux-signed-amd64_7.1.3+1.tar.xz
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQSInBJdRTWyTRy0ztFCTVFtUgONCgUCaknpwAAKCRBCTVFtUgON
Cp1qAP9w0214HmZhEvqySw6XjMQShoaa+Gfd1EhBjZ4XAU003QD/U8kzyqvDwBSG
umZcfUx4uU7cJUCdBM0cwYZ/HMTG/AQ=
=WzPs
-----END PGP SIGNATURE-----