New Debian linux 6.1.128-1 fixes: This update addresses the following issues: 6.1.128-1 (Fri, 07 Feb 2025 10:43:47 +0100) * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.125 - ceph: give up on paths longer than PATH_MAX (CVE-2024-53685) - bpf, sockmap: Fix race between element replace and close() (CVE-2024-56664) - sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers (CVE-2024-53128) - jbd2: increase IO priority for writing revoke records - jbd2: flush filesystem device before updating tail sequence - dm array: fix releasing a faulty array block twice in dm_array_cursor_end - dm array: fix unreleased btree blocks on closing a faulty array cursor - dm array: fix cursor index when skipping across block boundaries - exfat: fix the infinite loop in exfat_readdir() - exfat: fix the infinite loop in __exfat_free_cluster() - scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and transitivity - net: 802: LLC+SNAP OID:PID lookup on start of skb data - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog - tcp/dccp: allow a connection when sk_max_ack_backlog is zero - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute - bnxt_en: Fix possible memory leak when hwrm_req_replace fails - cxgb4: Avoid removal of uninserted tid - ice: fix incorrect PHY settings for 100 GB/s - tls: Fix tls_sw_sendmsg error handling - Bluetooth: hci_sync: Fix not setting Random Address when required - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset - netfilter: nf_tables: imbalance in flowtable binding - netfilter: conntrack: clamp maximum hashtable size to INT_MAX - sched: sch_cake: add bounds checks to host bulk flow fairness counts - net/mlx5: Fix variable not being completed when function returns - ksmbd: fix a missing return value check bug - afs: Fix the maximum cell name length - ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked - dm thin: make get_first_thin use rcu-safe list first function - dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy - sctp: sysctl: rto_min/max: avoid using current->nsproxy - sctp: sysctl: auth_enable: avoid using current->nsproxy - sctp: sysctl: udp_port: avoid using current->nsproxy - sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy - drm/amd/display: Add check for granularity in dml ceil/floor helpers - thermal: of: fix OF node leak in of_thermal_zone_find() - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] - drm/amd/display: increase MAX_SURFACES to the value supported by hw - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) - bpf: Add MEM_WRITE attribute - bpf: Fix overloading of MEM_UNINIT's meaning (CVE-2024-50164) - USB: serial: option: add MeiG Smart SRM815 - USB: serial: option: add Neoway N723-EA support - usb-storage: Add max sectors quirk for Nokia 208 - USB: serial: cp210x: add Phoenix Contact UPS Device - usb: dwc3: gadget: fix writing NYET threshold - topology: Keep the cpumask unchanged when printing cpumap - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null - usb: dwc3-am62: Disable autosuspend during remove - USB: usblp: return error when setting unsupported protocol - USB: core: Disable LPM only for non-suspended ports - usb: fix reference leak in usb_new_device() - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind - iio: light: vcnl4035: fix information leak in triggered buffer - iio: imu: kmx61: fix information leak in triggered buffer - iio: gyro: fxas21002c: Fix missing data update in trigger handler - iio: inkern: call iio_device_put() only on mapped devices - io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() - of/address: Add support for 3 address cell bus - of: address: Fix address translation when address-size is greater than 2 - of: address: Remove duplicated functions - of: address: Store number of bus flag cells rather than bool - of: address: Preserve the flags portion on 1:1 dma-ranges mapping - ocfs2: correct return value of ocfs2_local_free_info() - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (CVE-2024-57892) - drm: bridge: adv7511: use dev_err_probe in probe function - drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (CVE-2024-57887) - xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.126 - Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.127 - [arm64,armhf] net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() - bpf: Fix bpf_sk_select_reuseport() memory leak - openvswitch: fix lockup on tx to unregistering netdev with carrier - pktgen: Avoid out-of-bounds access in get_imix_entries - net: add exit_batch_rtnl() method - gtp: use exit_batch_rtnl() method - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp(). - gtp: Destroy device along with udp socket's netns dismantle. - nfp: bpf: prevent integer overflow in nfp_bpf_event_output() - net/mlx5: Fix RDMA TX steering prio - net/mlx5: Clear port select structure when fail to create - [arm64] drm/v3d: Ensure job pointer is set to NULL after job completion - hwmon: (tmp513) Fix division of negative numbers - Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data" - i2c: mux: demux-pinctrl: check initial mux selection, too - i2c: rcar: fix NACK handling when being a target - nvmet: propagate npwg topology - mac802154: check local interfaces before deleting sdata list - hfs: Sanity check the root record - fs: fix missing declaration of init_files - kheaders: Ignore silly-rename files - cachefiles: Parse the "secctx" immediately - scsi: ufs: core: Honor runtime/system PM levels if set by host controller drivers - ACPI: resource: acpi_dev_irq_override(): Check DMI match last - iomap: avoid avoid truncating 64-bit offset to 32 bits - poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() - [x86] asm: Make serialize() always_inline - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA - zram: fix potential UAF of zram table - mptcp: be sure to send ack when mptcp-level window re-opens - net: ethernet: xgbe: re-add aneg to supported features in PHY quirks - vsock/virtio: discard packets if the transport changes - vsock/virtio: cancel close work in the destructor - vsock: reset socket state when de-assigning the transport - vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] - filemap: avoid truncating 64-bit offset to 32 bits - fs/proc: fix softlockup in __read_vmcore (part 2) - gpiolib: cdev: Fix use after free in lineinfo_changed_notify (CVE-2024-36899) - [arm64] pmdomain: imx8mp-blk-ctrl: add missing loop break condition - irqchip: Plug a OF node reference leak in platform_irqchip_probe() - irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly - irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() - hrtimers: Handle CPU state correctly on hotplug - [x86] drm/i915/fb: Relax clear color alignment to 64 bytes - Revert "PCI: Use preserve_config in place of pci_flags" - iio: imu: inv_icm42600: fix spi burst write not supported - iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on - [arm64,armhf] iio: adc: rockchip_saradc: fix information leak in triggered buffer (CVE-2024-57907) - drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' (CVE-2024-56608) - drm/amdgpu: fix usage slab after free (CVE-2024-56551) - block: fix uaf for flush rq while iterating tags (CVE-2024-53170) - Revert "drm/amdgpu: rework resume handling for display (v2)" - RDMA/rxe: Fix the qp flush warnings in req (CVE-2024-53229) - scsi: sg: Fix slab-use-after-free read in sg_release() (CVE-2024-56631) - Revert "regmap: detach regmap from dev on regmap_exit" - wifi: ath10k: avoid NULL pointer error during sdio remove (CVE-2024-56599) - erofs: tidy up EROFS on-disk naming - erofs: handle NONHEAD !delta[1] lclusters gracefully - nfsd: add list_head nf_gc to struct nfsd_file - [x86] xen: fix SLS mitigation in xen_hypercall_iret() - net: fix data-races around sk->sk_forward_alloc (CVE-2024-53124) https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.128 - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request - drm/amd/display: Use HW lock mgr for PSR1 - [arm64,armhf] irqchip/sunxi-nmi: Add missing SKIP_WAKE flag - regmap: detach regmap from dev on regmap_exit - ipv6: Fix soft lockups in fib6_select_path under high next hop churn (CVE-2024-56703) - softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel - xfs: bump max fsgeom struct version - xfs: hoist freeing of rt data fork extent mappings - xfs: prevent rt growfs when quota is enabled - xfs: rt stubs should return negative errnos when rt disabled - xfs: fix units conversion error in xfs_bmap_del_extent_delay - xfs: make sure maxlen is still congruent with prod when rounding down - xfs: introduce protection for drop nlink - xfs: handle nimaps=0 from xfs_bmapi_write in xfs_alloc_file_space - xfs: allow read IO and FICLONE to run concurrently - xfs: factor out xfs_defer_pending_abort - xfs: abort intent items when recovery intents fail - xfs: only remap the written blocks in xfs_reflink_end_cow_extent - xfs: up(ic_sema) if flushing data device fails - xfs: fix internal error from AGFL exhaustion - xfs: inode recovery does not validate the recovered inode - xfs: clean up dqblk extraction - xfs: dquot recovery does not validate the recovered dquot - xfs: clean up FS_XFLAG_REALTIME handling in xfs_ioctl_setattr_xflags - xfs: respect the stable writes flag on the RT device - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag - io_uring: fix waiters missing wake ups - net: sched: fix ets qdisc OOB Indexing - block: fix integer overflow in BLKSECDISCARD (CVE-2024-49994) - Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad" - vfio/platform: check the bounds of read/write syscalls - ext4: fix access to uninitialised lock in fc replay path (CVE-2024-50014) - ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (CVE-2024-50304) - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service - wifi: iwlwifi: add a few rate index validity checks - smb: client: fix UAF in async decryption (CVE-2024-50047) - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() - Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null" - ALSA: usb-audio: Add delay quirk for USB Audio Device - Input: atkbd - map F23 key to support default copilot shortcut - Input: xpad - add unofficial Xbox 360 wireless receiver clone - Input: xpad - add support for wooting two he (arm) - smb: client: fix NULL ptr deref in crypto_aead_setkey() - [arm64] drm/v3d: Assign job pointer to NULL before signaling the fence [ Salvatore Bonaccorso ] * Bump ABI to 31 * [rt] Update to 6.1.127-rt48 6.1.124-1 (Sun, 12 Jan 2025 20:58:02 +0100) * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.124 - [x86] hyperv: Fix hv tsc page based sched_clock for hibernation - selinux: ignore unknown extended permissions - btrfs: fix use-after-free in btrfs_encoded_read_endio() (CVE-2024-56582) - tracing: Have process_string() also allow arrays - [x86] thunderbolt: Add support for Intel Lunar Lake - [x86] thunderbolt: Add support for Intel Panther Lake-M/P - [x86] thunderbolt: Don't display nvm_version unless upgrade supported - xhci: retry Stop Endpoint on buggy NEC controllers - usb: xhci: Limit Stop Endpoint retries - xhci: Turn NEC specific quirk for handling Stop Endpoint errors generic - net: mctp: handle skb cleanup on sock_queue failures - RDMA/mlx5: Enforce same type port association for multiport RoCE - [arm64] drm/bridge: adv7511_audio: Update Audio InfoFrame properly - [arm64] RDMA/hns: Refactor mtr find - [arm64] RDMA/hns: Remove unused parameters and variables - [arm64] RDMA/hns: Fix mapping error of zero-hop WQE buffer - [arm64] RDMA/hns: Fix warning storm caused by invalid input in IO path - [arm64] RDMA/hns: Fix missing flush CQE for DWQE - net: stmmac: platform: provide devm_stmmac_probe_config_dt() - net: stmmac: don't create a MDIO bus if unnecessary - net: stmmac: restructure the error path of stmmac_probe_config_dt() - net: fix memory leak in tcp_conn_request() - ipip,ip_tunnel,sit: Add FOU support for externally controlled ipip devices - ip_tunnel: annotate data-races around t->parms.link - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev() - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit() - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit() - net: Fix netns for ip_tunnel_init_flow() - netrom: check buffer length before accessing it - [x86] drm/i915/dg1: Fix power gate sequence. - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext - net: llc: reset skb->transport_header - ALSA: usb-audio: US16x08: Initialize array before use - [armel,armhf] net: mv643xx_eth: fix an OF node reference leak - net: wwan: t7xx: Fix FSM command timeout issue - net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets - net: restrict SO_REUSEPORT to inet sockets - net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init() - af_packet: fix vlan_get_tci() vs MSG_PEEK - af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK - ila: serialize calls to nf_register_net_hooks() - btrfs: rename and export __btrfs_cow_block() - btrfs: fix use-after-free when COWing tree bock and tracing is enabled (CVE-2024-56759) - wifi: mac80211: wake the queues in case of failure in resume - btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount - ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model - sound: usb: enable DSD output for ddHiFi TC44C - sound: usb: format: don't warn that raw DSD is unsupported - bpf: fix potential error return - ksmbd: retry iterate_dir in smb2_query_dir - net: usb: qmi_wwan: add Telit FE910C04 compositions - Bluetooth: hci_core: Fix sleeping function called from invalid context - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base - usb: xhci: Avoid queuing redundant Stop Endpoint commands - modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host - modpost: fix the missed iteration for the max bit in do_input() - ALSA hda/realtek: Add quirk for Framework F111:000C - ALSA: seq: oss: Fix races at processing SysEx messages - kcov: mark in_softirq_really() as __always_inline - RDMA/uverbs: Prevent integer overflow issue - [armhf] pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking - sky2: Add device ID 11ab:4373 for Marvell 88E8075 - net/sctp: Prevent autoclose integer overflow in sctp_association_init() - [arm64] drm: adv7511: Drop dsi single lane support - dt-bindings: display: adi,adv7533: Drop single lane support - mm/readahead: fix large folio support in async readahead - mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() - mptcp: fix TCP options overflow. - mptcp: fix recvbuffer adjust on sleeping rcvmsg - mptcp: don't always assume copied data in mptcp_cleanup_rbuf() - zram: check comp is non-NULL before calling comp_destroy * Bump ABI to 30
--- mirror/ftp/pool/main/l/linux/linux_6.1.123-1.dsc +++ apt/ucs_5.2-0-errata5.2-0/source/linux_6.1.128-1.dsc @@ -1,3 +1,295 @@ +6.1.128-1 [Fri, 07 Feb 2025 10:43:47 +0100] Salvatore Bonaccorso <carnil@debian.org>: + + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.125 + - ceph: give up on paths longer than PATH_MAX (CVE-2024-53685) + - bpf, sockmap: Fix race between element replace and close() + (CVE-2024-56664) + - sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers + (CVE-2024-53128) + - jbd2: increase IO priority for writing revoke records + - jbd2: flush filesystem device before updating tail sequence + - dm array: fix releasing a faulty array block twice in dm_array_cursor_end + - dm array: fix unreleased btree blocks on closing a faulty array cursor + - dm array: fix cursor index when skipping across block boundaries + - exfat: fix the infinite loop in exfat_readdir() + - exfat: fix the infinite loop in __exfat_free_cluster() + - scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and + transitivity + - net: 802: LLC+SNAP OID:PID lookup on start of skb data + - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog + - tcp/dccp: allow a connection when sk_max_ack_backlog is zero + - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute + - bnxt_en: Fix possible memory leak when hwrm_req_replace fails + - cxgb4: Avoid removal of uninserted tid + - ice: fix incorrect PHY settings for 100 GB/s + - tls: Fix tls_sw_sendmsg error handling + - Bluetooth: hci_sync: Fix not setting Random Address when required + - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset + - netfilter: nf_tables: imbalance in flowtable binding + - netfilter: conntrack: clamp maximum hashtable size to INT_MAX + - sched: sch_cake: add bounds checks to host bulk flow fairness counts + - net/mlx5: Fix variable not being completed when function returns + - ksmbd: fix a missing return value check bug + - afs: Fix the maximum cell name length + - ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked + - dm thin: make get_first_thin use rcu-safe list first function + - dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY + - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy + - sctp: sysctl: rto_min/max: avoid using current->nsproxy + - sctp: sysctl: auth_enable: avoid using current->nsproxy + - sctp: sysctl: udp_port: avoid using current->nsproxy + - sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy + - drm/amd/display: Add check for granularity in dml ceil/floor helpers + - thermal: of: fix OF node leak in of_thermal_zone_find() + - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] + - ACPI: resource: Add Asus Vivobook X1504VAP to + irq1_level_low_skip_override[] + - drm/amd/display: increase MAX_SURFACES to the value supported by hw + - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take + 2) + - bpf: Add MEM_WRITE attribute + - bpf: Fix overloading of MEM_UNINIT's meaning (CVE-2024-50164) + - USB: serial: option: add MeiG Smart SRM815 + - USB: serial: option: add Neoway N723-EA support + - usb-storage: Add max sectors quirk for Nokia 208 + - USB: serial: cp210x: add Phoenix Contact UPS Device + - usb: dwc3: gadget: fix writing NYET threshold + - topology: Keep the cpumask unchanged when printing cpumap + - usb: gadget: u_serial: Disable ep before setting port to null to fix the + crash caused by port being null + - usb: dwc3-am62: Disable autosuspend during remove + - USB: usblp: return error when setting unsupported protocol + - USB: core: Disable LPM only for non-suspended ports + - usb: fix reference leak in usb_new_device() + - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints + - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind + - iio: light: vcnl4035: fix information leak in triggered buffer + - iio: imu: kmx61: fix information leak in triggered buffer + - iio: gyro: fxas21002c: Fix missing data update in trigger handler + - iio: inkern: call iio_device_put() only on mapped devices + - io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period + - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() + - of/address: Add support for 3 address cell bus + - of: address: Fix address translation when address-size is greater than 2 + - of: address: Remove duplicated functions + - of: address: Store number of bus flag cells rather than bool + - of: address: Preserve the flags portion on 1:1 dma-ranges mapping + - ocfs2: correct return value of ocfs2_local_free_info() + - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv + (CVE-2024-57892) + - drm: bridge: adv7511: use dev_err_probe in probe function + - drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (CVE-2024-57887) + - xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals + https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.126 + - Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM + conditionals + https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.127 + - [arm64,armhf] net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() + - bpf: Fix bpf_sk_select_reuseport() memory leak + - openvswitch: fix lockup on tx to unregistering netdev with carrier + - pktgen: Avoid out-of-bounds access in get_imix_entries + - net: add exit_batch_rtnl() method + - gtp: use exit_batch_rtnl() method + - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp(). + - gtp: Destroy device along with udp socket's netns dismantle. + - nfp: bpf: prevent integer overflow in nfp_bpf_event_output() + - net/mlx5: Fix RDMA TX steering prio + - net/mlx5: Clear port select structure when fail to create + - [arm64] drm/v3d: Ensure job pointer is set to NULL after job completion + - hwmon: (tmp513) Fix division of negative numbers + - Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data" + - i2c: mux: demux-pinctrl: check initial mux selection, too + - i2c: rcar: fix NACK handling when being a target + - nvmet: propagate npwg topology + - mac802154: check local interfaces before deleting sdata list + - hfs: Sanity check the root record + - fs: fix missing declaration of init_files + - kheaders: Ignore silly-rename files + - cachefiles: Parse the "secctx" immediately + - scsi: ufs: core: Honor runtime/system PM levels if set by host controller + drivers + - ACPI: resource: acpi_dev_irq_override(): Check DMI match last + - iomap: avoid avoid truncating 64-bit offset to 32 bits + - poll_wait: add mb() to fix theoretical race between waitqueue_active() and + .poll() + - [x86] asm: Make serialize() always_inline + - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA + - zram: fix potential UAF of zram table + - mptcp: be sure to send ack when mptcp-level window re-opens + - net: ethernet: xgbe: re-add aneg to supported features in PHY quirks + - vsock/virtio: discard packets if the transport changes + - vsock/virtio: cancel close work in the destructor + - vsock: reset socket state when de-assigning the transport + - vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] + - filemap: avoid truncating 64-bit offset to 32 bits + - fs/proc: fix softlockup in __read_vmcore (part 2) + - gpiolib: cdev: Fix use after free in lineinfo_changed_notify + (CVE-2024-36899) + - [arm64] pmdomain: imx8mp-blk-ctrl: add missing loop break condition + - irqchip: Plug a OF node reference leak in platform_irqchip_probe() + - irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly + - irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() + - hrtimers: Handle CPU state correctly on hotplug + - [x86] drm/i915/fb: Relax clear color alignment to 64 bytes + - Revert "PCI: Use preserve_config in place of pci_flags" + - iio: imu: inv_icm42600: fix spi burst write not supported + - iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on + - [arm64,armhf] iio: adc: rockchip_saradc: fix information leak in triggered + buffer (CVE-2024-57907) + - drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' + (CVE-2024-56608) + - drm/amdgpu: fix usage slab after free (CVE-2024-56551) + - block: fix uaf for flush rq while iterating tags (CVE-2024-53170) + - Revert "drm/amdgpu: rework resume handling for display (v2)" + (Closes: #1094766) + - RDMA/rxe: Fix the qp flush warnings in req (CVE-2024-53229) + - scsi: sg: Fix slab-use-after-free read in sg_release() (CVE-2024-56631) + - Revert "regmap: detach regmap from dev on regmap_exit" + - wifi: ath10k: avoid NULL pointer error during sdio remove (CVE-2024-56599) + - erofs: tidy up EROFS on-disk naming + - erofs: handle NONHEAD !delta[1] lclusters gracefully + - nfsd: add list_head nf_gc to struct nfsd_file + - [x86] xen: fix SLS mitigation in xen_hypercall_iret() + - net: fix data-races around sk->sk_forward_alloc (CVE-2024-53124) + https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.128 + - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS + request + - drm/amd/display: Use HW lock mgr for PSR1 + - [arm64,armhf] irqchip/sunxi-nmi: Add missing SKIP_WAKE flag + - regmap: detach regmap from dev on regmap_exit + - ipv6: Fix soft lockups in fib6_select_path under high next hop churn + (CVE-2024-56703) + - softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel + - xfs: bump max fsgeom struct version + - xfs: hoist freeing of rt data fork extent mappings + - xfs: prevent rt growfs when quota is enabled + - xfs: rt stubs should return negative errnos when rt disabled + - xfs: fix units conversion error in xfs_bmap_del_extent_delay + - xfs: make sure maxlen is still congruent with prod when rounding down + - xfs: introduce protection for drop nlink + - xfs: handle nimaps=0 from xfs_bmapi_write in xfs_alloc_file_space + - xfs: allow read IO and FICLONE to run concurrently + - xfs: factor out xfs_defer_pending_abort + - xfs: abort intent items when recovery intents fail + - xfs: only remap the written blocks in xfs_reflink_end_cow_extent + - xfs: up(ic_sema) if flushing data device fails + - xfs: fix internal error from AGFL exhaustion + - xfs: inode recovery does not validate the recovered inode + - xfs: clean up dqblk extraction + - xfs: dquot recovery does not validate the recovered dquot + - xfs: clean up FS_XFLAG_REALTIME handling in xfs_ioctl_setattr_xflags + - xfs: respect the stable writes flag on the RT device + - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag + - io_uring: fix waiters missing wake ups (Closes: #1093243) + - net: sched: fix ets qdisc OOB Indexing + - block: fix integer overflow in BLKSECDISCARD (CVE-2024-49994) + - Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad" + - vfio/platform: check the bounds of read/write syscalls + - ext4: fix access to uninitialised lock in fc replay path (CVE-2024-50014) + - ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() + (CVE-2024-50304) + - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service + - wifi: iwlwifi: add a few rate index validity checks + - smb: client: fix UAF in async decryption (CVE-2024-50047) + - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() + - Revert "usb: gadget: u_serial: Disable ep before setting port to null to + fix the crash caused by port being null" + - ALSA: usb-audio: Add delay quirk for USB Audio Device + - Input: atkbd - map F23 key to support default copilot shortcut + - Input: xpad - add unofficial Xbox 360 wireless receiver clone + - Input: xpad - add support for wooting two he (arm) + - smb: client: fix NULL ptr deref in crypto_aead_setkey() + - [arm64] drm/v3d: Assign job pointer to NULL before signaling the fence + + [ Salvatore Bonaccorso ] + * Bump ABI to 31 + * [rt] Update to 6.1.127-rt48 + +6.1.124-1 [Sun, 12 Jan 2025 20:58:02 +0100] Salvatore Bonaccorso <carnil@debian.org>: + + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.124 + - [x86] hyperv: Fix hv tsc page based sched_clock for hibernation + - selinux: ignore unknown extended permissions + - btrfs: fix use-after-free in btrfs_encoded_read_endio() (CVE-2024-56582) + - tracing: Have process_string() also allow arrays + - [x86] thunderbolt: Add support for Intel Lunar Lake + - [x86] thunderbolt: Add support for Intel Panther Lake-M/P + - [x86] thunderbolt: Don't display nvm_version unless upgrade supported + - xhci: retry Stop Endpoint on buggy NEC controllers + - usb: xhci: Limit Stop Endpoint retries + - xhci: Turn NEC specific quirk for handling Stop Endpoint errors generic + - net: mctp: handle skb cleanup on sock_queue failures + - RDMA/mlx5: Enforce same type port association for multiport RoCE + - [arm64] drm/bridge: adv7511_audio: Update Audio InfoFrame properly + - [arm64] RDMA/hns: Refactor mtr find + - [arm64] RDMA/hns: Remove unused parameters and variables + - [arm64] RDMA/hns: Fix mapping error of zero-hop WQE buffer + - [arm64] RDMA/hns: Fix warning storm caused by invalid input in IO path + - [arm64] RDMA/hns: Fix missing flush CQE for DWQE + - net: stmmac: platform: provide devm_stmmac_probe_config_dt() + - net: stmmac: don't create a MDIO bus if unnecessary + - net: stmmac: restructure the error path of stmmac_probe_config_dt() + - net: fix memory leak in tcp_conn_request() + - ipip,ip_tunnel,sit: Add FOU support for externally controlled ipip devices + - ip_tunnel: annotate data-races around t->parms.link + - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev() + - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit() + - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit() + - net: Fix netns for ip_tunnel_init_flow() + - netrom: check buffer length before accessing it + - [x86] drm/i915/dg1: Fix power gate sequence. + - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext + (Closes: #1092772) + - net: llc: reset skb->transport_header + - ALSA: usb-audio: US16x08: Initialize array before use + - [armel,armhf] net: mv643xx_eth: fix an OF node reference leak + - net: wwan: t7xx: Fix FSM command timeout issue + - net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets + - net: restrict SO_REUSEPORT to inet sockets + - net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init() + - af_packet: fix vlan_get_tci() vs MSG_PEEK + - af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK + - ila: serialize calls to nf_register_net_hooks() + - btrfs: rename and export __btrfs_cow_block() + - btrfs: fix use-after-free when COWing tree bock and tracing is enabled + (CVE-2024-56759) + - wifi: mac80211: wake the queues in case of failure in resume + - btrfs: flush delalloc workers queue before stopping cleaner kthread during + unmount + - ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model + - sound: usb: enable DSD output for ddHiFi TC44C + - sound: usb: format: don't warn that raw DSD is unsupported + - bpf: fix potential error return + - ksmbd: retry iterate_dir in smb2_query_dir + - net: usb: qmi_wwan: add Telit FE910C04 compositions + - Bluetooth: hci_core: Fix sleeping function called from invalid context + - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base + - usb: xhci: Avoid queuing redundant Stop Endpoint commands + - modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host + - modpost: fix the missed iteration for the max bit in do_input() + - ALSA hda/realtek: Add quirk for Framework F111:000C + - ALSA: seq: oss: Fix races at processing SysEx messages + - kcov: mark in_softirq_really() as __always_inline + - RDMA/uverbs: Prevent integer overflow issue + - [armhf] pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap + locking + - sky2: Add device ID 11ab:4373 for Marvell 88E8075 + - net/sctp: Prevent autoclose integer overflow in sctp_association_init() + - [arm64] drm: adv7511: Drop dsi single lane support + - dt-bindings: display: adi,adv7533: Drop single lane support + - mm/readahead: fix large folio support in async readahead + - mm: vmscan: account for free pages to prevent infinite Loop in + throttle_direct_reclaim() + - mptcp: fix TCP options overflow. + - mptcp: fix recvbuffer adjust on sleeping rcvmsg + - mptcp: don't always assume copied data in mptcp_cleanup_rbuf() + - zram: check comp is non-NULL before calling comp_destroy + + [ Salvatore Bonaccorso ] + * Bump ABI to 30 + 6.1.123-1 [Thu, 02 Jan 2025 14:31:22 +0100] Salvatore Bonaccorso <carnil@debian.org>: * New upstream stable update: <http://piuparts.knut.univention.de/5.2-0/#1395043155055462721>
*** Bug 57949 has been marked as a duplicate of this bug. ***
OK: bug OK: yaml OK: announce_errata OK: patch ~OK: piuparts New packages [5.2-0] 87546eb109 Bug #57948: linux-latest 105+deb10u22 doc/errata/staging/linux.yaml | 1 + 1 file changed, 1 insertion(+) [5.2-0] bcdd2284ba Bug #57948: linux 6.1.128-1 doc/errata/staging/linux.yaml | 50 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.2x25> <https://errata.software-univention.de/#/?erratum=5.2x26>