New Debian linux 6.1.133-1 fixes: This update addresses the following issues: 6.1.133-1 (Thu, 10 Apr 2025 21:32:42 +0200) * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.130 - [arm64] mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings - md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() - md/md-cluster: fix spares warnings for __le64 - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats - md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime - mm: update mark_victim tracepoints fields - memcg: fix soft lockup in the OOM process (CVE-2024-57977) - Bluetooth: qca: Support downloading board id specific NVM for WCN7850 - Bluetooth: qca: Update firmware-name to support board specific nvm - Bluetooth: qca: Fix poor RF performance for WCN6855 - scsi: core: Handle depopulation and restoration in progress - scsi: core: Do not retry I/Os during depopulation - [arm6]: dts: mediatek: mt8183: Disable DSI display output by default - [arm64] dts: qcom: trim addresses to 8 digits - [arm64] dts: qcom: sm8450: Fix CDSP memory length - tpm: Use managed allocation for bios event log - tpm: Change to kvalloc() in eventlog/acpi.c - media: Switch to use dev_err_probe() helper - media: uvcvideo: Fix crash during unbind if gpio unit is in use (CVE-2024-58079) - media: uvcvideo: Refactor iterators - media: uvcvideo: Only save async fh if success - media: uvcvideo: Remove dangling pointers (CVE-2024-58002) - USB: gadget: core: create sysfs link between udc and gadget - usb: gadget: core: flush gadget workqueue after device removal (CVE-2025-21838) - USB: gadget: f_midi: f_midi_complete to call queue_work - [powerpc*] 64s/mm: Move __real_pte stubs into hash-4k.h - [powerpc*] 64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline - ALSA: hda/realtek: Fixup ALC225 depop procedure - [powerpc*] code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC - geneve: Fix use-after-free in geneve_find_dev(). - ALSA: hda/cirrus: Correct the full scale volume set logic - gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). - geneve: Suppress list corruption splat in geneve_destroy_tunnels(). - flow_dissector: Fix handling of mixed port and port-range keys - flow_dissector: Fix port range key handling in BPF conversion - net: Add non-RCU dev_getbyhwaddr() helper - arp: switch to dev_getbyhwaddr() in arp_req_set_public() - net: axienet: Set mac_managed_pm - tcp: drop secpath at the same time as we currently drop dst - bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() - strparser: Add read_sock callback - bpf: Fix wrong copied_seq calculation - power: supply: da9150-fg: fix potential overflow - nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() - [arm64] drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC fields - nvme/ioctl: add missing space in err message - bpf: skip non exist keys in generic_map_lookup_batch - [arm64] drm/msm/dpu: Disable dither in phys encoder cleanup - [x86] drm/i915: Make sure all planes in use by the joiner have their crtc included - [arm64] tee: optee: Fix supplicant wait loop - drop_monitor: fix incorrect initialization order - nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() - [arm64] ASoC: fsl_micfil: Enable default case in micfil_set_quality() - ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED - acct: perform last write from workqueue - acct: block access to kernel internal filesystems - mm,madvise,hugetlb: check for 0-length range after end address adjustment - smb: client: Add check for next_buffer in receive_encrypted_standard() - ftrace: Correct preemption accounting for function tracing. - ftrace: Do not add duplicate entries in subops manager ops - [x86] cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit - block, bfq: split sync bfq_queues on a per-actuator basis - block, bfq: fix bfqq uaf in bfq_limit_depth() (CVE-2024-53166) - media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning (CVE-2024-47754) - netfilter: allow exp not to be removed in nf_ct_find_expectation - IB/mlx5: Set and get correct qp_num for a DCT QP - ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up - SUNRPC: convert RPC_TASK_* constants to enum - SUNRPC: Prevent looping due to rpc_signal_task() races - scsi: core: Clear driver private data when retrying request - RDMA/mlx5: Fix bind QP error cleanup flow - sunrpc: suppress warnings for unused procfs functions - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response - afs: remove variable nr_servers - afs: Make it possible to find the volumes that are using a server - afs: Fix the server_list to unuse a displaced server rather than putting it - net: loopback: Avoid sending IP packets without an Ethernet header - net: set the minimum for net_hotdata.netdev_budget_usecs - net/ipv4: add tracepoint for icmp_send - ipv4: icmp: Pass full DS field to ip_route_input() - ipv4: icmp: Unmask upper DSCP bits in icmp_route_lookup() - ipvlan: Unmask upper DSCP bits in ipvlan_process_v4_outbound() - ipv4: Convert icmp_route_lookup() to dscp_t. - ipv4: Convert ip_route_input() to dscp_t. - ipvlan: Prepare ipvlan_process_v4_outbound() to future .flowi4_tos conversion. - ipvlan: ensure network headers are in skb linear part - [arm64] net: cadence: macb: Synchronize stats calculations - [armhf] ASoC: es8328: fix route from DAC to output - ipvs: Always clear ipvs_property flag in skb_scrub_packet() - tcp: Defer ts_recent changes until req is owned - net: Clear old fragment checksum value in napi_reuse_skb - net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. - net/mlx5: IRQ, Fix null string in debug print - include: net: add static inline dst_dev_overhead() to dst.h - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue - net: ipv6: fix dst ref loop on input in seg6 lwt - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue - net: ipv6: fix dst ref loop on input in rpl lwt - mm: Don't pin ZERO_PAGE in pin_user_pages() - uprobes: Reject the shared zeropage in uprobe_write_opcode() - io_uring/net: save msg_control for compat - [x86] CPU: Fix warm boot hang regression on AMD SC1100 SoC systems - tracing: Fix bad hist from corrupting named_triggers list - ftrace: Avoid potential division by zero in function_stat_show() - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 - [x86] perf/x86: Fix low freqency setting issue - perf/core: Fix low freq setting via IOC_PERIOD - drm/amd/display: Disable PSR-SU on eDP panels - drm/amd/display: Fix HPD after gpu reset - i2c: npcm: disable interrupt enable bit before devm_request_irq - usbnet: gl620a: fix endpoint checking in genelink_bind() - [arm64] net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() - [arm64] net: enetc: keep track of correct Tx BD count in enetc_map_tx_tso_buffs() - [arm64] net: enetc: update UDP checksum when updating originTimestamp field - [arm64] net: enetc: correct the xdp_tx statistics - [arm64] net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs() - [armhf] phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk - mptcp: always handle address removal under msk socket lock - mptcp: reset when MPTCP opts are dropped after join - vmlinux.lds: Ensure that const vars with relocations are mapped R/O - sched/core: Prevent rescheduling when interrupts are disabled - drm/amd/display: fixed integer types and null check locations (CVE-2024-26767) - amdgpu/pm/legacy: fix suspend/resume issues - [x86] intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly - Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982) - pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702) - media: mtk-vcodec: potential null pointer deference in SCP (CVE-2024-40973) https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.131 - drm/amdgpu: Check extended configuration space register when system uses large bar - drm/amdgpu: disable BAR resize on Dell G5 SE - cpuidle, intel_idle: Fix CPUIDLE_FLAG_IBRS - [x86] speculation: Add __update_spec_ctrl() helper - [x86] amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() - Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" - HID: appleir: Fix potential NULL dereference at raw event handle - ksmbd: fix type confusion via race condition when using ipc_msg_send_request - ksmbd: fix use-after-free in smb2_lock - ksmbd: fix bug on trap in smb2_lock - [arm64] gpio: rcar: Use raw_spinlock to protect register access - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist - ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform - ALSA: hda/realtek: update ALC222 depop optimize - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M - [x86] platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e - [x86] cacheinfo: Validate CPUID leaf 0x2 EDX output - [x86] cpu: Validate CPUID leaf 0x2 EDX output - [x86] cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 - mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() - wifi: cfg80211: regulatory: improve invalid hints checking - wifi: nl80211: reject cooked mode if it is set along with other flags - rapidio: add check for rio_add_net() in rio_scan_alloc_net() - rapidio: fix an API misues when rio_add_net() fails - dma: kmsan: export kmsan_handle_dma() for modules - [s390x] traps: Fix test_monitor_call() inline assembly - block: fix conversion of GPT partition name to 7-bit - mm/page_alloc: fix uninitialized variable - mm: don't skip arch_sync_kernel_mappings() in error paths - wifi: iwlwifi: limit printed string from FW file - HID: google: fix unused variable warning under !CONFIG_ACPI - [amd64] HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch - net: gso: fix ownership in __udp_gso_segment - caif_virtio: fix wrong pointer check in cfv_probe() - hwmon: (pmbus) Initialise page count in pmbus_identify() - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table - hwmon: (ad7314) Validate leading zero bits and return error - ALSA: usx2y: validate nrpacks module parameter on probe - llc: do not use skb_get() before dev_queue_xmit() - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() - drm/sched: Fix preprocessor guard - be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink - [arm64] net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error - vlan: enforce underlying device type - [x86] sgx: Fix size overflows in sgx_encl_create() - exfat: fix soft lockup in exfat_clear_bitmap - net-timestamp: support TCP GSO case for a few missing flags - ublk: set_params: properly check if parameters can be applied - sched/fair: Fix potential memory corruption in child_cfs_rq_on_list - net: ipv6: fix dst ref loop in ila lwtunnel - net: ipv6: fix missing dst ref drop in ila lwtunnel - [arm64] gpio: rcar: Fix missing of_node_put() call - Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" - usb: hub: lack of clearing xHC resources - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader - usb: atm: cxacru: fix a flaw in existing endpoint checks - usb: dwc3: Set SUSPENDENABLE soon after phy init - usb: dwc3: gadget: Prevent irq storm when TH re-executes - usb: typec: ucsi: increase timeout for PPM reset operations - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality - usb: gadget: Set self-powered based on MaxPower and bmAttributes - usb: gadget: Fix setting self-powered state on suspend - usb: gadget: Check bmAttributes only if configuration is valid - xhci: pci: Fix indentation in the PCI device ID definitions - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 - [x86] KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value - [x86] mei: me: add panther lake P DID - [x86] intel_th: pci: Add Arrow Lake support - [x86] intel_th: pci: Add Panther Lake-H support - [x86] intel_th: pci: Add Panther Lake-P/U support - drivers: core: fix device leak in __fw_devlink_relax_cycles() - slimbus: messaging: Free transaction ID in delayed interrupt scenario - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock - eeprom: digsy_mtc: Make GPIO lookup table match the device - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl - iio: filter: admv8818: Force initialization of SDO - iio: dac: ad3552r: clear reset status flag - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value - ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage - Revert "KVM: e500: always restore irqs" - Revert "KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults" - Revert "KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock" - Revert "KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map()" - uprobes: Fix race in uprobe_free_utask - [x86] mm: Don't disable PCID when INVLPG has been fixed by microcode - spi-mxs: Fix chipselect glitch - nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link - nilfs2: eliminate staggered calls to kunmap in nilfs_rename - nilfs2: handle errors that nilfs_prepare_chunk() may return - scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() (CVE-2024-24855) - media: mediatek: vcodec: Handle invalid decoder vsi (CVE-2024-43831) - fs/ntfs3: Add rough attr alloc_size check (CVE-2024-50246) - bpf, vsock: Invoke proto::close on close() - vsock: Keep the binding until socket destruction (CVE-2025-21756) - vsock: Orphan socket after transport release https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.132 - clockevents/drivers/i8253: Fix stop sequence for timer 0 - sched/isolation: Prevent boot crash when the boot CPU is nohz_full - hrtimer: Use and report correct timerslack values for realtime tasks - fbdev: hyperv_fb: iounmap() the correct memory when removing a device - netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template. - ice: fix memory leak in aRFS after reset - netfilter: nf_conncount: garbage collection is not skipped when jiffies wrap around - sched: address a potential NULL pointer dereference in the GRED scheduler. - wifi: cfg80211: cancel wiphy_work before freeing wiphy - Bluetooth: hci_event: Fix enabling passive scanning - Revert "Bluetooth: hci_core: Fix sleeping function called from invalid context" - [arm64,armhf] net: dsa: mv88e6xxx: Verify after ATU Load ops - net: mctp i2c: Copy headers if cloned - netpoll: hold rcu read lock in __netpoll_send_skb() - [amd64,arm64] drm/hyperv: Fix address space leak when Hyper-V DRM device is removed - [amd64,arm64] Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() - net/mlx5: handle errors in mlx5_chains_create_table() - eth: bnxt: do not update checksum in bnxt_xdp_build_skb() - net: switchdev: Convert blocking notification chain to a raw one - bonding: fix incorrect MAC address setting to receive NS messages - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() - ipvs: prevent integer overflow in do_ip_vs_get_ctl() - net_sched: Prevent creation of classes with TC_H_ROOT - netfilter: nft_exthdr: fix offset with ipv4_find_option() - gre: Fix IPv6 link-local address generation. - net: openvswitch: remove misbehaving actions length check - net/mlx5: Bridge, fix the crash caused by LAG state check - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices - nvme-fc: go straight to connecting state when initializing - hrtimers: Mark is_migration_base() with __always_inline - powercap: call put_device() on an error path in powercap_register_control_type() - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() - scsi: core: Use GFP_NOIO to avoid circular locking dependency - scsi: qla1280: Fix kernel oops when debug level > 2 - ACPI: resource: IRQ override for Eluktronics MECH-17 - smb: client: fix noisy when tree connecting to DFS interlink targets - [x86] HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell - [x86] HID: intel-ish-hid: Send clock sync message immediately after reset - HID: ignore non-functional sensor in HP 5MP Camera - HID: hid-apple: Apple Magic Keyboard a3203 USB-C support - HID: apple: fix up the F6 key on the Omoton KB066 keyboard - sched: Clarify wake_up_q()'s write to task->wake_q.next - [x86] platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e - [x86] platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles - [s390x] cio: Fix CHPID "configure" attribute caching - thermal/cpufreq_cooling: Remove structure member documentation - Xen/swiotlb: mark xen_swiotlb_fixup() __init - ALSA: hda/realtek: Limit mic boost on Positivo ARN50 - [x86] ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers - nvme-tcp: add basic support for the C2HTermReq PDU - nvmet-rdma: recheck queue state is LIVE in state lock in recv done - sctp: Fix undefined behavior in left shift operation - nvme: only allow entering LIVE from CONNECTING state - fuse: don't truncate cached, mutated symlink - [x86] perf/x86/intel: Use better start period for frequency mode - [x86] irq: Define trace events conditionally - mptcp: safety check before fallback - drm/nouveau: Do not override forced connector status - block: fix 'kmem_cache of name 'bio-108' already exists' - io_uring: return error pointer from io_mem_alloc() - io_uring: add ring freeing helper - mm: add nommu variant of vm_insert_pages() - io_uring: get rid of remap_pfn_range() for mapping rings/sqes - io_uring: don't attempt to mmap larger than what the user asks for - io_uring: fix corner case forgetting to vunmap - xfs: pass refcount intent directly through the log intent code - xfs: pass xfs_extent_free_item directly through the log intent code - xfs: fix confusing xfs_extent_item variable names - xfs: pass the xfs_bmbt_irec directly through the log intent code - xfs: pass per-ag references to xfs_free_extent - xfs: validate block number being freed before adding to xefi - xfs: fix bounds check in xfs_defer_agfl_block() - xfs: use deferred frees for btree block freeing - xfs: reserve less log space when recovering log intent items - xfs: move the xfs_rtbitmap.c declarations to xfs_rtbitmap.h - xfs: convert rt bitmap extent lengths to xfs_rtbxlen_t - xfs: consider minlen sized extents in xfs_rtallocate_extent_block - xfs: don't leak recovered attri intent items - xfs: make rextslog computation consistent with mkfs - xfs: fix 32-bit truncation in xfs_compute_rextslog - xfs: don't allow overly small or large realtime volumes - xfs: remove unused fields from struct xbtree_ifakeroot - xfs: recompute growfsrtfree transaction reservation while growing rt volume - xfs: force all buffers to be written during btree bulk load - xfs: initialise di_crc in xfs_log_dinode - xfs: add lock protection when remove perag from radix tree - xfs: fix perag leak when growfs fails - xfs: ensure logflagsp is initialized in xfs_bmap_del_extent_real - xfs: update dir3 leaf block metadata after swap - xfs: reset XFS_ATTR_INCOMPLETE filter on node removal - xfs: remove conditional building of rt geometry validator functions - Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ - Input: i8042 - add required quirks for missing old boardnames - Input: i8042 - swap old quirk combination with new quirk for several devices - Input: i8042 - swap old quirk combination with new quirk for more devices - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 - USB: serial: option: add Telit Cinterion FE990B compositions - USB: serial: option: fix Telit Cinterion FE990A name - USB: serial: option: match on interface class for Telit FN990B - [x86] microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes - drm/atomic: Filter out redundant DPMS calls - drm/dp_mst: Fix locking when skipping CSN before topology probing - drm/amd/display: Restore correct backlight brightness after a GPU reset - drm/amd/display: Assign normalized_pix_clk when color depth = 14 - drm/amd/display: Fix slab-use-after-free on hdcp_work - [x86] ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model - qlcnic: fix memory leak issues in qlcnic_sriov_common.c - lib/buildid: Handle memfd_secret() files in build_id_parse() - tcp: fix races in tcp_abort() - tcp: fix forever orphan socket caused by tcp_abort - leds: mlxreg: Use devm_mutex_init() for mutex initialization - ASoC: ops: Consistently treat platform_max as control value - [x86] drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() - cifs: Fix integer overflow while processing acregmax mount option - cifs: Fix integer overflow while processing acdirmax mount option - cifs: Fix integer overflow while processing actimeo mount option - cifs: Fix integer overflow while processing closetimeo mount option - i2c: ali1535: Fix an error handling path in ali1535_probe() - i2c: ali15x3: Fix an error handling path in ali15x3_probe() - i2c: sis630: Fix an error handling path in sis630_probe() - [arm64] mm: Populate vmemmap at the page level if not section aligned - smb3: add support for IAKerb - smb: client: Fix match_session bug preventing session reuse - HID: apple: disable Fn key handling on the Omoton KB066 - smb: client: fix potential UAF in cifs_dump_full_key() (CVE-2024-35866) - firmware: imx-scu: fix OF node leak in .probe() - [arm64] dts: freescale: tqma8mpql: Fix vqmmc-supply - xfrm_output: Force software GSO only in tunnel mode - [arm64] soc: imx8m: Remove global soc_uid - [arm64] soc: imx8m: Use devm_* to simplify probe failure handling - [arm64] soc: imx8m: Unregister cpufreq and soc dev in cleanup path - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx - ARM: OMAP1: select CONFIG_GENERIC_IRQ_CHIP - ARM: dts: bcm2711: Don't mark timer regs unconfigured - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path - [arm64] RDMA/hns: Fix soft lockup during bt pages loop - [arm64] RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() - [arm64] RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() - [arm64] RDMA/hns: Fix wrong value of max_sge_rd - Bluetooth: Fix error code in chan_alloc_skb_cb() - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). - net: atm: fix use after free in lec_send() - net: lwtunnel: fix recursion loops - net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES - Revert "gre: Fix IPv6 link-local address generation." - i2c: omap: fix IRQ storms - [arm64,armhf] can: flexcan: only change CAN state when link up in system PM - [arm64,armhf] can: flexcan: disable transceiver during system PM - [arm64] drm/v3d: Don't run jobs that have errors flagged in its fence - regulator: check that dummy regulator has been probed before using it - [arm64] dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to sound card - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops - mmc: atmel-mci: Add missing clk_disable_unprepare() - proc: fix UAF in proc_get_inode() - efi/libstub: Avoid physical address 0x0 when doing random allocation - xsk: fix an integer overflow in xp_create_and_assign_umem() - batman-adv: Ignore own maximum aggregation size during RX - [arm64] soc: qcom: pdr: Fix the potential deadlock - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven - ksmbd: fix incorrect validation for num_aces field of smb_acl - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP - mptcp: Fix data stream corruption in the address announcement - netfilter: nft_counter: Use u64_stats_t for statistic. - drm/mediatek: Fix coverity issue with unintentional integer overflow (CVE-2023-52857) - media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning (CVE-2024-47753) - [arm64] dts: rockchip: fix u2phy1_host status for NanoPi R4S - drm/amdgpu: fix use-after-free bug (CVE-2024-26656) - wifi: iwlwifi: mvm: ensure offloading TID queue exists (CVE-2024-27056) - mm/migrate: fix shmem xarray update during migration - block, bfq: fix re-introduced UAF in bic_set_bfqq() - xfs: give xfs_extfree_intent its own perag reference https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.133 - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names - HID: hid-plantronics: Add mic mute mapping and generalize quirks - atm: Fix NULL pointer dereference - [armel,armhf] 9350/1: fault: Implement copy_from_kernel_nofault_allowed() - [armel,armhf] 9351/1: fault: Add "cut here" line for prefetch aborts - [armel,armhf] Remove address checking for MMUless devices - drm/amd/display: Check denominator crb_pipes before used (CVE-2024-46772) - netfilter: socket: Lookup orig tuple for IPv6 SNAT - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx - tty: serial: 8250: Add some more device IDs - tty: serial: 8250: Add Brainboxes XC devices - net: usb: qmi_wwan: add Telit Cinterion FN990B composition - net: usb: qmi_wwan: add Telit Cinterion FE990B composition - net: usb: usbnet: restore usb%d name exception for local mac addresses - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove - serial: 8250_dma: terminate correct DMA in tx_dma_flush() - usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (CVE-2024-50056) - usb: typec: ucsi: Fix NULL pointer access (CVE-2025-21918) - media: i2c: et8ek8: Don't strip remove function when driver is builtin (CVE-2024-38611) [ Bastian Blank ] * Backport changes in Microsoft Azure Network Adapter from 6.12: - net: mana: Use mana_cleanup_port_context() for rxq cleanup - net: mana: Add support for page sizes other than 4KB on ARM64 - net: mana: Add page pool for RX buffers - net: mana: Fix the tso_bytes calculation - net: mana: Fix oversized sge0 for GSO packets - net: mana: Avoid open coded arithmetic - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 - net: mana: Allow variable size indirection table [ Ben Hutchings ] * d/salsa-ci.yml: Run lintian from the target release, not always unstable * [powerpc*] Revert "fbdev/offb: Update expected device name" (Closes: #1085949) * d/b/genpatch-rt: Fix subprocess cleanup with Python 3.13 [ Salvatore Bonaccorso ] * d/b/genpatch-rt: Drop now unused 'io' module. * Revert "d/salsa-ci.yml: Suppress aliased-location lintian errors" * Bump ABI to 33 * ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model
--- mirror/ftp/pool/main/l/linux/linux_6.1.129-1.dsc +++ apt/ucs_5.2-0-errata5.2-1/source/linux_6.1.133-1.dsc @@ -1,3 +1,504 @@ +6.1.133-1 [Thu, 10 Apr 2025 21:32:42 +0200] Salvatore Bonaccorso <carnil@debian.org>: + + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.130 + - [arm64] mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings + - md/md-bitmap: replace md_bitmap_status() with a new helper + md_bitmap_get_stats() + - md/md-cluster: fix spares warnings for __le64 + - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats + - md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime + - mm: update mark_victim tracepoints fields + - memcg: fix soft lockup in the OOM process (CVE-2024-57977) + - Bluetooth: qca: Support downloading board id specific NVM for WCN7850 + - Bluetooth: qca: Update firmware-name to support board specific nvm + - Bluetooth: qca: Fix poor RF performance for WCN6855 + - scsi: core: Handle depopulation and restoration in progress + - scsi: core: Do not retry I/Os during depopulation + - [arm6]: dts: mediatek: mt8183: Disable DSI display output by default + - [arm64] dts: qcom: trim addresses to 8 digits + - [arm64] dts: qcom: sm8450: Fix CDSP memory length + - tpm: Use managed allocation for bios event log + - tpm: Change to kvalloc() in eventlog/acpi.c + - media: Switch to use dev_err_probe() helper + - media: uvcvideo: Fix crash during unbind if gpio unit is in use + (CVE-2024-58079) + - media: uvcvideo: Refactor iterators + - media: uvcvideo: Only save async fh if success + - media: uvcvideo: Remove dangling pointers (CVE-2024-58002) + - USB: gadget: core: create sysfs link between udc and gadget + - usb: gadget: core: flush gadget workqueue after device removal + (CVE-2025-21838) + - USB: gadget: f_midi: f_midi_complete to call queue_work + - [powerpc*] 64s/mm: Move __real_pte stubs into hash-4k.h + - [powerpc*] 64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline + - ALSA: hda/realtek: Fixup ALC225 depop procedure + - [powerpc*] code-patching: Fix KASAN hit by not flagging text patching area + as VM_ALLOC + - geneve: Fix use-after-free in geneve_find_dev(). + - ALSA: hda/cirrus: Correct the full scale volume set logic + - gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). + - geneve: Suppress list corruption splat in geneve_destroy_tunnels(). + - flow_dissector: Fix handling of mixed port and port-range keys + - flow_dissector: Fix port range key handling in BPF conversion + - net: Add non-RCU dev_getbyhwaddr() helper + - arp: switch to dev_getbyhwaddr() in arp_req_set_public() + - net: axienet: Set mac_managed_pm + - tcp: drop secpath at the same time as we currently drop dst + - bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() + - strparser: Add read_sock callback + - bpf: Fix wrong copied_seq calculation + - power: supply: da9150-fg: fix potential overflow + - nouveau/svm: fix missing folio unlock + put after + make_device_exclusive_range() + - [arm64] drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC + fields + - nvme/ioctl: add missing space in err message + - bpf: skip non exist keys in generic_map_lookup_batch + - [arm64] drm/msm/dpu: Disable dither in phys encoder cleanup + - [x86] drm/i915: Make sure all planes in use by the joiner have their crtc + included + - [arm64] tee: optee: Fix supplicant wait loop + - drop_monitor: fix incorrect initialization order + - nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() + - [arm64] ASoC: fsl_micfil: Enable default case in micfil_set_quality() + - ALSA: hda: Add error check for snd_ctl_rename_id() in + snd_hda_create_dig_out_ctls() + - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED + - acct: perform last write from workqueue + - acct: block access to kernel internal filesystems + - mm,madvise,hugetlb: check for 0-length range after end address adjustment + - smb: client: Add check for next_buffer in receive_encrypted_standard() + - ftrace: Correct preemption accounting for function tracing. + - ftrace: Do not add duplicate entries in subops manager ops + - [x86] cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit + - block, bfq: split sync bfq_queues on a per-actuator basis + - block, bfq: fix bfqq uaf in bfq_limit_depth() (CVE-2024-53166) + - media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning + (CVE-2024-47754) + - netfilter: allow exp not to be removed in nf_ct_find_expectation + - IB/mlx5: Set and get correct qp_num for a DCT QP + - ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up + - SUNRPC: convert RPC_TASK_* constants to enum + - SUNRPC: Prevent looping due to rpc_signal_task() races + - scsi: core: Clear driver private data when retrying request + - RDMA/mlx5: Fix bind QP error cleanup flow + - sunrpc: suppress warnings for unused procfs functions + - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports + - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response + - afs: remove variable nr_servers + - afs: Make it possible to find the volumes that are using a server + - afs: Fix the server_list to unuse a displaced server rather than putting + it + - net: loopback: Avoid sending IP packets without an Ethernet header + - net: set the minimum for net_hotdata.netdev_budget_usecs + - net/ipv4: add tracepoint for icmp_send + - ipv4: icmp: Pass full DS field to ip_route_input() + - ipv4: icmp: Unmask upper DSCP bits in icmp_route_lookup() + - ipvlan: Unmask upper DSCP bits in ipvlan_process_v4_outbound() + - ipv4: Convert icmp_route_lookup() to dscp_t. + - ipv4: Convert ip_route_input() to dscp_t. + - ipvlan: Prepare ipvlan_process_v4_outbound() to future .flowi4_tos + conversion. + - ipvlan: ensure network headers are in skb linear part + - [arm64] net: cadence: macb: Synchronize stats calculations + - [armhf] ASoC: es8328: fix route from DAC to output + - ipvs: Always clear ipvs_property flag in skb_scrub_packet() + - tcp: Defer ts_recent changes until req is owned + - net: Clear old fragment checksum value in napi_reuse_skb + - net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. + - net/mlx5: IRQ, Fix null string in debug print + - include: net: add static inline dst_dev_overhead() to dst.h + - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue + - net: ipv6: fix dst ref loop on input in seg6 lwt + - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue + - net: ipv6: fix dst ref loop on input in rpl lwt + - mm: Don't pin ZERO_PAGE in pin_user_pages() + - uprobes: Reject the shared zeropage in uprobe_write_opcode() + - io_uring/net: save msg_control for compat + - [x86] CPU: Fix warm boot hang regression on AMD SC1100 SoC systems + - tracing: Fix bad hist from corrupting named_triggers list + - ftrace: Avoid potential division by zero in function_stat_show() + - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 + - [x86] perf/x86: Fix low freqency setting issue + - perf/core: Fix low freq setting via IOC_PERIOD + - drm/amd/display: Disable PSR-SU on eDP panels + - drm/amd/display: Fix HPD after gpu reset + - i2c: npcm: disable interrupt enable bit before devm_request_irq + - usbnet: gl620a: fix endpoint checking in genelink_bind() + - [arm64] net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() + - [arm64] net: enetc: keep track of correct Tx BD count in + enetc_map_tx_tso_buffs() + - [arm64] net: enetc: update UDP checksum when updating originTimestamp + field + - [arm64] net: enetc: correct the xdp_tx statistics + - [arm64] net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs() + - [armhf] phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks + in refclk + - mptcp: always handle address removal under msk socket lock + - mptcp: reset when MPTCP opts are dropped after join + - vmlinux.lds: Ensure that const vars with relocations are mapped R/O + - sched/core: Prevent rescheduling when interrupts are disabled + - drm/amd/display: fixed integer types and null check locations + (CVE-2024-26767) + - amdgpu/pm/legacy: fix suspend/resume issues + - [x86] intel_idle: Handle older CPUs, which stop the TSC in deeper C + states, correctly (Closes: #1088682) + - Squashfs: check the inode number is not the invalid value of zero + (CVE-2024-26982) + - pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702) + - media: mtk-vcodec: potential null pointer deference in SCP + (CVE-2024-40973) + https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.131 + - drm/amdgpu: Check extended configuration space register when system uses + large bar + - drm/amdgpu: disable BAR resize on Dell G5 SE + - cpuidle, intel_idle: Fix CPUIDLE_FLAG_IBRS + - [x86] speculation: Add __update_spec_ctrl() helper + - [x86] amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() + - Revert "of: reserved-memory: Fix using wrong number of cells to get + property 'alignment'" + - HID: appleir: Fix potential NULL dereference at raw event handle + - ksmbd: fix type confusion via race condition when using + ipc_msg_send_request + - ksmbd: fix use-after-free in smb2_lock + - ksmbd: fix bug on trap in smb2_lock + - [arm64] gpio: rcar: Use raw_spinlock to protect register access + - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist + - ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform + - ALSA: hda/realtek: update ALC222 depop optimize + - drm/amd/display: Fix null check for pipe_ctx->plane_state in + resource_build_scaling_params + - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M + - [x86] platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e + - [x86] cacheinfo: Validate CPUID leaf 0x2 EDX output + - [x86] cpu: Validate CPUID leaf 0x2 EDX output + - [x86] cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 + - mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr + - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() + - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() + - wifi: cfg80211: regulatory: improve invalid hints checking + - wifi: nl80211: reject cooked mode if it is set along with other flags + - rapidio: add check for rio_add_net() in rio_scan_alloc_net() + - rapidio: fix an API misues when rio_add_net() fails + - dma: kmsan: export kmsan_handle_dma() for modules + - [s390x] traps: Fix test_monitor_call() inline assembly + - block: fix conversion of GPT partition name to 7-bit + - mm/page_alloc: fix uninitialized variable + - mm: don't skip arch_sync_kernel_mappings() in error paths + - wifi: iwlwifi: limit printed string from FW file + - HID: google: fix unused variable warning under !CONFIG_ACPI + - [amd64] HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() + - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops + - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch + - net: gso: fix ownership in __udp_gso_segment + - caif_virtio: fix wrong pointer check in cfv_probe() + - hwmon: (pmbus) Initialise page count in pmbus_identify() + - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table + - hwmon: (ad7314) Validate leading zero bits and return error + - ALSA: usx2y: validate nrpacks module parameter on probe + - llc: do not use skb_get() before dev_queue_xmit() + - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() + - drm/sched: Fix preprocessor guard + - be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink + - [arm64] net: hns3: make sure ptp clock is unregister and freed if + hclge_ptp_get_cycle returns an error + - vlan: enforce underlying device type + - [x86] sgx: Fix size overflows in sgx_encl_create() + - exfat: fix soft lockup in exfat_clear_bitmap + - net-timestamp: support TCP GSO case for a few missing flags + - ublk: set_params: properly check if parameters can be applied + - sched/fair: Fix potential memory corruption in child_cfs_rq_on_list + - net: ipv6: fix dst ref loop in ila lwtunnel + - net: ipv6: fix missing dst ref drop in ila lwtunnel + - [arm64] gpio: rcar: Fix missing of_node_put() call + - Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" + (Closes: #1100746) + - usb: hub: lack of clearing xHC resources + - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card + Reader + - usb: atm: cxacru: fix a flaw in existing endpoint checks + - usb: dwc3: Set SUSPENDENABLE soon after phy init + - usb: dwc3: gadget: Prevent irq storm when TH re-executes + - usb: typec: ucsi: increase timeout for PPM reset operations + - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality + - usb: gadget: Set self-powered based on MaxPower and bmAttributes + - usb: gadget: Fix setting self-powered state on suspend + - usb: gadget: Check bmAttributes only if configuration is valid + - xhci: pci: Fix indentation in the PCI device ID definitions + - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (Closes: #1050352) + - [x86] KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value + - [x86] mei: me: add panther lake P DID + - [x86] intel_th: pci: Add Arrow Lake support + - [x86] intel_th: pci: Add Panther Lake-H support + - [x86] intel_th: pci: Add Panther Lake-P/U support + - drivers: core: fix device leak in __fw_devlink_relax_cycles() + - slimbus: messaging: Free transaction ID in delayed interrupt scenario + - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid + deadlock + - eeprom: digsy_mtc: Make GPIO lookup table match the device + - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl + - iio: filter: admv8818: Force initialization of SDO + - iio: dac: ad3552r: clear reset status flag + - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value + - ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage + - Revert "KVM: e500: always restore irqs" + - Revert "KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults" + - Revert "KVM: PPC: e500: Mark "struct page" pfn accessed before dropping + mmu_lock" + - Revert "KVM: PPC: e500: Mark "struct page" dirty in + kvmppc_e500_shadow_map()" + - uprobes: Fix race in uprobe_free_utask + - [x86] mm: Don't disable PCID when INVLPG has been fixed by microcode + - spi-mxs: Fix chipselect glitch + - nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link + - nilfs2: eliminate staggered calls to kunmap in nilfs_rename + - nilfs2: handle errors that nilfs_prepare_chunk() may return + - scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() + (CVE-2024-24855) + - media: mediatek: vcodec: Handle invalid decoder vsi (CVE-2024-43831) + - fs/ntfs3: Add rough attr alloc_size check (CVE-2024-50246) + - bpf, vsock: Invoke proto::close on close() + - vsock: Keep the binding until socket destruction (CVE-2025-21756) + - vsock: Orphan socket after transport release + https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.132 + - clockevents/drivers/i8253: Fix stop sequence for timer 0 + - sched/isolation: Prevent boot crash when the boot CPU is nohz_full + - hrtimer: Use and report correct timerslack values for realtime tasks + - fbdev: hyperv_fb: iounmap() the correct memory when removing a device + - netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template. + - ice: fix memory leak in aRFS after reset + - netfilter: nf_conncount: garbage collection is not skipped when jiffies + wrap around + - sched: address a potential NULL pointer dereference in the GRED scheduler. + - wifi: cfg80211: cancel wiphy_work before freeing wiphy + - Bluetooth: hci_event: Fix enabling passive scanning + - Revert "Bluetooth: hci_core: Fix sleeping function called from invalid + context" + - [arm64,armhf] net: dsa: mv88e6xxx: Verify after ATU Load ops + - net: mctp i2c: Copy headers if cloned + - netpoll: hold rcu read lock in __netpoll_send_skb() + - [amd64,arm64] drm/hyperv: Fix address space leak when Hyper-V DRM device + is removed + - [amd64,arm64] Drivers: hv: vmbus: Don't release fb_mmio resource in + vmbus_free_mmio() + - net/mlx5: handle errors in mlx5_chains_create_table() + - eth: bnxt: do not update checksum in bnxt_xdp_build_skb() + - net: switchdev: Convert blocking notification chain to a raw one + - bonding: fix incorrect MAC address setting to receive NS messages + - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in + insert_tree() + - ipvs: prevent integer overflow in do_ip_vs_get_ctl() + - net_sched: Prevent creation of classes with TC_H_ROOT + - netfilter: nft_exthdr: fix offset with ipv4_find_option() + - gre: Fix IPv6 link-local address generation. + - net: openvswitch: remove misbehaving actions length check + - net/mlx5: Bridge, fix the crash caused by LAG state check + - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed + devices + - nvme-fc: go straight to connecting state when initializing + - hrtimers: Mark is_migration_base() with __always_inline + - powercap: call put_device() on an error path in + powercap_register_control_type() + - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() + - scsi: core: Use GFP_NOIO to avoid circular locking dependency + - scsi: qla1280: Fix kernel oops when debug level > 2 + - ACPI: resource: IRQ override for Eluktronics MECH-17 + - smb: client: fix noisy when tree connecting to DFS interlink targets + - [x86] HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell + - [x86] HID: intel-ish-hid: Send clock sync message immediately after reset + - HID: ignore non-functional sensor in HP 5MP Camera + - HID: hid-apple: Apple Magic Keyboard a3203 USB-C support + - HID: apple: fix up the F6 key on the Omoton KB066 keyboard + - sched: Clarify wake_up_q()'s write to task->wake_q.next + - [x86] platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e + - [x86] platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles + - [s390x] cio: Fix CHPID "configure" attribute caching + - thermal/cpufreq_cooling: Remove structure member documentation + - Xen/swiotlb: mark xen_swiotlb_fixup() __init + - ALSA: hda/realtek: Limit mic boost on Positivo ARN50 + - [x86] ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module + - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors + - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers + - nvme-tcp: add basic support for the C2HTermReq PDU + - nvmet-rdma: recheck queue state is LIVE in state lock in recv done + - sctp: Fix undefined behavior in left shift operation + - nvme: only allow entering LIVE from CONNECTING state + - fuse: don't truncate cached, mutated symlink + - [x86] perf/x86/intel: Use better start period for frequency mode + - [x86] irq: Define trace events conditionally + - mptcp: safety check before fallback + - drm/nouveau: Do not override forced connector status + - block: fix 'kmem_cache of name 'bio-108' already exists' + - io_uring: return error pointer from io_mem_alloc() + - io_uring: add ring freeing helper + - mm: add nommu variant of vm_insert_pages() + - io_uring: get rid of remap_pfn_range() for mapping rings/sqes + - io_uring: don't attempt to mmap larger than what the user asks for + - io_uring: fix corner case forgetting to vunmap + - xfs: pass refcount intent directly through the log intent code + - xfs: pass xfs_extent_free_item directly through the log intent code + - xfs: fix confusing xfs_extent_item variable names + - xfs: pass the xfs_bmbt_irec directly through the log intent code + - xfs: pass per-ag references to xfs_free_extent + - xfs: validate block number being freed before adding to xefi + - xfs: fix bounds check in xfs_defer_agfl_block() + - xfs: use deferred frees for btree block freeing + - xfs: reserve less log space when recovering log intent items + - xfs: move the xfs_rtbitmap.c declarations to xfs_rtbitmap.h + - xfs: convert rt bitmap extent lengths to xfs_rtbxlen_t + - xfs: consider minlen sized extents in xfs_rtallocate_extent_block + - xfs: don't leak recovered attri intent items + - xfs: make rextslog computation consistent with mkfs + - xfs: fix 32-bit truncation in xfs_compute_rextslog + - xfs: don't allow overly small or large realtime volumes + - xfs: remove unused fields from struct xbtree_ifakeroot + - xfs: recompute growfsrtfree transaction reservation while growing rt + volume + - xfs: force all buffers to be written during btree bulk load + - xfs: initialise di_crc in xfs_log_dinode + - xfs: add lock protection when remove perag from radix tree + - xfs: fix perag leak when growfs fails + - xfs: ensure logflagsp is initialized in xfs_bmap_del_extent_real + - xfs: update dir3 leaf block metadata after swap + - xfs: reset XFS_ATTR_INCOMPLETE filter on node removal + - xfs: remove conditional building of rt geometry validator functions + - Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ + - Input: i8042 - add required quirks for missing old boardnames + - Input: i8042 - swap old quirk combination with new quirk for several + devices + - Input: i8042 - swap old quirk combination with new quirk for more devices + - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 + - USB: serial: option: add Telit Cinterion FE990B compositions + - USB: serial: option: fix Telit Cinterion FE990A name + - USB: serial: option: match on interface class for Telit FN990B + - [x86] microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes + - drm/atomic: Filter out redundant DPMS calls + - drm/dp_mst: Fix locking when skipping CSN before topology probing + - drm/amd/display: Restore correct backlight brightness after a GPU reset + - drm/amd/display: Assign normalized_pix_clk when color depth = 14 + - drm/amd/display: Fix slab-use-after-free on hdcp_work + - [x86] ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 + model + - qlcnic: fix memory leak issues in qlcnic_sriov_common.c + - lib/buildid: Handle memfd_secret() files in build_id_parse() + - tcp: fix races in tcp_abort() + - tcp: fix forever orphan socket caused by tcp_abort + - leds: mlxreg: Use devm_mutex_init() for mutex initialization + - ASoC: ops: Consistently treat platform_max as control value + - [x86] drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() + - cifs: Fix integer overflow while processing acregmax mount option + - cifs: Fix integer overflow while processing acdirmax mount option + - cifs: Fix integer overflow while processing actimeo mount option + - cifs: Fix integer overflow while processing closetimeo mount option + - i2c: ali1535: Fix an error handling path in ali1535_probe() + - i2c: ali15x3: Fix an error handling path in ali15x3_probe() + - i2c: sis630: Fix an error handling path in sis630_probe() + - [arm64] mm: Populate vmemmap at the page level if not section aligned + - smb3: add support for IAKerb + - smb: client: Fix match_session bug preventing session reuse + - HID: apple: disable Fn key handling on the Omoton KB066 + - smb: client: fix potential UAF in cifs_dump_full_key() (CVE-2024-35866) + - firmware: imx-scu: fix OF node leak in .probe() + - [arm64] dts: freescale: tqma8mpql: Fix vqmmc-supply + - xfrm_output: Force software GSO only in tunnel mode + - [arm64] soc: imx8m: Remove global soc_uid + - [arm64] soc: imx8m: Use devm_* to simplify probe failure handling + - [arm64] soc: imx8m: Unregister cpufreq and soc dev in cleanup path + - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx + - ARM: OMAP1: select CONFIG_GENERIC_IRQ_CHIP + - ARM: dts: bcm2711: Don't mark timer regs unconfigured + - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path + - [arm64] RDMA/hns: Fix soft lockup during bt pages loop + - [arm64] RDMA/hns: Fix unmatched condition in error path of + alloc_user_qp_db() + - [arm64] RDMA/hns: Fix a missing rollback in error path of + hns_roce_create_qp_common() + - [arm64] RDMA/hns: Fix wrong value of max_sge_rd + - Bluetooth: Fix error code in chan_alloc_skb_cb() + - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). + - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). + - net: atm: fix use after free in lec_send() + - net: lwtunnel: fix recursion loops + - net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES + - Revert "gre: Fix IPv6 link-local address generation." + - i2c: omap: fix IRQ storms + - [arm64,armhf] can: flexcan: only change CAN state when link up in system + PM + - [arm64,armhf] can: flexcan: disable transceiver during system PM + - [arm64] drm/v3d: Don't run jobs that have errors flagged in its fence + - regulator: check that dummy regulator has been probed before using it + - [arm64] dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to sound + card + - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops + - mmc: atmel-mci: Add missing clk_disable_unprepare() + - proc: fix UAF in proc_get_inode() + - efi/libstub: Avoid physical address 0x0 when doing random allocation + - xsk: fix an integer overflow in xp_create_and_assign_umem() + - batman-adv: Ignore own maximum aggregation size during RX + - [arm64] soc: qcom: pdr: Fix the potential deadlock + - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() + - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven + - ksmbd: fix incorrect validation for num_aces field of smb_acl + - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP + - mptcp: Fix data stream corruption in the address announcement + - netfilter: nft_counter: Use u64_stats_t for statistic. + - drm/mediatek: Fix coverity issue with unintentional integer overflow + (CVE-2023-52857) + - media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning + (CVE-2024-47753) + - [arm64] dts: rockchip: fix u2phy1_host status for NanoPi R4S + - drm/amdgpu: fix use-after-free bug (CVE-2024-26656) + - wifi: iwlwifi: mvm: ensure offloading TID queue exists (CVE-2024-27056) + - mm/migrate: fix shmem xarray update during migration + - block, bfq: fix re-introduced UAF in bic_set_bfqq() + - xfs: give xfs_extfree_intent its own perag reference + https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.133 + - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names + - HID: hid-plantronics: Add mic mute mapping and generalize quirks + - atm: Fix NULL pointer dereference + - [armel,armhf] 9350/1: fault: Implement copy_from_kernel_nofault_allowed() + - [armel,armhf] 9351/1: fault: Add "cut here" line for prefetch aborts + - [armel,armhf] Remove address checking for MMUless devices + - drm/amd/display: Check denominator crb_pipes before used (CVE-2024-46772) + - netfilter: socket: Lookup orig tuple for IPv6 SNAT + - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx + - tty: serial: 8250: Add some more device IDs + - tty: serial: 8250: Add Brainboxes XC devices + - net: usb: qmi_wwan: add Telit Cinterion FN990B composition + - net: usb: qmi_wwan: add Telit Cinterion FE990B composition + - net: usb: usbnet: restore usb%d name exception for local mac addresses + - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove + - serial: 8250_dma: terminate correct DMA in tx_dma_flush() + - usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (CVE-2024-50056) + - usb: typec: ucsi: Fix NULL pointer access (CVE-2025-21918) + - media: i2c: et8ek8: Don't strip remove function when driver is builtin + (CVE-2024-38611) + + [ Bastian Blank ] + * Backport changes in Microsoft Azure Network Adapter from 6.12: + - net: mana: Use mana_cleanup_port_context() for rxq cleanup + - net: mana: Add support for page sizes other than 4KB on ARM64 + - net: mana: Add page pool for RX buffers + - net: mana: Fix the tso_bytes calculation + - net: mana: Fix oversized sge0 for GSO packets + - net: mana: Avoid open coded arithmetic + - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 + - net: mana: Allow variable size indirection table + + [ Ben Hutchings ] + * d/salsa-ci.yml: Run lintian from the target release, not always unstable + * [powerpc*] Revert "fbdev/offb: Update expected device name" (Closes: + #1085949) + * d/b/genpatch-rt: Fix subprocess cleanup with Python 3.13 + + [ Salvatore Bonaccorso ] + * d/b/genpatch-rt: Drop now unused 'io' module. + * Revert "d/salsa-ci.yml: Suppress aliased-location lintian errors" + * Bump ABI to 33 + * ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model + (Closes: #1100928) + 6.1.129-1 [Thu, 06 Mar 2025 07:21:29 +0100] Salvatore Bonaccorso <carnil@debian.org>: * New upstream stable update: <http://piuparts.knut.univention.de/5.2-1/#4936339927828708015>
OK: bug OK: yaml OK: announce_errata OK: patch ~OK: piuparts manual test installing the header packages fine [5.2-1] c7b3aaa219 Bug #58197: linux 6.1.133-1 doc/errata/staging/linux.yaml | 53 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.2x68>