-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 24 Feb 2025 02:11:58 +0100
Source: linux-signed-amd64
Architecture: source
Version: 5.10.234+1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <benh@debian.org>
Changes:
linux-signed-amd64 (5.10.234+1) bullseye-security; urgency=high
.
* Sign kernel from linux 5.10.234-1
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.227
- [arm*] usb: dwc3: Decouple USB 2.0 L1 & L2 events
- [arm*] usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error
after resume bug
- [arm*] usb: dwc3: core: update LC timer as per USB Spec V3.2
- usbnet: ipheth: fix carrier detection in modes 1 and 4
- net: phy: vitesse: repair vsc73xx autonegotiation
- btrfs: update target inode's ctime on unlink
- Input: ads7846 - ratelimit the spi_sync error message
- [x86] Input: synaptics - enable SMBus for HP Elitebook 840 G2
- [arm64] drm/msm/adreno: Fix error return if missing firmware-name
- [x86] Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table
- NFS: Avoid unnecessary rescanning of the per-server delegation list
- [arm64] dts: rockchip: override BIOS_DISABLE signal via GPIO hog on
RK3399 Puma
- hwmon: (pmbus) Introduce and use write_byte_data callback
- hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev
>= 1.2
- ice: fix accounting for filters shared by multiple VSIs
- net/mlx5: Update the list of the PCI supported devices
- net/mlx5e: Add missing link modes to ptys2ethtool_map
- fou: fix initialization of grc (CVE-2024-46865)
- [armhf] net: ftgmac100: Enable TX interrupt to avoid TX timeout
- [arm64] net: dpaa: Pad packets to ETH_ZLEN (CVE-2024-46854)
- [arm64] spi: nxp-fspi: fix the KASAN report out-of-bounds bug
(CVE-2024-46853)
- soundwire: stream: Revert "soundwire: stream: fix programming slave ports
for non-continous port maps" (regression in 5.10.225)
- [arm*] ASoC: meson: axg-card: fix 'use-after-free' (CVE-2024-46849)
- dma-buf: heaps: Fix off-by-one in CMA heap fault handler
- ALSA: hda/realtek - Fixed ALC256 headphone no sound
- ALSA: hda/realtek - FIxed ALC285 headphone no sound
- [armhf] net: ftgmac100: Ensure tx descriptor updates are visible
- wifi: iwlwifi: lower message level for FW buffer destination
- wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
(CVE-2024-47672)
- [x86] hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides
frequency
- ocfs2: add bounds checking to ocfs2_xattr_find_entry() (CVE-2024-47670)
- ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
(CVE-2024-41016)
- netfilter: nft_set_pipapo: walk over current view on netlink dump
(CVE-2024-27017)
- netfilter: nf_tables: missing iterator type in lookup walk
- gpio: prevent potential speculation leaks in gpio_device_get_desc()
(CVE-2024-44931)
- mptcp: pm: Fix uaf in __timer_delete_sync (CVE-2024-46858)
- inet: inet_defrag: prevent sk release while still in use (CVE-2024-26921)
- [x86] ibt,ftrace: Search for __fentry__ location
- ftrace: Fix possible use-after-free issue in ftrace_location()
(CVE-2024-38588)
- gpiolib: cdev: Ignore reconfiguration without direction
- USB: serial: pl2303: add device id for Macrosilicon MS3020
- USB: usbtmc: prevent kernel-usb-infoleak (CVE-2024-47671)
- wifi: rtw88: always wait for both firmware loading attempts
(CVE-2024-47718)
- fs: explicitly unregister per-superblock BDIs
- mount: warn only once about timestamp range expiration
- fs/namespace: fnic: Switch to use %ptTd
- mount: handle OOM on mnt_warn_timestamp_expiry
- padata: Honor the caller's alignment in case of chunk_size 0
- can: j1939: use correct function name in comment
- netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire
- netfilter: nf_tables: reject element expiration with no timeout
- netfilter: nf_tables: reject expiration higher than timeout
- [armhf] cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails
appropriately
- wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan()
- wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors
- wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
(CVE-2024-47713)
- wifi: wilc1000: fix potential RCU dereference issue in
wilc_parse_join_bss_param (CVE-2024-47712)
- sock_map: Add a cond_resched() in sock_hash_free() (CVE-2024-47710)
- can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().
(CVE-2024-47709)
- Bluetooth: btusb: Fix not handling ZPL/short-transfer
- net: geneve: support IPv4/IPv6 as inner protocol
- geneve: Fix incorrect inner network header offset when innerprotoinherit
is set
- [arm64] net: enetc: Use IRQF_NO_AUTOEN flag in request_irq()
- r8169: disable ALDPS per default for RTL8125
- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input
- net: tipc: avoid possible garbage value
- block, bfq: fix possible UAF for bfqq->bic with merge chain
(CVE-2024-47706)
- block, bfq: choose the last bfqq from merge chain in
bfq_setup_cooperator()
- block, bfq: don't break merge chain in bfq_split_bfqq()
- block: print symbolic error name instead of error code
- block: fix potential invalid pointer dereference in blk_add_partition
(CVE-2024-47705)
- hwmon: (max16065) Fix overflows seen when writing limits
- device property: Add const qualifier to device_get_match_data() parameter
- i2c: Add i2c_get_match_data()
- hwmon: (max16065) Remove use of i2c_match_id()
- hwmon: (max16065) Fix alarm attributes
- [x86] mtd: slram: insert break after errors in parsing the map
- hwmon: (ntc_thermistor) fix module autoloading
- [arm*] power: supply: axp20x_battery: allow disabling battery charging
- [arm*] power: supply: axp20x_battery: Remove design from min and max
voltage
- [x86] power: supply: max17042_battery: Fix SOC threshold calc w/ no
current sense
- [armhf] drm/stm: Fix an error handling path in stm_drm_platform_probe()
- drm/amdgpu: Replace one-element array with flexible-array member
- drm/amdgpu: properly handle vbios fake edid sizing
- drm/radeon: Replace one-element array with flexible-array member
- drm/radeon: properly handle vbios fake edid sizing
- [arm*] drm/rockchip: vop: Allow 4096px width scaling
- [arm*] drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode
- drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets
- jfs: fix out-of-bounds in dbNextAG() and diAlloc() (CVE-2024-47723)
- [arm64] drm/msm: Fix incorrect file name output in adreno_request_fw()
- [arm64] drm/msm/a5xx: disable preemption in submits by default
- [arm64] drm/msm/a5xx: properly clear preemption records on resume
- [arm64] drm/msm/a5xx: fix races in preemption evaluation stage
- [arm64] drm/msm: Add priv->mm_lock to protect active/inactive lists
- [arm64] drm/msm: Drop priv->lastctx
- [arm64] drm/msm/a5xx: workaround early ring-buffer emptiness check
- [arm64] drm/msm: fix %s null argument error
- [x86] xen: use correct end address of kernel for conflict checking
- xen/swiotlb: add alignment check for dma buffers
- tpm: Clean up TPM space after command failure (CVE-2024-49851)
- xz: cleanup CRC32 edits from 2018
- kthread: add kthread_work tracepoints
- kthread: fix task state in kthread worker if being frozen
- ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard
- ext4: avoid buffer_head leak in ext4_mark_inode_used()
- ext4: avoid potential buffer_head leak in __ext4_new_inode()
- ext4: avoid negative min_clusters in find_group_orlov()
- ext4: return error on ext4_find_inline_entry
- ext4: avoid OOB when system.data xattr changes underneath the filesystem
(CVE-2024-47701)
- nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
(CVE-2024-47699)
- nilfs2: determine empty node blocks as corrupted
- nilfs2: fix potential oob read in nilfs_btree_check_delete()
(CVE-2024-47757)
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit
- perf sched timehist: Fix missing free of session in
perf_sched__timehist()
- perf sched timehist: Fixed timestamp error when unable to confirm event
sched_in time
- perf time-utils: Fix 32-bit nsec parsing
- [arm64] clk: imx: imx8mp: fix clock tree update of TF-A managed clocks
- [arm*] clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error
(CVE-2024-47698)
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error
(CVE-2024-47697)
- [arm*] PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
(CVE-2024-47756)
- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
(CVE-2024-47696)
- [arm*] pinctrl: single: fix missing error code in pcs_probe()
- [armhf] clk: ti: dra7-atl: Fix leak of of_nodes
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire
- nfsd: fix refcount leak when file is unhashed after being found
- [armhf] pinctrl: mvebu: Use devm_platform_get_and_ioremap_resource()
- [armhf] pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function
- [arm64] RDMA/hns: Add mapped page count checking for MTR
- [arm64] RDMA/hns: Refactor root BT allocation for MTR
- [arm64] RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range()
- [arm64] RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled
(CVE-2024-47735)
- [arm64] RDMA/hns: Optimize hem allocation performance
- RDMA/cxgb4: Added NULL check for lookup_atid (CVE-2024-47749)
- nfsd: call cache_put if xdr_reserve_space returns NULL (CVE-2024-47737)
- nfsd: return -EINVAL when namelen is 0 (CVE-2024-47692)
- f2fs: enhance to update i_mode and acl atomically in f2fs_setattr()
- f2fs: fix to update i_ctime in __f2fs_setxattr()
- f2fs: remove unneeded check condition in __f2fs_setxattr()
- f2fs: reduce expensive checkpoint trigger frequency
- iio: adc: ad7606: fix oversampling gpio array
- iio: adc: ad7606: fix standby gpio state to match the documentation
- vdpa: Add eventfd for the vdpa callback
- vhost_vdpa: assign irq bypass producer token correctly (CVE-2024-47748)
- Revert "dm: requeue IO if mapping table not yet available" (regression in
5.10.111)
- netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
(CVE-2024-47685)
- tcp: check skb is non-NULL in tcp_rto_delta_us() (CVE-2024-47684)
- net: qrtr: Update packets cloning when broadcasting
- netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
- drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination
- selinux,smack: don't bypass permissions check in inode_setsecctx hook
(CVE-2024-46695)
- ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error
- [x86] Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk
table
- [x86] Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk
table
- [x86] Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD
line
- drm/amd/display: Round calculated vtotal
- USB: appledisplay: close race between probe and completion handler
- USB: misc: cypress_cy7c63: check for short transfer
- USB: class: CDC-ACM: fix race between get_serial and set_serial
- firmware_loader: Block path traversal (CVE-2024-47742)
- tty: rp2: Fix reset with non forgiving PCIe host bridges
- [amd64] crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS
failure
- drbd: Fix atomicity violation in drbd_uuid_set_bm()
- drbd: Add NULL check for net_conf to prevent dereference in state
validation
- ACPI: sysfs: validate return type of _STR method (CVE-2024-49860)
- [x86] ACPI: resource: Add another DMI match for the TongFang GMxXGxx
- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption
(CVE-2024-49858)
- [x86] perf/x86/intel/pt: Fix sampling synchronization
- wifi: rtw88: 8822c: Fix reported RX band width
- f2fs: prevent possible int overflow in dir_block_index()
- f2fs: avoid potential int overflow in sanity_check_area_boundary()
- [arm64] dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency
- [arm64] dts: rockchip: Correct the Pinebook Pro battery design capacity
- vfs: fix race between evice_inodes() and find_inode()&iput()
(CVE-2024-47679)
- fs: Fix file_set_fowner LSM hook inconsistencies
- nfs: fix memory leak in error path of nfs4_do_reclaim
- padata: use integer wrap around to prevent deadlock on seq_nr overflow
(CVE-2024-47739)
- [arm64] PCI: xilinx-nwl: Use irq_data_get_irq_chip_data()
- [arm64] PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler
- USB: misc: yurex: fix race between read and write
- pps: remove usage of the deprecated ida_simple_xx() API
- pps: add an error check in parport_attach
- xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them.
- [armhf] i2c: aspeed: Update the stop sw state when the bus recovery
occurs
- i2c: isch: Add missed 'else'
- usb: yurex: Fix inconsistent locking bug in yurex_read()
- [arm*] mailbox: bcm2835: Fix timeout during suspend mode (CVE-2024-49963)
- ceph: remove the incorrect Fw reference check when dirtying pages
(CVE-2024-50179)
- net/mlx5: Fix error path in multi-packet WQE transmit (CVE-2024-50001)
- net/mlx5: Added cond_resched() to crdump collection
- netfilter: nf_tables: prevent nf_skb_duplicated corruption
(CVE-2024-49952)
- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq()
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO
(CVE-2024-49949) (regression in 5.10.82)
- net: add more sanity checks to qdisc_pkt_len_init() (CVE-2024-49948)
- ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (regresion in
5.10.204)
- sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
(CVE-2024-49944)
- media: usbtv: Remove useless locks in usbtv_video_free() (CVE-2024-27072)
- Bluetooth: L2CAP: Fix not validating setsockopt user input
(CVE-2024-35965)
- ALSA: mixer_oss: Remove some incorrect kfree_const() usages
- ALSA: hda/realtek: Fix the push button function for the ALC257
- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs
- [x86] ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin
(regression in 5.10.226)
- f2fs: Require FMODE_WRITE for atomic write ioctls (CVE-2024-47740)
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit
(CVE-2024-49938)
- ice: Adjust over allocation of memory in ice_sched_add_root_node() and
ice_sched_add_node()
- net/xen-netback: prevent UAF in xenvif_flush_hash() (CVE-2024-49936)
- [arm64] net: hisilicon: hip04: fix OF node leak in probe()
- [arm64] net: hisilicon: hns_dsaf_mac: fix OF node leak in
hns_mac_get_info()
- [arm64] net: hisilicon: hns_mdio: fix OF node leak in probe()
- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails
- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails
- net: sched: consistently use rcu_replace_pointer() in taprio_change()
(CVE-2024-50127)
- blk_iocost: fix more out of bound shifts (CVE-2024-49933)
- wifi: ath11k: fix array out-of-bound access in SoC stats (CVE-2024-49930)
- ACPI: EC: Do not release locks during operation region accesses
- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in
acpi_db_convert_to_package() (CVE-2024-49962)
- tipc: guard against string buffer overrun (CVE-2024-49995)
- [arm*] net: mvpp2: Increase size of queue_name buffer
- ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR).
- ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family
- net: atlantic: Avoid warning about potential string truncation
- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect()
process
- ACPICA: iasl: handle empty connection_node
- proc: add config & param to block forcing mem writes
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_cmd_802_11_scan_ext() (CVE-2024-50008)
- nfp: Use IRQF_NO_AUTOEN flag in request_irq()
- signal: Replace BUG_ON()s
- ALSA: usb-audio: Add logitech Audio profile quirk
- [x86] ALSA: asihpi: Fix potential OOB array access (CVE-2024-50007)
- ALSA: hdsp: Break infinite MIDI input flush loop
- [i386] syscall: Avoid memcpy() for ia32 syscall_get_arguments()
- [arm*] iommu/arm-smmu-qcom: hide last LPASS SMMU context bank from linux
- [amd64] iommu/vt-d: Always reserve a domain ID for identity setup
- [amd64] iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0
count
- drm/amd/display: Add null check for top_pipe_to_program in
commit_planes_for_stream (CVE-2024-49913)
- ata: sata_sil: Rename sil_blacklist to sil_quirks
- drm/amd/display: Check null pointers before using dc->clk_mgr
(CVE-2024-49907)
- jfs: UBSAN: shift-out-of-bounds in dbFindBits
- jfs: Fix uaf in dbFreeBits (CVE-2024-49903)
- jfs: check if leafidx greater than num leaves per dmap tree
(CVE-2024-49902)
- jfs: Fix uninit-value access of new_ea in ea_buffer (CVE-2024-49900)
- [x86] drm/amdgpu: add raven1 gfxoff quirk
- [x86] drm/amdgpu: enable gfxoff quirk on HP 705G4
- drm/amd/display: Check stream before comparing them (CVE-2024-49896)
- drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format
translation (CVE-2024-49895)
- drm/amd/display: Fix index out of bounds in degamma hardware format
translation (CVE-2024-49894)
- drm/amd/display: Fix index out of bounds in DCN30 color transformation
(CVE-2024-49969)
- drm/amd/display: Initialize get_bytes_per_element's default to 1
(CVE-2024-49892_
- drm/printer: Allow NULL data in devcoredump printer
- scsi: aacraid: Rearrange order of struct aac_srb_unit
- drm/radeon/r100: Handle unknown family in r100_cp_init_microcode()
- drm/amd/pm: ensure the fw_info is not null before using it
(CVE-2024-49890)
- of/irq: Refer to actual buffer size in of_irq_parse_one()
- ext4: ext4_search_dir should return a proper error
- ext4: avoid use-after-free in ext4_ext_show_leaf() (CVE-2024-49889)
- ext4: fix i_data_sem unlock order in ext4_ind_migrate() (CVE-2024-50006)
- [armhf] spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm
enabled
- [armhf] i2c: stm32f7: Do not prepare/unprepare clock during runtime
suspend/resume (CVE-2024-49985)
- perf/core: Fix small negative period being ignored
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS
- ALSA: core: add isascii() check to card ID generator
- ALSA: line6: add hw monitor volume control to POD HD500X
- [x86] ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9
- ext4: no need to continue when the number of entries is 1
- ext4: fix slab-use-after-free in ext4_split_extent_at() (CVE-2024-49884)
- ext4: propagate errors from ext4_find_extent() in ext4_insert_range()
- ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space()
- ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free
(CVE-2024-49983)
- ext4: aovid use-after-free in ext4_ext_insert_extent() (CVE-2024-49883)
- ext4: fix double brelse() the buffer of the extents path (CVE-2024-49882)
- ext4: update orig_path in ext4_find_extent() (CVE-2024-49881)
- ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit()
- of/irq: Support #msi-cells=<0> in of_msi_get_domain
- [armhf] drm: omapdrm: Add missing check for alloc_ordered_workqueue
(CVE-2024-49879)
- jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns
error (CVE-2024-49959)
- jbd2: correctly compare tids with tid_geq function in
jbd2_fc_begin_commit
- mm: krealloc: consider spare memory for __GFP_ZERO
- ocfs2: fix uninit-value in ocfs2_get_block()
- ocfs2: reserve space for inline xattr before attaching reflink tree
(CVE-2024-49958)
- ocfs2: cancel dqi_sync_work before freeing oinfo (CVE-2024-49966)
- ocfs2: remove unreasonable unlock in ocfs2_read_blocks (CVE-2024-49965)
- ocfs2: fix null-ptr-deref when journal load failed. (CVE-2024-49957)
- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
(CVE-2024-49877)
- exfat: fix memory leak in exfat_load_bitmap() (CVE-2024-50013)
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds
- nfsd: map the EBADMSG to nfserr_io to avoid warning (CVE-2024-49875)
- NFSD: Fix NFSv4's PUTPUBFH operation
- aoe: fix the potential use-after-free problem in more places
(CVE-2024-49982)
- [arm*] clk: rockchip: fix error for unknown clocks
- media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags
- [arm64] media: venus: fix use after free bug in venus_remove due to race
condition (CVE-2024-49981)
- iio: magnetometer: ak8975: Fix reading for ak099xx sensors
- tomoyo: fallback to realpath if symlink's pathname does not exist
(Closes: #1082001)
- net: stmmac: Fix zero-division error when disabling tc cbs
(CVE-2024-49977)
- [x86] ACPI: resource: Add Asus Vivobook X1704VAP to
irq1_level_low_skip_override[]
- [x86] ACPI: resource: Add Asus ExpertBook B2502CVA to
irq1_level_low_skip_override[]
- btrfs: fix a NULL pointer dereference when failed to start a new
trasacntion (CVE-2024-49868)
- btrfs: wait for fixup workers before stopping cleaner kthread during
umount (CVE-2024-49867)
- drm/sched: Add locking to drm_sched_entity_modify_sched
- kconfig: qconf: fix buffer overflow in debug links
- ext4: properly sync file size update after O_SYNC direct IO
- ext4: dax: fix overflowing extents beyond inode size when partially
writing (CVE-2024-50015)
- [arm64] Add Cortex-715 CPU part definition
- [arm64] cputype: Add Neoverse-N3 definitions
- [arm64] errata: Expand speculative SSBS workaround once more
- uprobes: fix kernel info leak via "[uprobes]" vma (CVE-2024-49975)
- [arm64] drm/rockchip: define gamma registers for RK3399
- [arm64] drm/rockchip: support gamma control on RK3399
- [armhf] drm/rockchip: vop: clear DMA stop bit on RK3066
- r8169: add tally counter fields added with RTL8125 (CVE-2024-49973)
- ACPI: battery: Simplify battery hook locking
- ACPI: battery: Fix possible crash when unregistering a battery hook
(CVE-2024-49955)
- ext4: fix inode tree inconsistency caused by ENOMEM
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (CVE-2024-49863)
- tracing: Remove precision vsnprintf() check from print event
- drm/crtc: fix uninitialized variable use even harder (regression in
5.10.209)
- tracing: Have saved_cmdlines arrays all in one allocation
- virtio_console: fix misc probe bugs
- kallsyms: Make kallsyms_on_each_symbol generally available
- kallsyms: Make module_kallsyms_on_each_symbol generally available
- tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols
- tracing/kprobes: Fix symbol counting logic by looking at modules as well
- Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal
- bpf: Check percpu map value size first
- ext4: nested locking for xattr inode
- RDMA/mad: Improve handling of timed out WRs of mad agent (CVE-2024-50095)
- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip
- [arm64] PCI: Add ACS quirk for Qualcomm SA8775P
- [x86] i2c: i801: Use a different adapter-name for IDF adapters
- PCI: Mark Creative Labs EMU20k2 INTx masking as broken
- ntb: ntb_hw_switchtec: Fix use after free vulnerability in
switchtec_ntb_remove due to race condition (CVE-2024-50059)
- media: videobuf2-core: clear memory related fields in
__vb2_plane_dmabuf_put()
- [armhf] clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D
(CVE-2024-50181)
- [arm*] usb: chipidea: udc: enable suspend interrupt after usb reset
- [arm*] usb: dwc2: Adjust the timing of USB Driver Interrupt Registration
in the Crashkernel Scenario
- virtio_pmem: Check device status before requesting flush (CVE-2024-50184)
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus
attribute
- drm/amd/display: Check null pointer before dereferencing se
(CVE-2024-50049)
- [x86] fbdev: sisfb: Fix strbuf array overflow (CVE-2024-50180)
- RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (CVE-2024-38544)
- NFSD: Mark filecache "down" if init fails
- ice: fix VLAN replay after reset
- SUNRPC: Fix integer overflow in decode_rc_list()
- NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()
(CVE-2024-50046)
- net: phy: dp83869: fix memory corruption when enabling fiber
(CVE-2024-50188)
- tcp: fix to allow timestamp undo if no retransmits were sent
- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe
- netfilter: br_netfilter: fix panic with metadata_dst skb (CVE-2024-50045)
- Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
(CVE-2024-50044)
- [armhf] net: dsa: b53: fix jumbo frame mtu check
- [armhf] net: dsa: b53: fix max MTU for 1g switches
- [armhf] net: dsa: b53: fix max MTU for BCM5325/BCM5365
- [armhf] net: dsa: b53: allow lower MTUs on BCM5325/5365
- [armhf] net: dsa: b53: fix jumbo frames on 10/100 ports
- [armhf] gpio: aspeed: Add the flush write to ensure the write complete.
- [armhf] gpio: aspeed: Use devm_clk api to manage clock source
- igb: Do not bring the device up after non-fatal error (CVE-2024-50040)
- net/sched: accept TCA_STAB only for root qdisc (CVE-2024-50039)
- sctp: ensure sk_state is set to CLOSED if hashing fails in
sctp_listen_start
- net: Add l3mdev index to flow struct and avoid oif reset for port devices
- netfilter: rpfilter/fib: Populate flowic_l3mdev field
- netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces.
- netfilter: fib: check correct rtable in vrf setups
- ppp: fix ppp_async_encode() illegal access (CVE-2024-50035)
- slip: make slhc_remember() more robust against malicious packets
(CVE-2024-50033)
- resource: fix region_intersects() vs add_memory_driver_managed()
(CVE-2024-49878)
- HID: plantronics: Workaround for an unexcepted opposite volume key
- [arm*] usb: dwc3: core: Stop processing of pending events if controller
is halted
- usb: xhci: Fix problem with xhci resume from suspend
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip
- net: Fix an unsafe loop on the list (CVE-2024-50024)
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error
(CVE-2024-50096)
- net: geneve: add missing netlink policy and size for
IFLA_GENEVE_INNER_PROTO_INHERIT
- xfrm: Pass flowi_oif or l3mdev as oif to xfrm_dst_lookup
- net: Handle l3mdev in ip_tunnel_init_flow
- net: seg6: fix seg6_lookup_any_nexthop() to handle VRFs using
flowi_l3mdev
- net: vrf: determine the dst using the original ifindex for multicast
- netfilter: ip6t_rpfilter: Fix regression with VRF interfaces
- ext4: fix warning in ext4_dio_write_end_io()
- [arm64] RDMA/hns: Fix uninitialized variable
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.228
- [x86] ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2
- posix-clock: Fix missing timespec64 check in pc_clock_settime()
(CVE-2024-50195)
- [arm64] probes: Remove broken LDR (literal) uprobe support
(CVE-2024-50099)
- [arm64] probes: Fix simulate_ldr*_literal()
- [arm64] net: macb: Avoid 20s boot delay by skipping MDIO bus registration
for fixed-link PHY
- [arm*] irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC
v4.1
- fat: fix uninitialized variable
- mm/swapfile: skip HugeTLB pages for unuse_vma (CVE-2024-50199)
- wifi: mac80211: fix potential key use-after-free (CVE-2023-52530)
- KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
(CVE-2024-40953)
- io_uring/sqpoll: do not allow pinning outside of cpuset
- io_uring/sqpoll: retain test for whether the CPU is valid
- io_uring/sqpoll: do not put cpumask on stack
- [x86] cpufeatures: Define X86_FEATURE_AMD_IBPB_RET
- [x86] cpufeatures: Add a IBPB_NO_RET BUG flag
- [x86] entry: Have entry_ibpb() invalidate return predictions
- [x86] bugs: Skip RSB fill at VMEXIT
- [x86] bugs: Do not use UNTRAIN_RET with IBPB on entry
- blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
(CVE-2024-50082)
- io_uring/sqpoll: close race on waiting for sqring entries
- drm/radeon: Fix encoder->possible_clones (CVE-2024-50201)
- [x86] drm/vmwgfx: Handle surface check failure correctly
- iio: hid-sensors: Fix an error handling path in
_hid_sensor_set_report_latency()
- iio: light: veml6030: fix ALS sensor resolution
- iio: light: veml6030: fix IIO device retrieval from embedded device
(CVE-2024-50198)
- iio: light: opt3001: add missing full-scale range value
- Bluetooth: Remove debugfs directory on module init failure
- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001
- xhci: Fix incorrect stream context type macro
- USB: serial: option: add support for Quectel EG916Q-GL
- USB: serial: option: add Telit FN920C04 MBIM compositions
- parport: Proper fix for array out-of-bounds access (CVE-2024-50074)
- [x86] resctrl: Annotate get_mem_config() functions as __init
- [x86] apic: Always explicitly disarm TSC-deadline timer
- [i386] x86/entry_32: Do not clobber user EFLAGS.ZF (regression in
5.10.215)
- [i386] x86/entry_32: Clear CPU buffers after register restore in NMI
return (CVE-2024-50193)
- [arm*] irqchip/gic-v4: Don't allow a VMOVP on a dying VPE
(CVE-2024-50192)
- mptcp: handle consistently DSS corruption (CVE-2024-50185)
- tcp: fix mptcp DSS corruption due to large pmtu xmit (CVE-2024-50083)
- nilfs2: propagate directory read errors from nilfs_find_entry()
(CVE-2024-50202)
- [x86] ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP
EliteOne 1000 G2
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.229
- [amd64,arm64] RDMA/bnxt_re: Add a check for memory allocation
(CVE-2024-50209)
- [arm*] dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP
- ipv4: give an IPv4 dev to blackhole_netdev
- [amd64,arm64] RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
(CVE-2024-50208)
- [arm64] drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate
calculation
- macsec: don't increment counters for an unrelated SA
- net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid
- net: systemport: fix potential memory leak in bcm_sysport_xmit()
(CVE-2024-50171)
- genetlink: hold RCU in genlmsg_mcast()
- scsi: target: core: Fix null-ptr-deref in target_alloc_device()
(CVE-2024-50153)
- smb: client: fix OOBs when building SMB2_IOCTL request (CVE-2024-50151)
- usb: typec: altmode should keep reference to parent (CVE-2024-50150)
- Bluetooth: bnep: fix wild-memory-access in proto_unregister
(CVE-2024-50148)
- [arm64] uprobe fix the uprobe SWBP_INSN in big-endian
- [arm64] probes: Fix uprobes for big-endian kernels (CVE-2024-50194)
- block, bfq: fix procress reference leakage for bfqq in merge chain
- exec: don't WARN for racy path_noexec check (CVE-2024-50010)
- iomap: update ki_pos a little later in iomap_dio_complete
- [x86] drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape
with real VLA (CVE-2024-50134)
- [arm64] ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit
- [arm64] Force position-independent veneers
- jfs: Fix sanity check in dbMount
- tracing: Consider the NULL character when validating the event length
(CVE-2024-50131)
- xfrm: extract dst lookup parameters into a struct
- xfrm: respect ip protocols rules criteria when performing dst lookups
- be2net: fix potential memory leak in be_xmit() (CVE-2024-50167)
- net: usb: usbnet: fix name regression
- net: sched: fix use-after-free in taprio_change()
- r8169: avoid unsolicited interrupts
- posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
(CVE-2024-50210)
- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
(CVE-2024-50205)
- [armhf] ASoC: stm32: spdifrx: fix dma channel release in
stm32_spdifrx_remove (CVE-2024-50292)
- [arm*] media: s5p-jpeg: prevent buffer overflows (CVE-2024-53061)
- ALSA: hda/realtek: Update default depop procedure
- drm/amd: Guard against bad data for ATIF ACPI method (CVE-2024-50117)
- [x86] ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[]
- [arm64] ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix
initial lid detection issue
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag
(CVE-2024-50116)
- openat2: explicitly return -E2BIG for (usize > PAGE_SIZE)
- [x86] KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
(CVE-2024-50115)
- [x86] ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593
- [x86] hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER
event
- selinux: improve error checking in sel_write_load()
- serial: protect uart_port_dtr_rts() in uart_shutdown() too
(CVE-2024-50058)
- net: phy: dp83822: Fix reset pin definitions
- [arm64] ASoC: qcom: Fix NULL Dereference in
asoc_qcom_lpass_cpu_platform_probe() (CVE-2024-50103)
- xfrm: validate new SA's prefixlen using SA family when sel.family is
unset (CVE-2024-50142)
- cgroup: Fix potential overflow issue when checking max_depth
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys
- RDMA/cxgb4: Dump vendor specific QP details
- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down
- mac80211: do drv_reconfig_complete() before restarting all
- mac80211: Add support to trigger sta disconnect on hardware restart
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()
(CVE-2024-53059)
- [armhf] ASoC: cs42l51: Fix some error handling paths in cs42l51_probe()
- ipv4: ip_tunnel: Fix suspicious RCU usage warning in
ip_tunnel_init_flow() (CVE-2024-53042)
- gtp: allow -1 to be specified as file description from userspace
- net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (CVE-2024-53057)
- bpf: Fix out-of-bounds write in trie_get_next_key() (CVE-2024-50262)
- net: support ip generic csum processing in skb_csum_hwoffload_help
- net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension
- netfilter: nft_payload: sanitize offset and length before calling
skb_checksum() (CVE-2024-50251)
- NFS: remove revoked delegation from server's delegation list
- usbip: tools: Fix detach_port() invalid port error path
- usb: phy: Fix API devm_usb_put_phy() can not release the phy
- xhci: Fix Link TRB DMA in command ring stopped completion event
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems
- Revert "driver core: Fix uevent_show() vs driver detach race" (regression
in 5.10.224)
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower
(CVE-2024-50237)
- wifi: ath10k: Fix memory leak in management tx (CVE-2024-50236)
- wifi: iwlegacy: Clear stale interrupts before resuming device
(CVE-2024-50234)
- staging: iio: frequency: ad9832: fix division by zero in
ad9832_calc_freqreg() (CVE-2024-50233)
- iio: light: veml6030: fix microlux value calculation
- nilfs2: fix potential deadlock with newly created symlinks
(CVE-2024-50229)
- mm: add remap_pfn_range_notrack
- mm: avoid leaving partial pfn mappings around in error case
(CVE-2024-47674)
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (CVE-2024-50218)
- [i386] bugs: Use code segment selector for VERW operand (CVE-2024-50072)
- nilfs2: fix kernel bug due to missing clearing of checked flag
(CVE-2024-50230)
- mm: shmem: fix data-race in shmem_getattr()
- Revert "drm/mipi-dsi: Set the fwnode for mipi_dsi_device" (regression
in 5.10.181)
- drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)
(CVE-2024-39497)
- vt: prevent kernel-infoleak in con_font_get()
- mac80211: always have ieee80211_sta_restart()
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.230
- [arm64] dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-
excavator
- [arm64] dts: rockchip: Remove hdmi's 2nd interrupt on rk3328
- [arm64] dts: rockchip: Fix bluetooth properties on Rock960 boards
- [arm64] dts: rockchip: Remove #cooling-cells from fan on Theobroma lion
- [arm64] dts: rockchip: Fix LED triggers on rk3308-roc-cc
- [arm64] dts: imx8mp: correct sdhc ipg clk
- [armhf] dts: rockchip: fix rk3036 acodec node
- [armhf] dts: rockchip: drop grf reference from rk3036 hdmi
- [armhf] dts: rockchip: Fix the spi controller on rk3036
- [armhf] dts: rockchip: Fix the realtek audio codec on rk3036-kylin
- HID: core: zero-initialize the report buffer (CVE-2024-50302)
- security/keys: fix slab-out-of-bounds in key_task_permission
(CVE-2024-50301)
- [arm64] net: enetc: set MAC address to the VF net_device
- sctp: properly validate chunk size in sctp_sf_ootb() (CVE-2024-50299)
- [armhf] can: c_can: fix {rx,tx}_errors statistics
- [arm64] net: hns3: fix kernel crash when uninstalling driver
(CVE-2024-50296)
- net: phy: export phy_error and phy_trigger_machine
- net: phy: ti: implement generic .handle_interrupt() callback
- net: phy: ti: add PHY_RST_AFTER_CLK_EN flag
- [arm*] net: arc: fix the device for dma_map_single/dma_unmap_single
(CVE-2024-50295)
- Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown"
(regression in 5.10.226)
- media: stb0899_algo: initialize cfr before using it
- media: dvbdev: prevent the risk of out of memory access (CVE-2024-53063)
- media: dvb_frontend: don't play tricks with underflow values
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer
- ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init()
- [armhf] ASoC: stm32: spdifrx: fix dma channel release in
stm32_spdifrx_remove
- media: cx24116: prevent overflows on SNR calculus (CVE-2024-50290)
- media: pulse8-cec: fix data timestamp at pulse8_setup()
- media: v4l2-tpg: prevent the risk of a division by zero (CVE-2024-50287)
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()
(CVE-2024-50282)
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported
(CVE-2024-53060)
- dm cache: correct the number of origin blocks to match the target length
- dm cache: fix out-of-bounds access to the dirty bitset when resizing
(CVE-2024-50279)
- dm cache: optimize dirty bit checking with find_next_bit when resizing
- dm cache: fix potential out-of-bounds access on the first resume
(CVE-2024-50278)
- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t
overflow
- io_uring: rename kiocb_end_write() local helper
- fs: create kiocb_{start,end}_write() helpers
- io_uring: use kiocb_{start,end}_write() helpers
- io_uring/rw: fix missing NOWAIT check for O_DIRECT start write
(CVE-2024-53052)
- nfs: Fix KMSAN warning in decode_getfattr_attrs() (CVE-2024-53066)
- btrfs: reinitialize delayed ref list after deleting it from the list
(CVE-2024-50273)
- splice: don't generate zero-len segement bvecs
- spi: Fix deadlock when adding SPI controllers on SPI buses
(CVE-2021-47469)
- spi: fix use-after-free of the add_lock mutex
- net: bridge: xmit: make sure we have at least eth header len bytes
(CVE-2024-38538)
- Revert "perf hist: Add missing puts to hist__account_cycles" (regression
in 5.10.201)
- perf session: Add missing evlist__delete when deleting a session
- net: do not delay dst_entries_add() in dst_release() (CVE-2024-50036)
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in
uvc_parse_format (CVE-2024-53104)
- [arm*] usb: musb: sunxi: Fix accessing an released usb phy
(CVE-2024-50269)
- usb: typec: fix potential out of bounds in
ucsi_ccg_update_set_new_cam_cmd() (CVE-2024-50268)
- USB: serial: io_edgeport: fix use after free in debug printk
(CVE-2024-50267)
- USB: serial: qcserial: add support for Sierra Wireless EM86xx
- USB: serial: option: add Fibocom FG132 0x0112 composition
- USB: serial: option: add Quectel RG650V
- [arm*] irqchip/gic-v3: Force propagation of the active state with a read-
back
- ocfs2: remove entry once instead of null-ptr-dereference in
ocfs2_xa_remove() (CVE-2024-50265)
- ALSA: usb-audio: Support jack detection on Dell dock
- ALSA: usb-audio: Add quirks for Dell WD19 dock
- [x86] hv_sock: Initializing vsk->trans to NULL to prevent a dangling
pointer (CVE-2024-53103)
- vsock/virtio: Initialization of the dangling pointer occurring in vsk->
trans (CVE-2024-50264)
- net: phy: ti: take into account all possible interrupt sources
- 9p: Avoid creating multiple slab caches with the same name
- HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad
- bpf: use kvzmalloc to allocate BPF verifier environment
- [arm*] crypto: marvell/cesa - Disable hash algorithms
- fs: Fix uninitialized value issue in from_kuid and from_kgid
(CVE-2024-53101)
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition
- md/raid10: improve code of mrdev in raid10_sync_request
- io_uring: fix possible deadlock in io_register_iowq_max_workers()
(CVE-2024-41080)
- mm: krealloc: Fix MTE false alarm in __do_krealloc (CVE-2024-53097)
- 9p: fix slab cache name creation for real
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.231
- [arm64] dts: allwinner: pinephone: Add mount matrix to accelerometer
- media: i2c: tc358743: Fix crash in the probe error path when using
polling (CVE-2024-56576)
- media: ts2020: fix null-ptr-deref in ts2020_probe() (CVE-2024-56574)
- [arm64] media: venus: Fix pm_runtime_set_suspended() with runtime pm
enabled
- media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate()
- media: uvcvideo: Stop stream during unregister
- ovl: Filter invalid inodes with missing lookup function (CVE-2024-56570)
- ftrace: Fix regression with module command in stack_trace_filter
(CVE-2024-56569)
- netlink: terminate outstanding dump on socket close (CVE-2024-53140)
- net/mlx5: fs, lock FTE when checking if active (CVE-2024-53121)
- net/mlx5e: kTLS, Fix incorrect page refcounting (CVE-2024-53138)
- [x86] mm: Fix a kdump kernel failure on SME system when
CONFIG_IMA_KEXEC=y
- ocfs2: uncache inode which has failed entering the group (CVE-2024-53112)
- [x86] KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind
CONFIG_BROKEN (CVE-2024-53135)
- nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint
(CVE-2024-53131)
- ocfs2: fix UBSAN warning in ocfs2_verify_volume()
- nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint
(CVE-2024-53130)
- [arm*] Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than
4K" (CVE-2024-53127) (regression in 5.10.226)
- mmc: core: fix return value check in devm_mmc_alloc_host()
- NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point
- NFSD: Async COPY result needs to return a write verifier
- NFSD: Limit the number of concurrent async COPY operations
(CVE-2024-49974)
- NFSD: Initialize struct nfsd4_copy earlier
- NFSD: Never decrement pending_async_copies on error
- mm: revert "mm: shmem: fix data-race in shmem_getattr()" (CVE-2024-53136)
- mm: avoid unsafe VMA hook invocation when error arises on mmap hook
- mm: unconditionally close VMAs on error
- mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling
- mm: resolve faulty mmap_region() error path behaviour (CVE-2024-53096)
- [x86] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10
tablet
- mac80211: fix user-power when emulating chanctx
- [x86] ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13
- net: usb: qmi_wwan: add Quectel RG650V
- [arm*] regulator: rk808: Add apply_bit for BUCK3 on RK809
- [armhf] ASoC: stm: Prevent potential division by zero in
stm32_sai_mclk_round_rate()
- [armhf] ASoC: stm: Prevent potential division by zero in
stm32_sai_get_clk_div()
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width
- ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry
- ipmr: Fix access to mfc_cache_list without lock held
- rcu-tasks: Idle tasks on offline CPUs are in quiescent states
- cifs: Fix buffer overflow when parsing NFS reparse points
(CVE-2024-49996)
- nvme: fix metadata handling in nvme-passthrough
- [x86] barrier: Do not serialize MSR accesses on AMD
- [x86] xen/pvh: Annotate indirect branch as safe
- initramfs: avoid filename buffer overrun (CVE-2024-53142)
- nvme-pci: fix freeing of the HMB descriptor table (CVE-2024-56756)
- [arm64] fix .data.rel.ro size assertion when CONFIG_LTO_CLANG
- [arm64] acpi/arm64: Adjust error handling procedure in
gtdt_parse_timer_block()
- hfsplus: don't query the device logical block size multiple times
(CVE-2024-56548)
- [arm64] crypto: caam - Fix the pointer passed to caam_qi_shutdown()
(CVE-2024-56754)
- [arm64] EDAC/bluefield: Fix potential integer overflow (CVE-2024-53161)
- crypto: pcrypt - Call crypto layer directly when padata_do_parallel()
return -EBUSY (CVE-2024-56690)
- [arm64] crypto: cavium - Fix the if condition to exit loop after timeout
- [arm64] crypto: caam - add error check to caam_rsa_set_priv_key_form
- [arm*] crypto: bcm - add error check in the ahash_hmac_init function
(CVE-2024-56681)
- [arm64] crypto: cavium - Fix an error handling path in
cpt_ucode_load_fw()
- time: Fix references to _msecs_to_jiffies() handling of values
- [armhf] soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq()
- [arm*] soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
(CVE-2024-53158)
- [arm*] mmc: mmc_spi: drop buggy snprintf()
- tpm: fix signed/unsigned bug when checking event logs
- Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline"
- cgroup/bpf: only cgroup v2 can be attached by bpf programs
- [armhf] pwm: imx27: Workaround of the pwm output bug when decrease the
duty cycle
- [armhf] dts: cubieboard4: Fix DCDC5 regulator constraints
- [arm*] firmware: arm_scpi: Check the DVFS OPP count returned by the
firmware (CVE-2024-53157)
- [x86] media: atomisp: Add check for rgby_data memory allocation failure
(CVE-2024-56705)
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
(CVE-2024-53156)
- [armhf] drm/omap: Fix locking in omap_gem_new_dmabuf()
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq()
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq()
- [armhf] drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq()
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2
- xfrm: rename xfrm_state_offload struct to allow reuse
- xfrm: store and rely on direction to construct offload flags
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_config_scan() (CVE-2024-56539)
- [arm64] octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c
(CVE-2024-56728)
- [arm*] drm/panfrost: Remove unused id_mask from struct panfrost_model
- [arm64] drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq()
- [armhf] drm/etnaviv: rework linear window offset calculation
- [armhf] drm/etnaviv: Request pages from DMA32 zone on addressing_limited
- [armhf] drm/etnaviv: dump: fix sparse warnings
- [armhf] drm/etnaviv: fix power register offset on GC300
- [armhf] drm/etnaviv: hold GPU lock across perfmon sampling
- [arm64] drm/msm/dpu: cast crtc_clk calculation to u64 in
_dpu_core_perf_calc_clk()
- netlink: typographical error in nlmsg_type constants definition
- bpf, sockmap: Several fixes to bpf_msg_push_data
- bpf, sockmap: Several fixes to bpf_msg_pop_data (CVE-2024-56720)
- bpf, sockmap: Fix sk_msg_reset_curr
- [amd64] drm/amdkfd: Fix wrong usage of INIT_WORK()
- ALSA: usx2y: Fix spaces
- ALSA: usx2y: Coding style fixes
- ALSA: usx2y: Cleanup probe and disconnect callbacks
- ALSA: usx2y: Use snd_card_free_when_closed() at disconnection
(CVE-2024-56533)
- ALSA: us122l: Use snd_card_free_when_closed() at disconnection
(CVE-2024-56532)
- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
(CVE-2024-56531)
- ALSA: 6fire: Release resources at card release (CVE-2024-53239)
- driver core: Introduce device_find_any_child() helper
- Bluetooth: fix use-after-free in device_for_each_child() (CVE-2024-53237)
- netpoll: Use rcu_access_pointer() in netpoll_poll_lock
- trace/trace_event_perf: remove duplicate samples on the first tracepoint
event
- [armhf] mfd: da9052-spi: Change read-mask to write-mask
- [x86] mfd: intel_soc_pmic_bxtwc: Use dev_err_probe()
- [x86] mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device
(CVE-2024-56691)
- [x86] mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device
(CVE-2024-56724)
- [x86] mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices
(CVE-2024-56723)
- scsi: bfa: Fix use-after-free in bfad_im_module_exit() (CVE-2024-53227)
- scsi: fusion: Remove unused variable 'rc'
- scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()
(CVE-2024-56748)
- scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()
(CVE-2024-56747)
- [arm64] RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()
(CVE-2024-53226)
- ocfs2: fix uninitialized value in ocfs2_file_read_iter() (CVE-2024-53155)
- perf cs-etm: Don't flush when packet_queue fills up
- perf probe: Fix libdw memory leak
- perf probe: Correct demangled symbols in C++ program
- [i386] PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads
- [i386] PCI: cpqphp: Fix PCIBIOS_* return value confusion
- f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block
- f2fs: avoid using native allocate_segment_by_default()
- f2fs: remove struct segment_allocation default_salloc_ops
- f2fs: open code allocate_segment_by_default
- f2fs: remove the unused flush argument to change_curseg
- f2fs: check curseg->inited before write_sum_page in change_curseg
- perf trace: avoid garbage when not printing a trace event's arguments
- perf trace: Do not lose last events in a race
- perf trace: Avoid garbage when not printing a syscall's arguments
- [arm64] rpmsg: glink: Add TX_DATA_CONT command while sending
- [arm64] rpmsg: glink: Send READ_NOTIFY command in FIFO full case
- [arm64] rpmsg: glink: Fix GLINK command prefix
- [arm64] rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name
length
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
(CVE-2024-53217)
- NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir()
- NFSD: Fix nfsd4_shutdown_copy()
- vfio/pci: Properly hide first-in-list PCIe extended capability
(CVE-2024-53214)
- power: supply: core: Remove might_sleep() from power_supply_put()
- power: supply: bq27xxx: Support CHARGE_NOW for bq27z561/bq28z610/bq34z100
- power: supply: bq27xxx: Fix registers of bq27426
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device
- tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL
configuration
- [armhf] net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken
- net: introduce a netdev feature for UDP GRO forwarding
- bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down
- ipmr: convert /proc handlers to rcu_read_lock()
- ipmr: fix tables suspicious RCU usage
- iio: light: al3010: Fix an error handling path in al3010_probe()
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read()
- usb: yurex: make waiting on yurex_write interruptible
- USB: chaoskey: fail open after removal
- USB: chaoskey: Fix possible deadlock chaoskey_list_lock
- misc: apds990x: Fix missing pm_runtime_disable()
- ALSA: hda/realtek - Add type for ALC287
- ALSA: hda/realtek: Update ALC256 depop procedure
- apparmor: fix 'Do simple duplicate message elimination'
- xen: Fix the issue of resource not being properly released in
xenbus_dev_probe() (CVE-2024-53198)
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox
devices (CVE-2024-53197)
- ext4: supress data-race warnings in ext4_free_inodes_{count,set}()
- ext4: fix FS_IOC_GETFSMAP handling
- jfs: xattr: check invalid xattr size more strictly
- ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata()
- [x86] perf/x86/intel/pt: Fix buffer full but size is 0 case
- [amd64] crypto: x86/aegis128 - access 32-bit arguments as 32-bit
- [arm64] KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow
status
- PCI: Fix use-after-free of slot->bus on hot remove (CVE-2024-53194)
- fsnotify: fix sending inotify event with unexpected filename
- [x86] comedi: Flush partial mappings in error case (CVE-2024-53148)
- tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler
- exfat: fix uninit-value in __exfat_get_dentry_set
- Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}()
- driver core: bus: Fix double free in driver API bus_register()
(CVE-2024-50055)
- Revert "usb: gadget: composite: fix OS descriptors w_value logic"
(regression in 5.10.217)
- netfilter: ipset: add missing range check in bitmap_ip_uadt
(CVE-2024-53141)
- spi: Fix acpi deferred irq probe
- [arm64] platform/chrome: cros_ec_typec: fix missing fwnode reference
decrement
- ubi: wl: Put source PEB into correct list if trying locking LEB failed
- [um] ubd: Do not use drvdata in release (CVE-2024-53184)
- [um] net: Do not use drvdata in release (CVE-2024-53183)
- [um] vector: Do not use drvdata in release (CVE-2024-53181)
- [arm64] tls: Fix context-switching of tpidrro_el0 when kpti is enabled
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding
- HID: wacom: Interpret tilt data from Intuos Pro BT as signed values
- [armhf] media: wl128x: Fix atomicity violation in fmc_send_cmd()
(CVE-2024-56700)
- media: v4l2-core: v4l2-dv-timings: check cvt/gtf result
- ALSA: hda/realtek: Update ALC225 depop procedure
- ALSA: hda/realtek: Set PCBeep to default value for ALC274
- [x86] ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4
Max
- [x86] ALSA: hda/realtek: Apply quirk for Medion E15433
- [arm*] usb: dwc3: gadget: Fix checking for number of TRBs left
- [arm*] usb: dwc3: gadget: Fix looping of queued SG entries
(CVE-2024-56698)
- lib: string_helpers: silence snprintf() output truncation warning
- NFSD: Prevent a potential integer overflow (CVE-2024-53146)
- SUNRPC: make sure cache entry active before cache_show (CVE-2024-53174)
- [arm64] rpmsg: glink: Propagate TX failures in intentless mode as well
- [um] Fix potential integer overflow during physmem setup
(CVE-2024-53145)
- NFSv4.0: Fix a use-after-free problem in the asynchronous open()
(CVE-2024-53173)
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work()
(CVE-2024-56739)
- ubifs: Correct the total block count by deducting journal reservation
- ubi: fastmap: Fix duplicate slab cache names while attaching
(CVE-2024-53172)
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit
(CVE-2024-53171)
- jffs2: fix use of uninitialized variable
- block: return unsigned int from bdev_io_min
- 9p/xen: fix init sequence
- 9p/xen: fix release of IRQ (CVE-2024-56704)
- nfs: ignore SB_RDONLY when mounting nfs
- SUNRPC: correct error code comment in xs_tcp_setup_socket()
- SUNRPC: Convert rpc_client refcount to use refcount_t
- sunrpc: remove unnecessary test in rpc_task_set_client()
- SUNRPC: Replace internal use of SOCKWQ_ASYNC_NOSPACE
- sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (CVE-2024-56688)
- quota: flush quota_release_work upon quota writeback (CVE-2024-56780)
- btrfs: ref-verify: fix use-after-free after invalid ref action
(CVE-2024-56581)
- ad7780: fix division by zero in ad7780_write_raw() (CVE-2024-56567)
- util_macros.h: fix/rework find_closest() macros
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()
(CVE-2024-56562)
- dm thin: Add missing destroy_work_on_stack()
- nfsd: make sure exp active before svc_export_show (CVE-2024-56558)
- nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur
(CVE-2024-56779)
- btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in
walk_down_proc() (CVE-2024-46841)
- [armhf] drm/etnaviv: flush shader L1 cache after user commandstream
- [x86] iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
- [armhf] can: sun4i_can: sun4i_can_err(): call can_change_state() even if
cf is NULL
- [armhf] can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
- ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
(CVE-2024-53680)
- netfilter: x_tables: fix LED ID check in led_tg_check() (CVE-2024-56650)
- ptp: Add error handling for adjfine callback in ptp_clock_adjtime
- net/sched: tbf: correct backlog statistic for GSO packets
- net: hsr: avoid potential out-of-bound access in fill_frame_info()
(CVE-2024-56648)
- can: j1939: j1939_session_new(): fix skb reference counting
(CVE-2024-56645)
- net/ipv6: release expired exception dst cached in socket (CVE-2024-56644)
- dccp: Fix memory leak in dccp_feat_change_recv (CVE-2024-56643)
- tipc: Fix use-after-free of kernel socket in cleanup_bearer().
(CVE-2024-56642)
- net/qed: allow old cards not supporting "num_images" to work
- igb: Fix potential invalid memory access in igb_init_module()
(CVE-2024-52332)
- net: sched: fix erspan_opt settings in cls_flower
- netfilter: ipset: Hold module reference while requesting a module
(CVE-2024-56637)
- netfilter: nft_set_hash: skip duplicated elements pending gc run
- ethtool: Fix wrong mod state in case of verbose and no_mask bitset
- geneve: do not assume mac header is set in geneve_xmit_skb()
(CVE-2024-56636)
- gpio: grgpio: Add NULL check in grgpio_probe (CVE-2024-56634)
- tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg
(CVE-2024-56633)
- ocfs2: free inode when ocfs2_get_init_inode() fails (CVE-2024-56630)
- bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie
- bpf: Fix exact match conditions in trie_get_next_key()
- HID: wacom: fix when get product name maybe null pointer (CVE-2024-56629)
- tracing: Fix cmp_entries_dup() to respect sort() comparison rules
- [arm64] ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL
(CVE-2024-57874)
- ALSA: usb-audio: add mixer mapping for Corsair HS80
- [x86] ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8
- [x86] ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360
(NP730QFG)
- scsi: qla2xxx: Fix NVMe and NPIV connect issue
- scsi: qla2xxx: Supported speed displayed incorrectly for VPorts
- scsi: qla2xxx: Fix use after free on unload (CVE-2024-56623)
- scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
(CVE-2024-56619)
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again
(CVE-2024-48881) (regression in 5.10.188)
- bpf: fix OOB devmap writes when deleting elements (CVE-2024-56615)
- dma-buf: fix dma_fence_array_signaled v4
- regmap: detach regmap from dev on regmap_exit
- [x86] mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla
10 tablet
- mmc: core: Further prevent card detect during shutdown
- ocfs2: update seq_file index in ocfs2_dlm_seq_next
- [arm*] iommu/arm-smmu: Defer probe of clients after smmu device bound
(CVE-2024-56568)
- btrfs: avoid unnecessary device path update for the same device
- kcsan: Turn report_filterlist_lock into a raw_spinlock (CVE-2024-56610)
- media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera
- media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108
- [arm*] drm/vc4: hvs: Set AXI panic modes for the HVS
- drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model
- drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check()
- r8169: don't apply UDP padding quirk on RTL8126A
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate()
- af_packet: avoid erroring out after sock_init_data() in packet_create()
(CVE-2024-56606)
- Bluetooth: L2CAP: do not leave dangling sk pointer on error in
l2cap_sock_create() (CVE-2024-56605)
- net: af_can: do not leave a dangling sk pointer in can_create()
(CVE-2024-56603)
- net: ieee802154: do not leave a dangling sk pointer in
ieee802154_create() (CVE-2024-56602)
- net: inet: do not leave a dangling sk pointer in inet_create()
(CVE-2024-56601)
- net: inet6: do not leave a dangling sk pointer in inet6_create()
(CVE-2024-56600)
- wifi: ath5k: add PCI ID for SX76X
- wifi: ath5k: add PCI ID for Arcadyan devices
- drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr
- dma-debug: fix a possible deadlock on radix_lock (CVE-2024-47143)
- jfs: array-index-out-of-bounds fix in dtReadFirst (CVE-2024-56598)
- jfs: fix shift-out-of-bounds in dbSplit (CVE-2024-56597)
- jfs: fix array-index-out-of-bounds in jfs_readdir (CVE-2024-56596)
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
(CVE-2024-56595)
- drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov
- drm/amdgpu: set the right AMDGPU sg segment limitation (CVE-2024-56594)
- wifi: ipw2x00: libipw_rx_any(): fix bad alignment
- wifi: brcmfmac: Fix oops due to NULL pointer dereference in
brcmf_sdiod_sglist_rw() (CVE-2024-56593)
- Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables
- ASoC: hdmi-codec: reorder channel allocation list
- net/neighbor: clear error in case strict check is not set
- netpoll: Use rcu_access_pointer() in __netpoll_setup
- tracing: Use atomic64_inc_return() in trace_clock_counter()
- [arm64] scsi: hisi_sas: Add cond_resched() for no forced preemption model
(CVE-2024-56589)
- leds: class: Protect brightness_show() with led_cdev->led_access mutex
(CVE-2024-56587)
- scsi: st: Don't modify unknown block number in MTIOCGET
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset
- [arm64] pinctrl: qcom-pmic-gpio: add support for PM8937
- nvdimm: rectify the illogical code within nd_dax_probe()
- f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.
(CVE-2024-56586)
- PCI: Add 'reset_subordinate' to reset hierarchy below bridge
- PCI: Add ACS quirk for Wangxun FF5xxx NICs
- i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to
avoid deadlock (CVE-2024-43098)
- [arm*] usb: chipidea: udc: handle USB Error Interrupt if IOC not set
- misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle
- sched/core: Remove the unnecessary need_resched() check in
nohz_csd_func()
- sched/fair: Remove update of blocked load from newidle_balance
- sched/fair: Remove unused parameter of update_nohz_stats
- sched/fair: Merge for each idle cpu loop of ILB
- sched/fair: Trigger the update of blocked load on newly idle cpu
- sched/fair: Add NOHZ balancer flag for nohz.next_balance updates
- sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU
turning busy
- sched/core: Prevent wakeup of ksoftirqd during idle load balance
- btrfs: fix missing snapshot drew unlock when root is dead during swap
activation
- [arm64] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*
- [arm64] KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device
- [arm64] KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE
- jffs2: Prevent rtime decompress memory corruption (CVE-2024-57850)
- jffs2: Fix rtime decompressor
- drm/amd/display: Check BIOS images before it is used (CVE-2024-46809)
- modpost: Add .irqentry.text to OTHER_SECTIONS
- scsi: sd: Fix sd_do_mode_sense() buffer length handling
- scsi: core: Fix scsi_mode_select() buffer length handling
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources
(CVE-2024-53150)
- media: uvcvideo: Require entities to have a non-zero unique ID
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.232
- tcp: check space before adding MPTCP SYN options
- [armhf] ata: sata_highbank: fix OF node reference leak in
highbank_initialize_phys()
- [arm*] usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature
- usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to
accessing null pointer (CVE-2024-56670)
- xfs: don't drop errno values when we fail to ficlone the entire range
- xfs: fix scrub tracepoints when inode-rooted btrees are involved
- bpf, sockmap: Fix update element with same
- virtio/vsock: Fix accept_queue memory leak (CVE-2024-53119)
- exfat: fix potential deadlock on __exfat_get_dentry_set (CVE-2024-42315)
- [amd64,arm64] acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl
(CVE-2024-56662)
- batman-adv: Do not send uninitialized TT changes
- batman-adv: Remove uninitialized data in full table TT response
- batman-adv: Do not let TT changes list grows indefinitely
- tipc: fix NULL deref in cleanup_bearer() (CVE-2024-56661)
- [x86] net: lapb: increase LAPB_HEADER_LEN (CVE-2024-56659)
- ACPI: resource: Fix memory resource type union access
- cxgb4: use port number to set mac addr
- net/sched: netem: account for backlog updates from child qdisc
(CVE-2024-56770)
- net: bonding, dummy, ifb, team: advertise NETIF_F_GSO_SOFTWARE
- bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
- team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
- ACPICA: events/evxfregn: don't release the ContextMutex that was never
acquired
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights()
- bpf: sync_linked_regs() must preserve subreg_def (CVE-2024-53125)
- tracing/kprobes: Skip symbol counting logic for module symbols in
create_local_trace_kprobe()
- [x86] drm/i915: Fix memory leak by correcting cache object name in error
handler
- xen/netfront: fix crash when removing device (CVE-2024-53240)
- [x86] make get_cpu_vendor() accessible from Xen code
- [x86] objtool/x86: allow syscall instruction
- [x86] static-call: provide a way to do very early static-call updates
- [x86] xen: don't do PV iret hypercall through hypercall page
(CVE-2024-53241)
- [x86] xen: add central hypercall functions
- [x86] xen: use new hypercall functions instead of hypercall page
- [x86] xen: remove hypercall page (CVE-2024-53241)
- ALSA: usb-audio: Fix a DMA to stack memory bug
- [i386] static-call: fix 32-bit build
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.233
- net: sched: fix ordering of qlen adjustment (CVE-2024-53164)
- PCI/AER: Disable AER service on suspend
- ALSA: usb: Fix UBSAN warning in parse_audio_unit()
- PCI: Add ACS quirk for Broadcom BCM5760X NIC
- [arm*] usb: dwc2: gadget: Don't write invalid mapped sg entries into
dma_desc with iommu enabled
- erofs: fix order >= MAX_ORDER warning due to crafted negative i_size
- erofs: fix incorrect symlink detection in fast symlink
- net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll
- net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving
proposal msg
- net/smc: check return value of sock_recvmsg when draining clc data
(CVE-2024-57791)
- netdevsim: prevent bad user input in nsim_dev_health_break_write()
(CVE-2024-56716)
- net: hinic: Fix cleanup in create_rxqs/txqs()
- netfilter: ipset: Fix for recursive locking warning
- [arm*] mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC
quirk
- efivarfs: Fix error on non-existent file
- USB: serial: option: add TCL IK512 MBIM & ECM
- USB: serial: option: add MeiG Smart SLM770A
- USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready
- USB: serial: option: add MediaTek T7XX compositions
- USB: serial: option: add Telit FE910C04 rmnet compositions
- zram: refuse to use zero sized block device as backing device
- btrfs: tree-checker: reject inline extent items with 0 ref count
- [x86] Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet
(CVE-2024-55916)
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget
- of/irq: Fix using uninitialized variable @addr_len in API of
_irq_parse_one()
- nilfs2: prevent use of deleted inode (CVE-2024-53690)
- of: Fix error path in of_parse_phandle_with_args_map()
- of: Fix refcount leakage for OF node returned by __of_get_dma_parent()
- ceph: validate snapdirname option length when mounting
- epoll: Add synchronous wakeup support for ep_poll_callback
- media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
(CVE-2024-56769)
- tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress()
- bpf: Check negative offsets in __bpf_skb_min_len()
- nfsd: restore callback functionality for NFSv4.0
- [x86] mtd: diskonchip: Cast an operand to prevent potential overflow
- phy: core: Fix an OF node refcount leakage in _of_phy_get()
- phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup()
- phy: core: Fix that API devm_phy_put() fails to release the phy
- phy: core: Fix that API devm_of_phy_provider_unregister() fails to
unregister the phy provider
- phy: core: Fix that API devm_phy_destroy() fails to destroy the phy
- [arm*] dmaengine: mv_xor: fix child node refcount handling in early exit
- [armhf] dmaengine: at_xdmac: avoid null_prt_deref in
at_xdmac_prep_dma_memset (CVE-2024-56767)
- [armhf] mtd: rawnand: fix double free in atmel_pmecc_create_user()
(CVE-2024-56766)
- tracing/kprobe: Make trace_kprobe's module callback called after
jump_label update
- [x86] watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04
- [x86] scsi: qla1280: Fix hw revision numbering for ISP1020/1040
- scsi: megaraid_sas: Fix for a potential deadlock (CVE-2024-57807)
- ALSA: hda/conexant: fix Z60MR100 startup pop issue
- regmap: Use correct format specifier for logging range errors
- [x86] platform/x86: asus-nb-wmi: Ignore unknown event 0xCF
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver
load time
- [x86] scsi: storvsc: Do not flag MAINTENANCE_IN return of
SRB_STATUS_DATA_OVERRUN as an error
- virtio-blk: don't keep queue frozen during system suspend
(CVE-2024-57946)
- skbuff: introduce skb_expand_head()
- ipv6: use skb_expand_head in ip6_finish_output2
- ipv6: use skb_expand_head in ip6_xmit
- ipv6: fix possible UAF in ip6_finish_output2()
- bpf: Check validity of link->type in bpf_link_show_fdinfo()
(CVE-2024-53099)
- bpf: fix recursive lock when verdict program return SK_PASS
(CVE-2024-56694)
- drm/dp_mst: Fix MST sideband message body length check (CVE-2024-56616)
- [arm64] mm: Rename asid2idx() to ctxid2asid()
- [arm64] Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit
ASIDs
- [arm*] power: supply: gpio-charger: Fix set charge current limits
(CVE-2024-57792)
- btrfs: avoid monopolizing a core when activating a swap file
- nfsd: cancel nfsd_shrinker_work using sync mode in
nfs4_state_shutdown_net (CVE-2024-50121)
- skb_expand_head() adjust skb->truesize incorrectly
- ipv6: prevent possible UAF in ip6_xmit()
- [x86] hyperv: Fix hv tsc page based sched_clock for hibernation
- selinux: ignore unknown extended permissions (CVE-2024-57931)
- [x86] thunderbolt: Add support for Intel Alder Lake
- [x86] thunderbolt: Add support for Intel Raptor Lake
- [x86] thunderbolt: Add support for Intel Meteor Lake
- [x86] thunderbolt: Add Intel Barlow Ridge PCI ID
- [x86] thunderbolt: Add support for Intel Lunar Lake
- [x86] thunderbolt: Add support for Intel Panther Lake-M/P
- RDMA/mlx5: Enforce same type port association for multiport RoCE
- [arm64] drm/bridge: adv7511_audio: Update Audio InfoFrame properly
- netrom: check buffer length before accessing it (CVE-2024-57802)
- netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
(CVE-2024-54031)
- net: llc: reset skb->transport_header
- ALSA: usb-audio: US16x08: Initialize array before use
- RDMA/rtrs: Ensure 'ib_sge list' is accessible (CVE-2024-36476)
- af_packet: fix vlan_get_tci() vs MSG_PEEK (CVE-2024-57902)
- af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (CVE-2024-57901)
- ila: serialize calls to nf_register_net_hooks() (CVE-2024-57900)
- [x86] dmaengine: dw: Select only supported masters for ACPI devices
- btrfs: switch extent buffer tree lock to rw_semaphore
- btrfs: locking: remove all the blocking helpers
- btrfs: rename and export __btrfs_cow_block()
- btrfs: fix use-after-free when COWing tree bock and tracing is enabled
(CVE-2024-56759)
- kernel: Initialize cpumask before parsing
- tracing: Prevent bad count for tracing_cpumask_write (CVE-2024-56763)
- wifi: mac80211: wake the queues in case of failure in resume
- btrfs: flush delalloc workers queue before stopping cleaner kthread
during unmount (CVE-2024-57896)
- sound: usb: format: don't warn that raw DSD is unsupported
- bpf: fix potential error return
- net: usb: qmi_wwan: add Telit FE910C04 compositions
- [arm*] irqchip/gic: Correct declaration of *percpu_base pointer in union
gic_base
- btrfs: locking: remove the recursion handling code
- btrfs: don't set lock_owner when locking extent buffer for reading
- modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host
- modpost: fix the missed iteration for the max bit in do_input()
- RDMA/uverbs: Prevent integer overflow issue (CVE-2024-57890)
- [armhf] pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap
locking (CVE-2024-57889)
- sky2: Add device ID 11ab:4373 for Marvell 88E8075
- net/sctp: Prevent autoclose integer overflow in sctp_association_init()
(CVE-2024-57938)
- [arm64] drm: adv7511: Drop dsi single lane support
- mm: vmscan: account for free pages to prevent infinite Loop in
throttle_direct_reclaim() (CVE-2024-57884)
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.234
- ceph: give up on paths longer than PATH_MAX (CVE-2024-53685)
- jbd2: flush filesystem device before updating tail sequence
- dm array: fix releasing a faulty array block twice in dm_array_cursor_end
(CVE-2024-57929)
- dm array: fix unreleased btree blocks on closing a faulty array cursor
- dm array: fix cursor index when skipping across block boundaries
- exfat: fix the infinite loop in exfat_readdir() (CVE-2024-57940)
- netfilter: nft_dynset: honor stateful expressions in set definition
- ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe()
- net: 802: LLC+SNAP OID:PID lookup on start of skb data
- tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
- tcp/dccp: allow a connection when sk_max_ack_backlog is zero
- net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (CVE-2025-21653)
- cxgb4: Avoid removal of uninserted tid
- netfilter: nf_tables: imbalance in flowtable binding
- netfilter: conntrack: clamp maximum hashtable size to INT_MAX
(CVE-2025-21648)
- afs: Fix the maximum cell name length (CVE-2025-21646)
- dm thin: make get_first_thin use rcu-safe list first function
(CVE-2025-21664)
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
(CVE-2025-21640)
- sctp: sysctl: auth_enable: avoid using current->nsproxy (CVE-2025-21638)
- drm/amd/display: Add check for granularity in dml ceil/floor helpers
(CVE-2024-57922)
- [x86] ACPI: resource: Add TongFang GM5HG0A to
irq1_edge_low_force_override[]
- [x86] ACPI: resource: Add Asus Vivobook X1504VAP to
irq1_level_low_skip_override[]
- drm/amd/display: increase MAX_SURFACES to the value supported by hw
- scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and
transitivity
- md/raid5: fix atomicity violation in raid5_cache_count
- USB: serial: option: add MeiG Smart SRM815
- USB: serial: option: add Neoway N723-EA support
- usb-storage: Add max sectors quirk for Nokia 208
- USB: serial: cp210x: add Phoenix Contact UPS Device
- [arm*] usb: dwc3: gadget: fix writing NYET threshold
- USB: usblp: return error when setting unsupported protocol
- USB: core: Disable LPM only for non-suspended ports
- usb: fix reference leak in usb_new_device()
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (CVE-2024-57913)
- iio: pressure: zpa2326: fix information leak in triggered buffer
(CVE-2024-57912)
- iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered
buffer (CVE-2024-57911)
- iio: light: vcnl4035: fix information leak in triggered buffer
(CVE-2024-57910)
- iio: imu: kmx61: fix information leak in triggered buffer
(CVE-2024-57908)
- iio: adc: ti-ads8688: fix information leak in triggered buffer
(CVE-2024-57906)
- iio: gyro: fxas21002c: Fix missing data update in trigger handler
- iio: adc: at91: call input_free_device() on allocated iio_dev
(CVE-2024-57904)
- iio: inkern: call iio_device_put() only on mapped devices
- [arm64] dts: rockchip: add #power-domain-cells to power domain nodes
- [arm64] dts: rockchip: add hevc power domain clock to rk3328
- loop: let set_capacity_revalidate_and_notify update the bdev size
- nvme: let set_capacity_revalidate_and_notify update the bdev size
- sd: update the bdev size in sd_revalidate_disk
- block: remove the update_bdev parameter to
set_capacity_revalidate_and_notify
- ocfs2: correct return value of ocfs2_local_free_info()
- ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
(CVE-2024-57892)
- [arm64] drm: bridge: adv7511: Remove redundant null check before
clk_disable_unprepare
- drm/mipi-dsi: Create devm device registration
- drm/mipi-dsi: Create devm device attachment
- [arm64] drm/bridge: adv7533: Switch to devm MIPI-DSI helpers
- [arm64] drm: bridge: adv7511: unregister cec i2c device after cec adapter
- [arm64] drm: bridge: adv7511: use dev_err_probe in probe function
- [arm64] drm: adv7511: Fix use-after-free in adv7533_attach_dsi()
(CVE-2024-57887)
- sctp: sysctl: rto_min/max: avoid using current->nsproxy (CVE-2025-21639)
- [armhf] net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
- bpf: Fix bpf_sk_select_reuseport() memory leak (CVE-2025-21683)
- net: net_namespace: Optimize the code
- net: add exit_batch_rtnl() method
- gtp: use exit_batch_rtnl() method
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
- gtp: Destroy device along with udp socket's netns dismantle.
(CVE-2025-21678)
- nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
- net/mlx5: Add priorities for counters in RDMA namespaces
- net/mlx5: Refactor mlx5_get_flow_namespace
- net/mlx5: Fix RDMA TX steering prio
- [armhf] drm/v3d: Ensure job pointer is set to NULL after job completion
(CVE-2025-21697)
- mac802154: check local interfaces before deleting sdata list
(CVE-2024-57948)
- hfs: Sanity check the root record
- fs: fix missing declaration of init_files
- kheaders: Ignore silly-rename files
- poll_wait: add mb() to fix theoretical race between waitqueue_active()
and .poll()
- nvmet: propagate npwg topology
- [x86] asm: Make serialize() always_inline
- [amd64,arm64] net: ethernet: xgbe: re-add aneg to supported features in
PHY quirks
- vsock/virtio: cancel close work in the destructor
- vsock: reset socket state when de-assigning the transport
- fs/proc: fix softlockup in __read_vmcore (part 2) (CVE-2025-21694)
- gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(CVE-2024-36899)
- [arm*] irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
- hrtimers: Handle CPU state correctly on hotplug (CVE-2024-57951)
- iio: imu: inv_icm42600: fix spi burst write not supported
- iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on
- [arm*] iio: adc: rockchip_saradc: fix information leak in triggered
buffer (CVE-2024-57907)
- drm/radeon: check bo_va->bo is non-NULL before using it (CVE-2024-41060)
- vmalloc: fix accounting with i915
- [arm64] RDMA/hns: Fix deadlock on SRQ async events. (CVE-2024-38591)
- blk-cgroup: Fix UAF in blkcg_unpin_online() (CVE-2024-56672)
- ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
(CVE-2024-47707)
- nfsd: add list_head nf_gc to struct nfsd_file
- fou: remove warn in gue_gro_receive on unsupported protocol
(CVE-2024-44940)
- vsock/virtio: discard packets if the transport changes (CVE-2025-21669)
- vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
(CVE-2025-21666)
- [x86] xen: fix SLS mitigation in xen_hypercall_iret()
- scsi: sg: Fix slab-use-after-free read in sg_release() (CVE-2024-56631)
- net: fix data-races around sk->sk_forward_alloc (CVE-2024-53124)
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS
request
- [arm*] irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
(CVE-2025-21699)
- net: sched: fix ets qdisc OOB Indexing (CVE-2025-21692)
- vfio/platform: check the bounds of read/write syscalls (CVE-2025-21687)
- Bluetooth: RFCOMM: Fix not validating setsockopt user input
(CVE-2024-35966)
- ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
(CVE-2024-50304)
- wifi: iwlwifi: add a few rate index validity checks
- USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
(CVE-2025-21689)
- Input: atkbd - map F23 key to support default copilot shortcut
- [x86] Input: xpad - add unofficial Xbox 360 wireless receiver clone
- [x86] Input: xpad - add support for wooting two he (arm)
- [armhf] drm/v3d: Assign job pointer to NULL before signaling the fence
(CVE-2025-21688)
- xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals
- Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM
conditionals
.
[ Ben Hutchings ]
* Bump ABI to 34
* [rt] Update to 5.10.234-rt126
* perf cs-etm: Add missing variable in cs_etm__process_queues()
* xen: Fix regressions in 5.10.227 and 5.10.232:
- [x86] xen: fix xen_hypercall_hvm() to not clobber %rbx
- [x86] xen: add FRAME_END to xen_hypercall_hvm()
- [x86] static-call: Remove early_boot_irqs_disabled check to fix Xen PVH
dom0
- Revert "xen/swiotlb: add alignment check for dma buffers"
* netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (regression in
5.10.232)
* Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (regression
in 5.10.231)
* ALSA: hda/realtek: Fixup ALC225 depop procedure (regression in 5.10.231)
* gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
(regression in 5.10.234)
.
[ Salvatore Bonaccoros ]
* d/salsa-ci.yml: Suppress aliased-location lintian errors
* debian/salsa-ci.yml: Include run of .build-after-script from common
pipeline.
* debian/salsa-ci.yml: Reference .build-after-script from after_script
section
Checksums-Sha1:
244189e861e7649be59b58ae94fe85eb5ea183bc 8609 linux-signed-amd64_5.10.234+1.dsc
29e06304f94faad3aa1471406681c9aa2194236f 2971468 linux-signed-amd64_5.10.234+1.tar.xz
Checksums-Sha256:
a0d0897e71bf146ff364690d70d6c407f414fe0f5b55ff91a78546ac12e43198 8609 linux-signed-amd64_5.10.234+1.dsc
5baf0547490b98b9161b124318edd980234c2cd1e8d289699ce269b74b0ddb74 2971468 linux-signed-amd64_5.10.234+1.tar.xz
Files:
726771ffde983dff6b49f1181c5a5a2d 8609 kernel optional linux-signed-amd64_5.10.234+1.dsc
c5a52faf622562934533358e791de951 2971468 kernel optional linux-signed-amd64_5.10.234+1.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAme/ZNsACgkQi0FRiLdO
NzbP5Q//W3Ut/BvrP22DMdGst7LbVACyW6TAFONBzgcOoFEYS5ecOhBvGTPWJujc
oOX6wTNc3R9zKzke3/Coe1JGNG7iO/hlLesh9+i137647z6Wjqwg9QTL1XIam6Y7
u7DBjlGbZ9O+kF+uHvKnPK32UP2dzFbFbpYxJPsj3Fq5KzY3qjFvSm8/1sEOU1iT
Sxfin90xLII6ILNhB9xjl9mzCvyAVDs6MVdCgue2J9ZNpc7c10szYe2VjfImfphz
j/avIcbmI4MtgLq/myXoMFTuqj6Bp5H5himMhTrba8EFZEH/dQJ/sGfXKpBSYl9Y
+WBRThobsd9Ps8XKHYdBo+PZLvF8uRa1C8L50LXAzjSzGL0D3KiAUH9TuBGES38P
By491FbUt5nVBqmPHTi78sxxPhisjiAsHPI2/5c20cmPjzxnpbTVXCBlp+fh+U+S
pgj/qj0gDZGf4gzT9wwF64d+sIBLg08kcnyykGXBQs1/4PsNfZULSRNdeSbYQB3h
BWe8LwV7AN9Rizuy3+CKpWrGwjjSRevTBPqpweuqY1Q5IF7Tvsh5NjDxdb4wYgqJ
23k0GNpoSDxOQxS3PJEGIejx6tgajSJdYMbdDy7yXgevNoGStH1ZJMDlbzHw+45Q
vfXVk5lewiDP17gw7sqlEyIGaar+u6KuGs68ZNoCnLJWRxEmUKM=
=PdiL
-----END PGP SIGNATURE-----
Attachment:
pgpo8tdQlSo1G.pgp
Description: PGP signature