Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 07 Feb 2025 10:43:47 +0100
Source: linux-signed-amd64
Architecture: source
Version: 6.1.128+1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Changes:
linux-signed-amd64 (6.1.128+1) bookworm-security; urgency=high
.
* Sign kernel from linux 6.1.128-1
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.125
- ceph: give up on paths longer than PATH_MAX (CVE-2024-53685)
- bpf, sockmap: Fix race between element replace and close()
(CVE-2024-56664)
- sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers
(CVE-2024-53128)
- jbd2: increase IO priority for writing revoke records
- jbd2: flush filesystem device before updating tail sequence
- dm array: fix releasing a faulty array block twice in dm_array_cursor_end
- dm array: fix unreleased btree blocks on closing a faulty array cursor
- dm array: fix cursor index when skipping across block boundaries
- exfat: fix the infinite loop in exfat_readdir()
- exfat: fix the infinite loop in __exfat_free_cluster()
- scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and
transitivity
- net: 802: LLC+SNAP OID:PID lookup on start of skb data
- tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
- tcp/dccp: allow a connection when sk_max_ack_backlog is zero
- net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails
- cxgb4: Avoid removal of uninserted tid
- ice: fix incorrect PHY settings for 100 GB/s
- tls: Fix tls_sw_sendmsg error handling
- Bluetooth: hci_sync: Fix not setting Random Address when required
- tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset
- netfilter: nf_tables: imbalance in flowtable binding
- netfilter: conntrack: clamp maximum hashtable size to INT_MAX
- sched: sch_cake: add bounds checks to host bulk flow fairness counts
- net/mlx5: Fix variable not being completed when function returns
- ksmbd: fix a missing return value check bug
- afs: Fix the maximum cell name length
- ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked
- dm thin: make get_first_thin use rcu-safe list first function
- dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
- sctp: sysctl: rto_min/max: avoid using current->nsproxy
- sctp: sysctl: auth_enable: avoid using current->nsproxy
- sctp: sysctl: udp_port: avoid using current->nsproxy
- sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
- drm/amd/display: Add check for granularity in dml ceil/floor helpers
- thermal: of: fix OF node leak in of_thermal_zone_find()
- ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
- ACPI: resource: Add Asus Vivobook X1504VAP to
irq1_level_low_skip_override[]
- drm/amd/display: increase MAX_SURFACES to the value supported by hw
- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take
2)
- bpf: Add MEM_WRITE attribute
- bpf: Fix overloading of MEM_UNINIT's meaning (CVE-2024-50164)
- USB: serial: option: add MeiG Smart SRM815
- USB: serial: option: add Neoway N723-EA support
- usb-storage: Add max sectors quirk for Nokia 208
- USB: serial: cp210x: add Phoenix Contact UPS Device
- usb: dwc3: gadget: fix writing NYET threshold
- topology: Keep the cpumask unchanged when printing cpumap
- usb: gadget: u_serial: Disable ep before setting port to null to fix the
crash caused by port being null
- usb: dwc3-am62: Disable autosuspend during remove
- USB: usblp: return error when setting unsupported protocol
- USB: core: Disable LPM only for non-suspended ports
- usb: fix reference leak in usb_new_device()
- usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
- iio: light: vcnl4035: fix information leak in triggered buffer
- iio: imu: kmx61: fix information leak in triggered buffer
- iio: gyro: fxas21002c: Fix missing data update in trigger handler
- iio: inkern: call iio_device_put() only on mapped devices
- io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
- of/address: Add support for 3 address cell bus
- of: address: Fix address translation when address-size is greater than 2
- of: address: Remove duplicated functions
- of: address: Store number of bus flag cells rather than bool
- of: address: Preserve the flags portion on 1:1 dma-ranges mapping
- ocfs2: correct return value of ocfs2_local_free_info()
- ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
(CVE-2024-57892)
- drm: bridge: adv7511: use dev_err_probe in probe function
- drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (CVE-2024-57887)
- xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.126
- Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM
conditionals
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.127
- [arm64,armhf] net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
- bpf: Fix bpf_sk_select_reuseport() memory leak
- openvswitch: fix lockup on tx to unregistering netdev with carrier
- pktgen: Avoid out-of-bounds access in get_imix_entries
- net: add exit_batch_rtnl() method
- gtp: use exit_batch_rtnl() method
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
- gtp: Destroy device along with udp socket's netns dismantle.
- nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
- net/mlx5: Fix RDMA TX steering prio
- net/mlx5: Clear port select structure when fail to create
- [arm64] drm/v3d: Ensure job pointer is set to NULL after job completion
- hwmon: (tmp513) Fix division of negative numbers
- Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data"
- i2c: mux: demux-pinctrl: check initial mux selection, too
- i2c: rcar: fix NACK handling when being a target
- nvmet: propagate npwg topology
- mac802154: check local interfaces before deleting sdata list
- hfs: Sanity check the root record
- fs: fix missing declaration of init_files
- kheaders: Ignore silly-rename files
- cachefiles: Parse the "secctx" immediately
- scsi: ufs: core: Honor runtime/system PM levels if set by host controller
drivers
- ACPI: resource: acpi_dev_irq_override(): Check DMI match last
- iomap: avoid avoid truncating 64-bit offset to 32 bits
- poll_wait: add mb() to fix theoretical race between waitqueue_active()
and
.poll()
- [x86] asm: Make serialize() always_inline
- ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA
- zram: fix potential UAF of zram table
- mptcp: be sure to send ack when mptcp-level window re-opens
- net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
- vsock/virtio: discard packets if the transport changes
- vsock/virtio: cancel close work in the destructor
- vsock: reset socket state when de-assigning the transport
- vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
- filemap: avoid truncating 64-bit offset to 32 bits
- fs/proc: fix softlockup in __read_vmcore (part 2)
- gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(CVE-2024-36899)
- [arm64] pmdomain: imx8mp-blk-ctrl: add missing loop break condition
- irqchip: Plug a OF node reference leak in platform_irqchip_probe()
- irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
- irqchip/gic-v3-its: Don't enable interrupts in
its_irq_set_vcpu_affinity()
- hrtimers: Handle CPU state correctly on hotplug
- [x86] drm/i915/fb: Relax clear color alignment to 64 bytes
- Revert "PCI: Use preserve_config in place of pci_flags"
- iio: imu: inv_icm42600: fix spi burst write not supported
- iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on
- [arm64,armhf] iio: adc: rockchip_saradc: fix information leak in
triggered
buffer (CVE-2024-57907)
- drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
(CVE-2024-56608)
- drm/amdgpu: fix usage slab after free (CVE-2024-56551)
- block: fix uaf for flush rq while iterating tags (CVE-2024-53170)
- Revert "drm/amdgpu: rework resume handling for display (v2)"
(Closes: #1094766)
- RDMA/rxe: Fix the qp flush warnings in req (CVE-2024-53229)
- scsi: sg: Fix slab-use-after-free read in sg_release() (CVE-2024-56631)
- Revert "regmap: detach regmap from dev on regmap_exit"
- wifi: ath10k: avoid NULL pointer error during sdio remove
(CVE-2024-56599)
- erofs: tidy up EROFS on-disk naming
- erofs: handle NONHEAD !delta[1] lclusters gracefully
- nfsd: add list_head nf_gc to struct nfsd_file
- [x86] xen: fix SLS mitigation in xen_hypercall_iret()
- net: fix data-races around sk->sk_forward_alloc (CVE-2024-53124)
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.128
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS
request
- drm/amd/display: Use HW lock mgr for PSR1
- [arm64,armhf] irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
- regmap: detach regmap from dev on regmap_exit
- ipv6: Fix soft lockups in fib6_select_path under high next hop churn
(CVE-2024-56703)
- softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel
- xfs: bump max fsgeom struct version
- xfs: hoist freeing of rt data fork extent mappings
- xfs: prevent rt growfs when quota is enabled
- xfs: rt stubs should return negative errnos when rt disabled
- xfs: fix units conversion error in xfs_bmap_del_extent_delay
- xfs: make sure maxlen is still congruent with prod when rounding down
- xfs: introduce protection for drop nlink
- xfs: handle nimaps=0 from xfs_bmapi_write in xfs_alloc_file_space
- xfs: allow read IO and FICLONE to run concurrently
- xfs: factor out xfs_defer_pending_abort
- xfs: abort intent items when recovery intents fail
- xfs: only remap the written blocks in xfs_reflink_end_cow_extent
- xfs: up(ic_sema) if flushing data device fails
- xfs: fix internal error from AGFL exhaustion
- xfs: inode recovery does not validate the recovered inode
- xfs: clean up dqblk extraction
- xfs: dquot recovery does not validate the recovered dquot
- xfs: clean up FS_XFLAG_REALTIME handling in xfs_ioctl_setattr_xflags
- xfs: respect the stable writes flag on the RT device
- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
- io_uring: fix waiters missing wake ups (Closes: #1093243)
- net: sched: fix ets qdisc OOB Indexing
- block: fix integer overflow in BLKSECDISCARD (CVE-2024-49994)
- Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad"
- vfio/platform: check the bounds of read/write syscalls
- ext4: fix access to uninitialised lock in fc replay path (CVE-2024-50014)
- ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
(CVE-2024-50304)
- scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
- wifi: iwlwifi: add a few rate index validity checks
- smb: client: fix UAF in async decryption (CVE-2024-50047)
- USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
- Revert "usb: gadget: u_serial: Disable ep before setting port to null to
fix the crash caused by port being null"
- ALSA: usb-audio: Add delay quirk for USB Audio Device
- Input: atkbd - map F23 key to support default copilot shortcut
- Input: xpad - add unofficial Xbox 360 wireless receiver clone
- Input: xpad - add support for wooting two he (arm)
- smb: client: fix NULL ptr deref in crypto_aead_setkey()
- [arm64] drm/v3d: Assign job pointer to NULL before signaling the fence
.
[ Salvatore Bonaccorso ]
* Bump ABI to 31
* [rt] Update to 6.1.127-rt48
Checksums-Sha1:
ba16c8af7fb807fd32ad179d0e5eb84839487b69 8490 linux-signed-amd64_6.1.128+1.dsc
064ea4d186443130d025bce7fca65ad7bcdf9c40 3232180
linux-signed-amd64_6.1.128+1.tar.xz
Checksums-Sha256:
a6cade01d8da3a7a466f53d80d21f9ec071d8daa071d8ae0a9cd248aede2b9f4 8490
linux-signed-amd64_6.1.128+1.dsc
051676625e746824f1dc5c4fd82b5839b4419da53e91dab6ea321ecdd172490a 3232180
linux-signed-amd64_6.1.128+1.tar.xz
Files:
6b5bd4a2522ef269bb24fe4ea8aa209f 8490 kernel optional
linux-signed-amd64_6.1.128+1.dsc
3875eac4ac77e36a79dd03c34ecd0cb1 3232180 kernel optional
linux-signed-amd64_6.1.128+1.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmemRYsACgkQi0FRiLdO
NzbAPQ//eNkNLIVYX1l/WwfmXp6Z6rpJFHuDUWcVvTti2K0tYzuolutr6Pxh0dIU
T7ULahxga5iQWB5T3JAMK+GtdLBXiW6PNFl28/YyWS11e829HsNYUIDQg7AbrJex
yKYwLW7yHKR/+lw0jL3AzEazPXppqM20zlny0m6E1R/QZlL4issIrEiFexJLByF0
D/ATWiupD1rVnmpo3l/UIWUhsIIHEPXpJi20P/kzsD4dBWzLEmOmZ0oR9bqJYZBy
+9pKOUo9Gyc5w1x6Hj/rAdaCueGveJk4svHoFKDebjniOWEZYDZOGL8GtEiCiS1u
n93bYzywJiOX+cj7Ng+nrK+aFAze8CyqCnJZM3TLCpebhjaCqlqQQJzT2ObRth3A
tFh/gVdVwetyQocYoaU3Uz0ZoO8i4B/IiyTA4VZ3GHiPUhkSRjCiFIZUO34a+UI/
lVYrLbZtGO0/vWv6SMrasnXySyvTT1e7PBwFn9ctjetXubMOdUJRbdqez3OpD03N
QbI3wN86qgY8ZMQqmZl/oeK5lfJY1v5fF3SqEWRHZmTcp3Cj9nKo1ermnw2guU5P
UPZGR5ItaN1ht4/YU12h1PUeCdg07Vpp/W9PTqWFfdB8SIlEZ2Kh20yLlxfnCkmf
5SxSIODc+xO/yEfcX8pwq2390oSvg3EGlyA586o/LSMCyF5IoGM=
=+W6/
-----END PGP SIGNATURE-----
pgpI2ns4fPLKY.pgp
Description: PGP signature
