Thank you for your contribution to Debian.


Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 04 Jul 2026 16:35:01 +0200
Source: linux
Architecture: source
Version: 7.1.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Kernel Team <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Changes:
 linux (7.1.3-1) unstable; urgency=medium
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v7.x/ChangeLog-7.1.3
     - [amd64] KVM: x86: Fix shadow paging use-after-free due to unexpected role
       (CVE-2026-53359)
     - batman-adv: tp_meter: keep unacked list in ascending ordered
     - batman-adv: tp_meter: initialize dup_acks explicitly
     - batman-adv: tp_meter: initialize dec_cwnd explicitly
     - batman-adv: tp_meter: avoid window underflow
     - batman-adv: tp_meter: avoid divide-by-zero for dec_cwnd
     - batman-adv: tp_meter: fix fast recovery precondition
     - batman-adv: tp_meter: handle seqno wrap-around for fast recovery 
detection
     - batman-adv: tp_meter: add only finished tp_vars to lists
     - batman-adv: bla: annotate lasttime access with READ/WRITE_ONCE
     - batman-adv: prevent ELP transmission interval underflow
     - batman-adv: tp_meter: initialize last_recv_time during init
     - batman-adv: gw: don't deselect gateway with active hardif
     - batman-adv: ensure bcast is writable before modifying TTL
     - batman-adv: fix (m|b)cast csum after decrementing TTL
     - batman-adv: frag: ensure fragment is writable before modifying TTL
     - batman-adv: frag: avoid underflow of TTL
     - batman-adv: v: prevent OGM aggregation on disabled hardif
     - batman-adv: tp_meter: restrict number of unacked list entries
     - batman-adv: tp_meter: annotate last_recv_time access with READ/WRITE_ONCE
     - batman-adv: tp_meter: prevent parallel modifications of last_recv
     - batman-adv: tp_meter: handle overlapping packets
     - batman-adv: tt: don't merge change entries with different VIDs
     - batman-adv: tt: track roam count per VID
     - batman-adv: dat: prevent false sharing between VLANs
     - batman-adv: tvlv: enforce 2-byte alignment
     - batman-adv: tvlv: avoid race of cifsnotfound handler state
     - ipv6: account for fraggap on the paged allocation path (CVE-2026-53362)
     - ipv4: account for fraggap on the paged allocation path
     - ntfs3: reject direct userspace writes to reserved $LX* xattrs
     - wifi: mt76: add wcid publish check in mt76_sta_add
     - mac802154: llsec: add skb_cow_data() before in-place crypto
     - net: skmsg: preserve sg.copy across SG transforms
     - net: ip_gre: require CAP_NET_ADMIN in the device netns for changelink
     - PCI/P2PDMA: Add Intel QAT, DSA, IAA devices to whitelist
     - apparmor: mediate the implicit connect of TCP fast open sendmsg
     - apparmor: fix use-after-free in rawdata dedup loop
     - NTB: epf: Avoid pci_iounmap() with offset when PEER_SPAD and CONFIG share
       BAR
     - fbdev: fix use-after-free in store_modes()
     - fscrypt: Fix key setup in edge case with multiple data unit sizes
     - kernel/fork: clear PF_BLOCK_TS in copy_process()
     - block: invalidate cached plug timestamp after task switch
     - [arm64] KVM: arm64: Omit tag sync on stage-2 mappings of the zero page
     - err.h: use __always_inline on all error pointer helpers
     - gcov: use atomic counter updates to fix concurrent access crashes
     - KEYS: fix overflow in keyctl_pkey_params_get_2()
     - keys: Pin request_key_auth payload in instantiate paths
     - userfaultfd: ensure mremap_userfaultfd_fail() releases mmap_changing
     - userfaultfd: build __VMA_UFFD_FLAGS from config-gated masks
     - wifi: mt76: mt76x2u: Add support for ELECOM WDC-867SU3S
     - wifi: mt76: mt7925: don't disable AP BSS when removing TDLS peer
     - wifi: ath11k: fix warning when unbinding
     - wifi: rtl8xxxu: Detect the maximum supported channel width
     - wifi: rtlwifi: rtl8821ae: Fix C2H bit location in RX descriptor
     - wifi: rtw88: increase TX report timeout to fix race condition
     - wifi: rtw88: usb: fix memory leaks on USB write failures
     - wifi: iwlwifi: mvm: fix race condition in PTP removal
     - wifi: iwlwifi: mld: fix race condition in PTP removal
     - wifi: iwlwifi: mld: validate sta_mask before ffs() in BA session handlers
     - f2fs: fix missing read bio submission on large folio error
     - f2fs: pass correct iostat type for single node writes
     - f2fs: reject setattr size changes on large folio files
     - f2fs: fix to do sanity check on f2fs_get_node_folio_ra()
     - f2fs: validate orphan inode entry count
     - f2fs: validate compress cache inode only when enabled
     - f2fs: atomic: fix UAF issue on f2fs_inode_info.atomic_inode
     - f2fs: fix to round down start offset of fallocate for pin file
     - f2fs: bound i_inline_xattr_size for non-inline-xattr inodes
     - f2fs: validate ACL entry sizes in f2fs_acl_from_disk()
     - Revert "f2fs: remove non-uptodate folio from the page cache in
       move_data_block"
     - f2fs: fix incorrect FI_NO_EXTENT handling in __destroy_extent_node()
     - f2fs: keep atomic write retry from zeroing original data
     - f2fs: read COW data with the original inode during atomic write
     - block: Avoid mounting the bdev pseudo-filesystem in userspace
     - bpf: use kvfree() for replaced sysctl write buffer
     - exfat: fix potential use-after-free in exfat_find_dir_entry()
     - [amd64] KVM: x86/mmu: Ensure hugepage is in by slot before checking max
       mapping level
     - KVM: Replace guest-triggerable BUG_ON() in ioeventfd datamatch with
       get_unaligned()
     - gfs2: fix use-after-free in gfs2_qd_dealloc
     - pwrseq: core: fix use-after-free in pwrseq_debugfs_seq_next()
     - hdlc_ppp: sync per-proto timers before freeing hdlc state
     - blk-cgroup: fix UAF in __blkcg_rstat_flush()
     - tipc: fix slab-use-after-free Read in tipc_aead_decrypt_done
     - [loong64] Report dying CPU to RCU in stop_this_cpu()
     - pNFS: Fix use-after-free in pnfs_update_layout()
     - sched/mmcid: Fix OOB clear_bit when CID is MM_CID_UNSET in fixup path
     - irqchip/imgpdc: Fix resource leak, add missing chained handler cleanup on
       remove
     - fpga: region: fix use-after-free in child_regions_with_firmware()
     - rpmsg: char: Fix use-after-free on probe error path
     - ocfs2: reject oversized group bitmap descriptors
     - 9p: avoid putting oldfid in p9_client_walk() error path
     - [amd64] KVM: x86: hyper-v: Bound the bank index when querying sparse 
banks
     - [amd64] KVM: SVM: Fix page overflow in sev_dbg_crypt() for ENCRYPT path
     - power: reset: linkstation-poweroff: fix use-after-free in the
       linkstation_poweroff_init()
     - [riscv64] mm: Extract helper mark_new_valid_map()
     - [riscv64] kfence: Call mark_new_valid_map() for kfence_unprotect()
     - ntfs: serialize volume label accesses
     - fbdev: Fix fb_new_modelist to prevent null-ptr-deref in
       fb_videomode_to_var
     - fbdev: fbcon: fix out-of-bounds read in err_out of fbcon_do_set_font()
     - fbdev: omap2: fix use-after-free in omapfb_mmap
     - fbdev: modedb: fix a possible UAF in fb_find_mode()
     - fbdev: modedb: Fix misaligned fields in the 1920x1080-60 mode
     - i2c: core: fix adapter registration race
     - nfsd: release layout stid on setlease failure
     - NFSD: Fix SECINFO_NO_NAME decode error cleanup
     - nfsd: fix posix_acl leak on SETACL decode failure
     - nfsd: fix inverted cp_ttl check in async copy reaper
     - nfsd: fix posix_acl leak and ignored error in nfsd4_create_file
     - nfsd: check get_user() return when reading princhashlen
     - nfsd: fix dead ACL conflict guard in nfsd4_create
     - nfsd: avoid leaking pre-allocated openowner on unconfirmed retry race
     - nfsd: reset write verifier on deferred writeback errors
     - NFSv4/flexfiles: reject zero filehandle version count
     - NFSv4/pNFS: reject zero-length r_addr in nfs4_decode_mp_ds_addr
     - NFSv4: clear exception state on successful mkdir retry
     - NFS: Prevent resource leak in nfs_alloc_server()
     - ksmbd: fix out-of-bounds read in smb_check_perm_dacl()
     - net/tcp-ao: fix use-after-free of key in del_async path
     - apparmor: advertise the tcp fast open fix is applied
 .
   [ Aurelien Jarno ]
   * [riscv64] Enable CPU_FREQ_DEFAULT_GOV_SCHEDUTIL instead of
     CPU_FREQ_DEFAULT_GOV_PERFORMANCE
 .
   [ Ben Hutchings ]
   * [sparc64] udeb: scsi-modules: Use the default module list
Checksums-Sha1:
 a5284479532b772d954beb48d2fb01933192da67 194732 linux_7.1.3-1.dsc
 9ceb9d6b0da033fe6541f12b7d67eef11e2834f4 161574724 linux_7.1.3.orig.tar.xz
 254d825ac3ce9993bb0c8b988828bd782db6cd5c 1469968 linux_7.1.3-1.debian.tar.xz
 32264d08a2479636402f2b932f50f4192bc8f6a5 6926 linux_7.1.3-1_source.buildinfo
Checksums-Sha256:
 5ce6d1419d7dc69ff782c3a0b5173159ebb29cffa7003fec9fba59c2707ada82 194732 
linux_7.1.3-1.dsc
 61cdf2ccda33d046aa9fcd40a130bfddd03a3c8b2379fc08925f0efe7f69a32c 161574724 
linux_7.1.3.orig.tar.xz
 05580592ecefe9c138f2d550bc7111d43bba4996580e16339ca6cc34489c6a49 1469968 
linux_7.1.3-1.debian.tar.xz
 977e77f76dd6be780ef8b8af8528001043a91b5ebe7f79d32fdabb5075850767 6926 
linux_7.1.3-1_source.buildinfo
Files:
 8907a6e7fc0a8ed46717092269ca68a3 194732 kernel optional linux_7.1.3-1.dsc
 e67e4ddf89ee17b48f70e04defc1fb25 161574724 kernel optional 
linux_7.1.3.orig.tar.xz
 8e0073a9045e43da837069d3d3026771 1469968 kernel optional 
linux_7.1.3-1.debian.tar.xz
 5df261c8bbfa36e0a67e5aae38ffe1b4 6926 kernel optional 
linux_7.1.3-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmpJHD9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E88UP/jutKqi0uMmPoGGJhA4yK+CqvUQ51/HL
Fd1x6P9S+uyeqwMoDmJgXhf4DebBWIygym95G+gHVyXm54aDBzG2JUfT8iavAVs4
wCIieDmqHE7pk44OAJxX1CHppe/sk/X/D2pFRfpq5Ts+z1REwpI3UzqTeMR7ySlx
KiOmr2BXuY26yzX09r5mfWh0NbZ2kHKfushsuV/fsuEsuzkikC63Z3ont9CJCBMc
auOuFO+vHw+CaTpy9FW6MnAKZV4/fVBUZgmqxz4IAAZilafxKb0kx/adUYAW/Xe+
94/KoGql1Kv/F1oArBcXKp2jtuYYynCxZU8MRK/cCa3qDlTeC6ZvKVoLr9/kg3wt
suYNRao5rbVbJpjko3gvMz3FbYJoJefJ2JgiYoBiBKTXCss97h/KpEXQ0L9XN/Fc
jNkked1Gq0STq5pBtq2AYTM0JhoUew39QD1GKZ3VKjBUHXt+6sQXKGInCACXYno7
sXnJwE7bTEnewSDJyPd7FGnzIihK5iAwYt0OaJq+EQnyV5DrzZmkP2omDMbhqzRq
OndBkB8oL55SbSvu9xjjN8BMVah4Dt3KHnraWm8o8oshh8q8MYZbKSmzwUeh69cs
CtiHxQvX3lOk5Lp/laZoxVZ3Puhfl3LT2yUFnNVNOyA+lhZ6N2UUHC3qm0Xgfvhr
KhkWUvD1cRGe
=pIVd
-----END PGP SIGNATURE-----

Attachment: pgpChbzCZ5nRD.pgp
Description: PGP signature

Reply via email to