diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-08 17:45:38 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-08 17:46:06 +0000 |
commit | 30c4ae2eedacfbb99ce91d04f6232e7c26e498dd (patch) | |
tree | 968a4e3149e28312eb427de8cdfc970ad5a8cffb /debian/changelog | |
parent | Merging upstream version 5.10.216. (diff) | |
download | linux-30c4ae2eedacfbb99ce91d04f6232e7c26e498dd.tar.xz linux-30c4ae2eedacfbb99ce91d04f6232e7c26e498dd.zip |
Merging debian version 5.10.216-1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/changelog')
-rw-r--r-- | debian/changelog | 1257 |
1 files changed, 1257 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 2cf5cf31c..5be3bf41d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,1260 @@ +linux (5.10.216-1) bullseye-security; urgency=high + + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.210 + - units: change from 'L' to 'UL' + - units: add the HZ macros + - spi: introduce SPI_MODE_X_MASK macro + - iio: adc: ad7091r: Set alert bit in config register + - iio: adc: ad7091r: Allow users to configure device events + - iio: adc: ad7091r: Enable internal vref if external vref is not supplied + - dmaengine: fix NULL pointer in channel unregistration function + - iio:adc:ad7091r: Move exports into IIO_AD7091R namespace. + - ext4: allow for the last group to be marked as trimmed + - crypto: api - Disallow identical driver names + - PM: hibernate: Enforce ordering during image compression/decompression + - hwrng: core - Fix page fault dead lock on mmap-ed hwrng + - [s390x] crypto: s390/aes - Fix buffer overread in CTR mode + - bus: mhi: host: Drop chan lock before queuing buffers + - async: Split async_schedule_node_domain() + - async: Introduce async_schedule_dev_nocall() + - [arm64] dts: qcom: sdm845: fix USB wakeup interrupt types + - [arm64] dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts + - lsm: new security_file_ioctl_compat() hook + - scripts/get_abi: fix source path leak + - mmc: core: Use mrq.sbc in close-ended ffu + - mmc: mmc_spi: remove custom DMA mapped buffers + - rtc: Adjust failure return code for cmos_set_alarm() + - nouveau/vmm: don't set addr on the fail path to avoid warning + - ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path + - rename(): fix the locking of subdirectories + - block: Remove special-casing of compound pages + - mm: vmalloc: introduce array allocation functions + - KVM: use __vcalloc for very large allocations + - net/smc: fix illegal rmb_desc access in SMC-D connection dump + - tcp: make sure init the accept_queue's spinlocks once + - bnxt_en: Wait for FLR to complete during probe + - vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING + - llc: make llc_ui_sendmsg() more robust against bonding changes + - llc: Drop support for ETH_P_TR_802_2. + - net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv + (CVE-2024-23849) + - tracing: Ensure visibility when inserting an element into tracing_map + - afs: Hide silly-rename files from userspace + - tcp: Add memory barrier to tcp_push() + - netlink: fix potential sleeping issue in mqueue_flush_file + - ipv6: init the accept_queue's spinlocks in inet6_create + - net/mlx5: DR, Use the right GVMI number for drop action + - net/mlx5e: fix a double-free in arfs_create_groups + - netfilter: nf_tables: restrict anonymous set and map names to 16 bytes + - netfilter: nf_tables: validate NFPROTO_* family + - net: mvpp2: clear BM pool before initialization + - fjes: fix memleaks in fjes_hw_setup + - net: fec: fix the unhandled context fault from smmu + - btrfs: ref-verify: free ref cache before clearing mount opt + - btrfs: tree-checker: fix inline ref size in error messages + - btrfs: don't warn if discard range is not aligned to sector + - btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args + - btrfs: don't abort filesystem when attempting to snapshot deleted + subvolume + - rbd: don't move requests to the running list on errors + - exec: Fix error handling in begin_new_exec() + - wifi: iwlwifi: fix a memory corruption + - netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress + basechain + - gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 + - drm: Don't unref the same fb many times by mistake due to deadlock + handling + - drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking + - drm/tidss: Fix atomic_flush check + - drm/bridge: nxp-ptn3460: simplify some error checking + - PM: sleep: Use dev_printk() when possible + - PM: sleep: Avoid calling put_device() under dpm_list_mtx + - PM: core: Remove unnecessary (void *) conversions + - PM: sleep: Fix possible deadlocks in core system-wide PM code + - fs/pipe: move check to pipe_has_watch_queue() + - pipe: wakeup wr_wait after setting max_usage + - [arm64] dts: qcom: sc7180: Use pdc interrupts for USB instead of GIC + interrupts + - [arm64] dts: qcom: sc7180: fix USB wakeup interrupt types + - mm: use __pfn_to_section() instead of open coding it + - mm/sparsemem: fix race in accessing memory_section->usage + - btrfs: remove err variable from btrfs_delete_subvolume + - btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume + being deleted + - drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] + - [armhf] drm/exynos: fix accidental on-stack copy of exynos_drm_plane + - [armhf] drm/exynos: gsc: minor fix for loop iteration in + gsc_runtime_resume + - gpio: eic-sprd: Clear interrupt after set the interrupt type + - spi: bcm-qspi: fix SFDP BFPT read by usig mspi read + - [mips*] Call lose_fpu(0) before initializing fcr31 in + mips_set_personality_nan + - tick/sched: Preserve number of idle sleeps across CPU hotplug events + - [x86] entry/ia32: Ensure s32 is sign extended to s64 + - [powerpc*] mm: Fix null-pointer dereference in pgtable_cache_add + - drivers/perf: pmuv3: don't expose SW_INCR event in sysfs + - [powerpc*] Fix build error due to is_valid_bugaddr() + - [powerpc*] mm: Fix build failures due to arch_reserved_kernel_pages() + - [x86] boot: Ignore NMIs during very early boot + - [powerpc*] pmd_move_must_withdraw() is only needed for + CONFIG_TRANSPARENT_HUGEPAGE + - [powerpc*] lib: Validate size for vector operations + - [x86] mce: Mark fatal MCE's page as poison to avoid panic in the kdump + kernel + - perf/core: Fix narrow startup race when creating the perf nr_addr_filters + sysfs file + - debugobjects: Stop accessing objects after releasing hash bucket lock + - regulator: core: Only increment use_count when enable_count changes + - audit: Send netlink ACK before setting connection in auditd_set + - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop + - PNP: ACPI: fix fortify warning + - ACPI: extlog: fix NULL pointer dereference check + - PM / devfreq: Synchronize devfreq_monitor_[start/stop] + - ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous + events + - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree + - jfs: fix slab-out-of-bounds Read in dtSearch + - jfs: fix array-index-out-of-bounds in dbAdjTree + - jfs: fix uaf in jfs_evict_inode + - pstore/ram: Fix crash when setting number of cpus to an odd number + - crypto: stm32/crc32 - fix parsing list of devices + - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() + - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() + - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() + - jfs: fix array-index-out-of-bounds in diNewExt + - [s390x] ptrace: handle setting of fpc register correctly + - [s390x] KVM: s390: fix setting of fpc register + - SUNRPC: Fix a suspicious RCU usage warning + - ecryptfs: Reject casefold directory inodes + - ext4: fix inconsistent between segment fstrim and full fstrim + - ext4: unify the type of flexbg_size to unsigned int + - ext4: remove unnecessary check from alloc_flex_gd() + - ext4: avoid online resizing failures due to oversized flex bg + - wifi: rt2x00: restart beacon queue when hardware reset + - scsi: lpfc: Fix possible file string name overflow when updating firmware + - PCI: Add no PM reset quirk for NVIDIA Spectrum devices + - bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk + - scsi: arcmsr: Support new PCI device IDs 1883 and 1886 + - wifi: ath9k: Fix potential array-index-out-of-bounds read in + ath9k_htc_txstatus() + - bpf: Add map and need_defer parameters to .map_fd_put_ptr() + - scsi: libfc: Don't schedule abort twice + - scsi: libfc: Fix up timeout error in fc_fcp_rec_error() + - bpf: Set uattr->batch.count as zero before batched update or deletion + - ionic: pass opcode to devcmd_wait + - block/rnbd-srv: Check for unlikely string overflow + - [arm64,armhf] net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error + path + - block: prevent an integer overflow in bvec_try_merge_hw_page + - md: Whenassemble the array, consult the superblock of the freshest device + - wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices + - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() + - wifi: cfg80211: free beacon_ies when overridden from hidden BSS + - Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066 + - Bluetooth: L2CAP: Fix possible multiple reject send + - i40e: Fix VF disable behavior to block all traffic + - f2fs: fix to check return value of f2fs_reserve_new_block() + - ALSA: hda: Refer to correct stream index at loops + - ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument + - fast_dput(): handle underflows gracefully + - RDMA/IPoIB: Fix error code return in ipoib_mcast_join + - drm/amd/display: Fix tiled display misalignment + - f2fs: fix write pointers on zoned device after roll forward + - drm/drm_file: fix use of uninitialized variable + - drm/framebuffer: Fix use of uninitialized variable + - drm/mipi-dsi: Fix detach call without attach + - media: stk1160: Fixed high volume of stk1160_dbg messages + - [x86] PCI: add INTEL_HDA_ARL to pci_ids.h + - [x86] ALSA: hda: Intel: add HDA_ARL PCI ID support + - [x86] ALSA: hda: intel-dspcfg: add filters for ARL-S and ARL + - [armhf] drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind + time + - IB/ipoib: Fix mcast list locking + - media: ddbridge: fix an error code problem in ddb_probe + - [arm64] drm/msm/dpu: Ratelimit framedone timeout msgs + - clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() + - clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() + - watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786 + - drm/amdgpu: Let KFD sync with VM fences + - drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' + - leds: trigger: panic: Don't register panic notifier if creating the + trigger failed + - i3c: master: cdns: Update maximum prescaler value for i2c clock + - xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import + - mfd: ti_am335x_tscadc: Fix TI SoC dependencies + - PCI: Only override AMD USB controller if required + - PCI: switchtec: Fix stdev_release() crash after surprise hot remove + - usb: hub: Replace hardcoded quirk value with BIT() macro + - tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE + - fs/kernfs/dir: obey S_ISGID + - PCI/AER: Decode Requester ID when no error info found + - libsubcmd: Fix memory leak in uniq() + - virtio_net: Fix "ā%dā directive writing between 1 and 11 bytes into a + region of size 10" warnings + - blk-mq: fix IO hang from sbitmap wakeup race + - ceph: fix deadlock or deadcode of misusing dget() + - drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in + 'get_platform_power_management_table()' + - drm/amdgpu: Release 'adev->pm.fw' before return in + 'amdgpu_device_need_post()' + - perf: Fix the nr_addr_filters fix + - wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update + - drm: using mul_u32_u32() requires linux/math64.h + - scsi: isci: Fix an error code problem in isci_io_request_build() + - scsi: core: Introduce enum scsi_disposition + - scsi: core: Move scsi_host_busy() out of host lock for waking up EH + handler + - ip6_tunnel: use dev_sw_netstats_rx_add() + - ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() + - net-zerocopy: Refactor frag-is-remappable test. + - tcp: add sanity checks to rx zerocopy + - ixgbe: Remove non-inclusive language + - ixgbe: Refactor returning internal error codes + - ixgbe: Refactor overtemp event handling + - ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() + - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses + - llc: call sock_orphan() at release time + - netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger + - netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom + expectations + - net: ipv4: fix a memleak in ip_setup_cork + - af_unix: fix lockdep positive in sk_diag_dump_icons() + - net: sysfs: Fix /sys/class/net/<iface> path + - HID: apple: Add support for the 2021 Magic Keyboard + - HID: apple: Add 2021 magic keyboard FN key mapping + - bonding: remove print in bond_verify_device_path + - uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ + - PM: sleep: Fix error handling in dpm_prepare() + - dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools + - dmaengine: ti: k3-udma: Report short packet errors + - dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA + - dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA + - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV + - phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP + (CVE-2024-26600) + - [arm64] drm/msm/dp: return correct Colorimetry for + DP_TEST_DYNAMIC_RANGE_CEA case + - net: stmmac: xgmac: fix handling of DPP safety error for DMA channels + - tunnels: fix out of bounds access when building IPv6 PMTU error + - atm: idt77252: fix a memleak in open_card_ubr0 + - hwmon: (aspeed-pwm-tacho) mutex for tach reading + - [x86] hwmon: (coretemp) Fix out-of-bounds memory access + - [x86] hwmon: (coretemp) Fix bogus core_id to attr name mapping + - inet: read sk->sk_family once in inet_recv_error() + - rxrpc: Fix response to PING RESPONSE ACKs to a dead call + - tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() + - ppp_async: limit MRU to 64K + - netfilter: nft_compat: reject unused compat flag + - netfilter: nft_compat: restrict match/target protocol to u16 + - netfilter: nft_ct: reject direction for ct id + - netfilter: nft_set_pipapo: store index in scratch maps + - netfilter: nft_set_pipapo: add helper to release pcpu scratch area + - netfilter: nft_set_pipapo: remove scratch_aligned pointer + - scsi: core: Move scsi_host_busy() out of host lock if it is for + per-command + - blk-iocost: Fix an UBSAN shift-out-of-bounds warning + - net/af_iucv: clean up a try_then_request_module() + - USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e + - USB: serial: option: add Fibocom FM101-GL variant + - USB: serial: cp210x: add ID for IMST iM871A-USB + - usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK + - hrtimer: Report offline hrtimer enqueue + - Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU + - Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID + - vhost: use kzalloc() instead of kmalloc() followed by memset() + - clocksource: Skip watchdog check for large watchdog intervals + - net: stmmac: xgmac: use #define for string constants + - net: stmmac: xgmac: fix a typo of register name in DPP safety handling + - netfilter: nft_set_rbtree: skip end interval element from gc + (CVE-2024-26581) + - btrfs: forbid creating subvol qgroups + - btrfs: do not ASSERT() if the newly created subvolume already got read + (CVE-2024-23850) + - btrfs: forbid deleting live subvol qgroup + - btrfs: send: return EOPNOTSUPP on unknown flags + - of: unittest: Fix compile in the non-dynamic case + - net: openvswitch: limit the number of recursions from action sets + (CVE-2024-1151) + - spi: ppc4xx: Drop write-only variable + - ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() + - net: sysfs: Fix /sys/class/net/<iface> path for statistics + - [mips*] Add 'memory' clobber to csum_ipv6_magic() inline assembler + - i40e: Fix waiting for queues of all VSIs to be disabled + - tracing/trigger: Fix to return error if failed to alloc snapshot + - mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again + - ALSA: hda/realtek: Fix the external mic not being recognised for Acer + Swift 1 SF114-32 + - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx + - HID: wacom: generic: Avoid reporting a serial of '0' to userspace + - HID: wacom: Do not register input devices until after hid_hw_start + - usb: ucsi_acpi: Fix command completion handling + - USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT + - usb: f_mass_storage: forbid async queue when shutdown happen + - media: ir_toy: fix a memleak in irtoy_tx + - i2c: i801: Remove i801_set_block_buffer_mode + - i2c: i801: Fix block process call transactions (CVE-2024-26593) + - modpost: trim leading spaces when processing source files list + - scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" + - lsm: fix the logic in security_inode_getsecctx() + - firewire: core: correct documentation of fw_csr_string() kernel API + - kbuild: Fix changing ELF file type for output of gen_btf for big endian + - nfc: nci: free rx_data_reassembly skb on NCI device cleanup + - net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() + - xen-netback: properly sync TX responses + - ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL + - [arm*] binder: signal epoll threads of self-work (CVE-2024-26606) + - misc: fastrpc: Mark all sessions as invalid in cb_remove + - ext4: fix double-free of blocks due to wrong extents moved_len + - tracing: Fix wasted memory in saved_cmdlines logic + - staging: iio: ad5933: fix type mismatch regression + - iio: magnetometer: rm3100: add boundary check for the value read from + RM3100_REG_TMRC + - iio: accel: bma400: Fix a compilation problem + - media: rc: bpf attach/detach requires write permission + - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove + - ring-buffer: Clean ring_buffer_poll_wait() error return + - serial: max310x: set default value when reading clock ready bit + - serial: max310x: improve crystal stable clock detection + - [x86] mm/ident_map: Use gbpages only where full GB page should be mapped. + - mmc: slot-gpio: Allow non-sleeping GPIO ro + - ALSA: hda/conexant: Add quirk for SWS JS201D + - nilfs2: fix data corruption in dsync block recovery for small block sizes + - nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() + - crypto: ccp - Fix null pointer dereference in + __sev_platform_shutdown_locked + - nfp: use correct macro for LengthSelect in BAR config + - nfp: flower: prevent re-adding mac index for bonded port + - wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() + - irqchip/irq-brcmstb-l2: Add write memory barrier before exit + - irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update + - [s390x] qeth: Fix potential loss of L3-IP@ in case of network issues + - ceph: prevent use-after-free in encode_cap_msg() + - of: property: fix typo in io-channels + - can: j1939: Fix UAF in j1939_sk_match_filter during + setsockopt(SO_J1939_FILTER) + - pmdomain: core: Move the unused cleanup to a _sync initcall + - tracing: Inform kmemleak of saved_cmdlines allocation + - Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" + - bus: moxtet: Add spi device table + - PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support + - mips: Fix max_mapnr being uninitialized on early stages + - crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init + - serial: Add rs485_supported to uart_port + - serial: 8250_exar: Fill in rs485_supported + - serial: 8250_exar: Set missing rs485_supported flag + - scripts/decode_stacktrace.sh: silence stderr messages from addr2line/nm + - scripts/decode_stacktrace.sh: support old bash version + - scripts: decode_stacktrace: demangle Rust symbols + - scripts/decode_stacktrace.sh: optionally use LLVM utilities + - netfilter: ipset: fix performance regression in swap operation + - netfilter: ipset: Missing gc cancellations fixed + - hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range() + - Revert "arm64: Stash shadow stack pointer in the task struct on interrupt" + - net: prevent mss overflow in skb_segment() (CVE-2023-52435) + - sched/membarrier: reduce the ability to hammer on sys_membarrier + (CVE-2024-26602) + - nilfs2: fix potential bug in end_buffer_async_write + - nilfs2: replace WARN_ONs for invalid DAT metadata block requests + - dm: limit the number of targets and parameter size area (CVE-2024-23851, + CVE-2023-52429) + - PM: runtime: add devm_pm_runtime_enable helper + - PM: runtime: Have devm_pm_runtime_enable() handle + pm_runtime_dont_use_autosuspend() + - [arm64] drm/msm/dsi: Enable runtime PM + - netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() + (CVE-2024-0607) + - net: bcmgenet: Fix EEE implementation + - PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() + https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.211 + - net/sched: Retire CBQ qdisc + - net/sched: Retire ATM qdisc + - net/sched: Retire dsmark qdisc + - smb: client: fix OOB in receive_encrypted_standard() (CVE-2024-0565) + - smb: client: fix potential OOBs in smb2_parse_contexts() (CVE-2023-52434) + - smb: client: fix parsing of SMB3.1.1 POSIX create context + - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset + - userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb + - zonefs: Improve error handling + - sched/rt: Fix sysctl_sched_rr_timeslice intial value + - sched/rt: Disallow writing invalid values to sched_rt_period_us + - scsi: target: core: Add TMF to tmr_list handling + - [arm64] dmaengine: fsl-qdma: increase size of 'irq_name' + - wifi: cfg80211: fix missing interfaces when dumping + - wifi: mac80211: fix race condition on enabling fast-xmit + - fbdev: savage: Error out if pixclock equals zero + - fbdev: sis: Error out if pixclock equals zero + - spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected + - ahci: asm1166: correct count of reported ports + - ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers + - ext4: avoid allocating blocks from corrupted group in + ext4_mb_try_best_found() + - ext4: avoid allocating blocks from corrupted group in + ext4_mb_find_by_goal() + - [armhf] dmaengine: ti: edma: Add some null pointer checks to the + edma_probe + - [arm64] regulator: pwm-regulator: Add validity checks in continuous + .get_voltage + - nvmet-tcp: fix nvme tcp ida memory leak + - [armhf] ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 + - netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in + sctp_new + - nvme-fc: do not wait in vain when unloading module + - nvmet-fcloop: swap the list_add_tail arguments + - nvmet-fc: release reference on target port + - nvmet-fc: abort command when there is no binding + - ext4: correct the hole length returned by ext4_map_blocks() + - Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table + - efi: runtime: Fix potential overflow of soft-reserved region size + - efi: Don't add memblocks for soft-reserved memory + - [x86] hwmon: (coretemp) Enlarge per package core count limit + - scsi: lpfc: Use unsigned type for num_sge + - firewire: core: send bus reset promptly on gap count error + - virtio-blk: Ensure no requests in virtqueues before deleting vqs. + - [mips*] irqchip/mips-gic: Don't touch vl_map if a local interrupt is not + routable + - media: av7110: prevent underflow in write_ts_to_decoder() + - hvc/xen: prevent concurrent accesses to the shared ring + - [x86] uaccess: Implement macros for CMPXCHG on user addresses + - seccomp: Invalidate seccomp mode to catch death failures + - block: ataflop: fix breakage introduced at blk-mq refactoring + - [powerpc*] watchpoint: Workaround P10 DD1 issue with VSX-32 byte + instructions + - [powerpc*] watchpoints: Annotate atomic context in more places + - cifs: add a warning when the in-flight count goes negative + - mtd: spinand: macronix: Add support for MX35LFxGE4AD + - [x86] ASoC: Intel: boards: harden codec property handling + - [x86] ASoC: Intel: boards: get codec device with ACPI instead of bus + search + - [x86] ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after + use + - task_stack, x86/cea: Force-inline stack helpers + - btrfs: tree-checker: check for overlapping extent items + - btrfs: introduce btrfs_lookup_match_dir + - btrfs: unify lookup return value when dir entry is missing + - btrfs: do not pin logs too early during renames + - lan743x: fix for potential NULL pointer dereference with bare card + - [x86] platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 + x360 PC + - iwlwifi: mvm: do more useful queue sync accounting + - iwlwifi: mvm: write queue_sync_state only for sync + - jbd2: remove redundant buffer io error checks + - jbd2: recheck chechpointing non-dirty buffer + - jbd2: Fix wrongly judgement for buffer head removing while doing + checkpoint + - [x86] drop bogus "cc" clobber from __try_cmpxchg_user_asm() + - erofs: fix lz4 inplace decompression (CVE-2023-52497) + - [amd64] IB/hfi1: Fix sdma.h tx->num_descs off-by-one error + - [s390x] cio: fix invalid -EBUSY on ccw_device_start + - dm-crypt: don't modify the data when using authenticated encryption + - [arm64] KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler + - [arm64] KVM: arm64: vgic-its: Test for valid IRQ in + its_sync_lpi_pending_table() + - gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() + - PCI/MSI: Prevent MSI hardware interrupt number truncation + - l2tp: pass correct message length to ip6_append_data + - [x86] Revert "x86/ftrace: Use alternative RET encoding" + - [x86] text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR + - [x86] ibt,paravirt: Use text_gen_insn() for paravirt_patch() + - [x86] ftrace: Use alternative RET encoding + - [x86] returnthunk: Allow different return thunks + - [x86] Revert "x86/alternative: Make custom return thunk unconditional" + - [x86] alternative: Make custom return thunk unconditional + - usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs + - mptcp: fix lockless access in subflow ULP diag + - [amd64] IB/hfi1: Fix a memleak in init_credit_return + - RDMA/bnxt_re: Return error for SRQ resize + - RDMA/srpt: Support specifying the srpt_service_guid parameter + - RDMA/qedr: Fix qedr_create_user_qp error flow + - [arm64] dts: rockchip: set num-cs property for spi on px30 + - RDMA/srpt: fix function pointer cast warnings + - bpf, scripts: Correct GPL license name + - scsi: jazz_esp: Only build if SCSI core is builtin + - nouveau: fix function cast warnings + - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid + - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid + - afs: Increase buffer size in afs_update_volume_status() + - ipv6: sr: fix possible use-after-free and null-ptr-deref + - packet: move from strlcpy with unused retval to strscpy + - net: dev: Convert sa_data to flexible array in struct sockaddr + - [s390x] use the correct count for __iowrite64_copy() + - netfilter: nf_tables: set dormant flag on hook register failure + - drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 + - drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is + set + - drm/amd/display: Fix memory leak in dm_sw_fini() + - block: ataflop: more blk-mq refactoring fixes + - fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio + - arp: Prevent overflow in arp_req_get(). + - ext4: regenerate buddy after block freeing failed if under fc replay + (CVE-2024-26601) + https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.212 + - [x86] platform/x86: touchscreen_dmi: Allow partial (prefix) matches for + ACPI names + - crypto: virtio/akcipher - Fix stack overflow on memcpy + - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter + - net: ip_tunnel: prevent perpetual headroom growth + - tun: Fix xdp_rxq_info's queue_index when detaching + - ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() + - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is + detected + - net: usb: dm9601: fix wrong return value in dm9601_mdio_read + - Bluetooth: Avoid potential use-after-free in hci_error_reset + - Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR + - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST + - Bluetooth: Enforce validation on max value of connection interval + - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() + - rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back + - efi/capsule-loader: fix incorrect allocation size + - ALSA: Drop leftover snd-rtctimer stuff from Makefile + - afs: Fix endless loop in directory parsing + - tomoyo: fix UAF write bug in tomoyo_write_control() (CVE-2024-26622) + - gtp: fix use-after-free and null-ptr-deref in gtp_newlink() + - wifi: nl80211: reject iftype change with mesh ID change + - btrfs: dev-replace: properly validate device names + - [arm64] dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read + - [arm64] dmaengine: fsl-qdma: init irq after reg initialization + - mmc: core: Fix eMMC initialization with 1-bit bus connection + - [arm64] mmc: sdhci-xenon: add timeout for PHY init complete + - [arm64] mmc: sdhci-xenon: fix PHY init clock stability + - [arm64] pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation + - [x86] cpu/intel: Detect TME keyid bits before setting MTRR mask registers + - mptcp: fix possible deadlock in subflow diag + - ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() + - cachefiles: fix memory leak in cachefiles_add_cache() + - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super + (CVE-2024-0841) + - gpiolib: Fix the error path order in gpiochip_add_data_with_key() + - gpio: fix resource unwinding order in error path + - mptcp: fix double-free on socket dismantle + https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.213 + - [arm64,armhf] mmc: mmci: stm32: use a buffer for unaligned DMA requests + - [arm64,armhf] mmc: mmci: stm32: fix DMA API overlapping mappings warning + - lan78xx: Fix white space and style issues + - lan78xx: Add missing return code checks + - lan78xx: Fix partial packet errors on suspend/resume + - lan78xx: Fix race conditions in suspend/resume handling + - net: lan78xx: fix runtime PM count underflow on link stop + - ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able + - i40e: disable NAPI right after disabling irqs when handling xsk_pool + - tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string + - geneve: make sure to pull inner header in geneve_rx() + - net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() + - net/ipv6: avoid possible UAF in ip6_route_mpath_notify() + - cpumap: Zero-initialise xdp_rxq_info struct before running XDP program + - net/rds: fix WARNING in rds_conn_connect_if_down + - netfilter: nft_ct: fix l3num expectations with inet pseudo family + - netfilter: nf_conntrack_h323: Add protection for bmp length out of range + - netrom: Fix a data-race around sysctl_netrom_default_path_quality + - netrom: Fix a data-race around + sysctl_netrom_obsolescence_count_initialiser + - netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser + - netrom: Fix a data-race around sysctl_netrom_transport_timeout + - netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries + - netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay + - netrom: Fix a data-race around sysctl_netrom_transport_busy_delay + - netrom: Fix a data-race around + sysctl_netrom_transport_requested_window_size + - netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout + - netrom: Fix a data-race around sysctl_netrom_routing_control + - netrom: Fix a data-race around sysctl_netrom_link_fails_count + - netrom: Fix data-races around sysctl_net_busy_read + - xhci: remove extra loop in interrupt context + - xhci: prevent double-fetch of transfer and transfer event TRBs + - xhci: process isoc TD properly when there was a transaction error mid TD. + - xhci: handle isoc Babble and Buffer Overrun events properly + - net: Change sock_getsockopt() to take the sk ptr instead of the sock ptr + - bpf: net: Change sk_getsockopt() to take the sockptr_t argument + - lsm: make security_socket_getpeersec_stream() sockptr_t safe + - lsm: fix default return value of the socket_getpeersec_*() hooks + - ext4: make ext4_es_insert_extent() return void + - ext4: refactor ext4_da_map_blocks() + - ext4: convert to exclusive lock while inserting delalloc extents + - [x86] Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus + hardening + - [x86] hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus + hardening + - [x86] hv_netvsc: Wait for completion on request SWITCH_DATA_PATH + - [x86] hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove + - [x86] hv_netvsc: Make netvsc/VF binding check both MAC and serial number + - [x86] hv_netvsc: use netif_is_bond_master() instead of open code + - [x86] hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed + - mm/hugetlb: change hugetlb_reserve_pages() to type bool + - mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE + - getrusage: add the "signal_struct *sig" local variable + - getrusage: move thread_group_cputime_adjusted() outside of + lock_task_sighand() + - getrusage: use __for_each_thread() + - getrusage: use sig->stats_lock rather than lock_task_sighand() + - [x86] Drivers: hv: vmbus: Drop error message when 'No request id + available' + - regmap: allow to define reg_update_bits for no bus configuration + - regmap: Add bulk read/write callbacks into regmap_config + https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.214 + - io_uring/unix: drop usage of io_uring socket + - io_uring: drop any code related to SCM_RIGHTS + - rcu-tasks: Provide rcu_trace_implies_rcu_gp() + - bpf: Defer the free of inner map when necessary (CVE-2023-52447) + - ASoC: rt5645: Make LattePanda board DMI match more precise + - [x86] xen: Add some null pointer checking to smp.c + - [mips*] Clear Cause.BD in instruction_pointer_set + - HID: multitouch: Add required quirk for Synaptics 0xcddc device + - gen_compile_commands: fix invalid escape sequence warning + - RDMA/mlx5: Fix fortify source warning while accessing Eth segment + - RDMA/mlx5: Relax DEVX access upon modify commands + - [x86] mm: Move is_vsyscall_vaddr() into asm/vsyscall.h + - [x86] mm: Disallow vsyscall page read for copy_from_kernel_nofault() + - net/iucv: fix the allocation size of iucv_path_table array + - block: sed-opal: handle empty atoms when parsing response + - dm-verity, dm-crypt: align "struct bvec_iter" correctly + - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready + - Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security + (CVE-2024-22099) + - firewire: core: use long bus reset on gap count error + - [x86] ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 + tablet + - Input: gpio_keys_polled - suppress deferred probe error for gpio + - [x86] paravirt: Fix build due to __text_gen_insn() backport + - do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak + - nbd: null check for nla_nest_start + - fs/select: rework stack allocation hack for clang + - block: add a new set_read_only method + - md: implement ->set_read_only to hook into BLKROSET processing + - md: Don't clear MD_CLOSING when the raid is about to stop + - aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts + (CVE-2023-6270) + - timekeeping: Fix cross-timestamp interpolation on counter wrap + - timekeeping: Fix cross-timestamp interpolation corner case decision + - timekeeping: Fix cross-timestamp interpolation for non-x86 + - wifi: ath10k: fix NULL pointer dereference in + ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (CVE-2023-7042) + - wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled + - wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled + - wifi: b43: Stop correct queue in DMA worker when QoS is disabled + - wifi: b43: Disable QoS for bcm4331 + - wifi: wilc1000: fix declarations ordering + - wifi: wilc1000: fix RCU usage in connect path + - wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work + - wifi: wilc1000: fix multi-vif management when deleting a vif + - wifi: mwifiex: debugfs: Drop unnecessary error check for + debugfs_create_dir() + - cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value + - sock_diag: annotate data-races around sock_diag_handlers[family] + - inet_diag: annotate data-races around inet_diag_table[] + - bpftool: Silence build warning about calloc() + - af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc(). + - wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete + - wifi: iwlwifi: dbg-tlv: ensure NUL termination + - wifi: iwlwifi: fix EWRD table validity check + - net: blackhole_dev: fix build warning for ethh set but not used + - wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() + - bpf: Factor out bpf_spin_lock into helpers. + - bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly + - wireless: Remove redundant 'flush_workqueue()' calls + - wifi: wilc1000: prevent use-after-free on vif when cleaning up all + interfaces + - ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() + - [amd64] iommu/amd: Mark interrupt as managed + - wifi: brcmsmac: avoid function pointer casts + - net: ena: Remove ena_select_queue + - ACPI: scan: Fix device check notification handling + - [x86] relocs: Ignore relocations in .notes section (CVE-2024-26816) + - SUNRPC: fix some memleaks in gssx_dec_option_array + - mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the + .remove function + - wifi: rtw88: 8821c: Fix false alarm count + - PCI: Make pci_dev_is_disconnected() helper public for other drivers + - [amd64] iommu/vt-d: Don't issue ATS Invalidation request when device is + disconnected + - igb: move PEROUT and EXTTS isr logic to separate functions + - igb: Fix missing time sync events + - Bluetooth: Remove superfluous call to hci_conn_check_pending() + - Bluetooth: hci_core: Fix possible buffer overflow + - sr9800: Add check for usbnet_get_endpoints (CVE-2024-26651) + - bpf: Eliminate rlimit-based memory accounting for devmap maps + - bpf: Fix DEVMAP_HASH overflow check on 32-bit arches + - bpf: Fix hashtab overflow check on 32-bit arches + - bpf: Fix stackmap overflow check on 32-bit arches + - ipv6: fib6_rules: flush route cache when rule is changed + - net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() + - net: phy: fix phy_get_internal_delay accessing an empty array + - net: hns3: fix port duplex configure error in IMP reset + - net: phy: DP83822: enable rgmii mode if phy_interface_is_rgmii + - net: phy: dp83822: Fix RGMII TX delay configuration + - OPP: debugfs: Fix warning around icc_get_name() + - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() + function + - net/ipv4: Replace one-element array with flexible-array member + - net/ipv4: Revert use of struct_size() helper + - net/ipv4/ipv6: Replace one-element arraya with flexible-array members + - bpf: net: Change do_ip_getsockopt() to take the sockptr_t argument + - ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() + function + - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() + function + - udp: fix incorrect parameter validation in the udp_lib_getsockopt() + function + - net: kcm: fix incorrect parameter validation in the kcm_getsockopt) + function + - nfp: flower: handle acti_netdevs allocation failure + - dm raid: fix false positive for requeue needed during reshape + - dm: call the resume method on internal suspend + - [arm64,armhf] drm/tegra: dsi: Add missing check for of_find_device_by_node + - [arm64,armhf] drm/tegra: dsi: Make use of the helper function + dev_err_probe() + - [arm64,armhf] drm/tegra: dsi: Fix some error handling paths in + tegra_dsi_probe() + - [arm64,armhf] drm/tegra: dsi: Fix missing pm_runtime_disable() in the + error handling path of tegra_dsi_probe() + - [arm64,armhf] drm/tegra: output: Fix missing i2c_put_adapter() in the + error handling paths of tegra_output_probe() + - drm/rockchip: inno_hdmi: Fix video timing + - drm: Don't treat 0 as -1 in drm_fixp2int_ceil + - drm/rockchip: lvds: do not overwrite error code + - drm/rockchip: lvds: do not print scary message when probing defer + - drm/lima: fix a memleak in lima_heap_alloc + - dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA + - media: tc358743: register v4l2 async device only after successful setup + - PCI/DPC: Print all TLP Prefixes, not just the first + - perf record: Fix possible incorrect free in record__switch_output() + - HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd + - drm/amd/display: Fix a potential buffer overflow in + 'dp_dsc_clock_en_read()' + - drm/amd/display: Fix potential NULL pointer dereferences in + 'dcn10_set_output_transfer_func()' + - perf evsel: Fix duplicate initialization of data->id in + evsel__parse_sample() + - media: em28xx: annotate unchecked call to media_device_register() + - media: v4l2-tpg: fix some memleaks in tpg_alloc + - media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity + - media: edia: dvbdev: fix a use-after-free + - pinctrl: mediatek: Drop bogus slew rate register range for MT8192 + - [arm64] clk: qcom: reset: Commonize the de/assert functions + - [arm64] clk: qcom: reset: Ensure write completion on reset de/assertion + - quota: simplify drop_dquot_ref() + - quota: Fix potential NULL pointer dereference + - quota: Fix rcu annotations of inode dquot pointers + - PCI: switchtec: Fix an error handling path in switchtec_pci_probe() + - crypto: xilinx - call finalize with bh disabled + - perf thread_map: Free strlist on normal path in + thread_map__new_by_tid_str() + - drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() + - ALSA: seq: fix function cast warnings + - perf stat: Avoid metric-only segv + - media: sun8i-di: Fix coefficient writes + - media: sun8i-di: Fix power on/off sequences + - media: sun8i-di: Fix chroma difference threshold + - media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak + - media: go7007: add check of return value of go7007_read_addr() + - media: pvrusb2: remove redundant NULL check + - media: pvrusb2: fix pvr2_stream_callback casts + - PCI: Mark 3ware-9650SE Root Port Extended Tags as broken + - [arm64] clk: hisilicon: hi3519: Release the correct number of gates in + hi3519_clk_unregister() + - [arm64,armhf] drm/tegra: put drm_gem_object ref on error in + tegra_fb_create + - mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref + - mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes + a ref + - crypto: arm/sha - fix function cast warnings + - drm/tidss: Fix initial plane zpos values + - mtd: maps: physmap-core: fix flash size larger than 32-bit + - mtd: rawnand: lpc32xx_mlc: fix irq handler prototype + - drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() + - media: pvrusb2: fix uaf in pvr2_context_set_notify + - media: dvb-frontends: avoid stack overflow warnings with clang + - media: go7007: fix a memleak in go7007_load_encoder + - media: ttpci: fix two memleaks in budget_av_attach + - media: mediatek: vcodec: avoid -Wcast-function-type-strict warning + - powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks + - [arm64] drm/msm/dpu: add division of drm_display_mode's hskew parameter + - [powerpc*] embedded6xx: Fix no previous prototype for avr_uart_send() etc. + - leds: aw2013: Unlock mutex before destroying it + - leds: sgm3140: Add missing timer cleanup and flash gpio control + - backlight: lm3630a: Initialize backlight_properties on init + - backlight: lm3630a: Don't set bl->props.brightness in get_brightness + - backlight: da9052: Fully initialize backlight_properties during probe + - backlight: lm3639: Fully initialize backlight_properties during probe + - backlight: lp8788: Fully initialize backlight_properties during probe + - clk: Fix clk_core_get NULL dereference + - ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops + - ALSA: usb-audio: Stop parsing channels bits when all channels are found. + - RDMA/srpt: Do not register event handler until srpt device is fully setup + - f2fs: compress: fix to check unreleased compressed cluster + - scsi: csiostor: Avoid function pointer casts + - RDMA/device: Fix a race between mad_client and cm_client init + - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn + - net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() + - NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 + - NFSv4.2: fix listxattr maximum XDR buffer size + - watchdog: stm32_iwdg: initialize default timeout + - NFS: Fix an off by one in root_nfs_cat() + - afs: Revert "afs: Hide silly-rename files from userspace" + - [armhf] remoteproc: stm32: Constify st_rproc_ops + - [armhf] remoteproc: Add new get_loaded_rsc_table() to rproc_ops + - [armhf] remoteproc: stm32: Move resource table setup to rproc_ops + - [armhf] remoteproc: stm32: use correct format strings on 64-bit + - [armhf] remoteproc: stm32: Fix incorrect type in assignment for va + - [armhf] remoteproc: stm32: Fix incorrect type assignment returned by + stm32_rproc_get_loaded_rsc_tablef + - tty: vt: fix 20 vs 0x20 typo in EScsiignore + - serial: max310x: fix syntax error in IRQ error message + - tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT + - kconfig: fix infinite loop when expanding a macro at the end of file + - rtc: mt6397: select IRQ_DOMAIN instead of depending on it + - serial: 8250_exar: Don't remove GPIO device on suspend + - staging: greybus: fix get_channel_from_mode() failure path + - usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin + - io_uring: don't save/restore iowait state + - [s390x] vtime: fix average steal time calculation + - soc: fsl: dpio: fix kcalloc() argument order + - hsr: Fix uninit-value access in hsr_get_node() + - packet: annotate data-races around ignore_outgoing + - net: dsa: mt7530: prevent possible incorrect XTAL frequency selection + - wireguard: receive: annotate data-race around receiving_counter.counter + - rds: introduce acquire/release ordering in acquire/release_in_xmit() + - hsr: Handle failures in module init + - net/bnx2x: Prevent access to a freed page in page_pool + - netfilter: nft_set_pipapo: release elements in clone only from destroy + path (CVE-2024-26809) + - scsi: fc: Update formal FPIN descriptor definitions + - netfilter: nf_tables: do not compare internal table flags on updates + - rcu: add a helper to report consolidated flavor QS + - bpf: report RCU QS in cpumap kthread + - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler + - regmap: Add missing map->bus check + - [armhf] remoteproc: stm32: fix phys_addr_t format string + https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.215 + - amdkfd: use calloc instead of kzalloc to avoid integer overflow + (CVE-2024-26817) + - Documentation/hw-vuln: Update spectre doc + - [x86] cpu: Support AMD Automatic IBRS + - [x86] bugs: Use sysfs_emit() + - timers: Update kernel-doc for various functions + - timers: Use del_timer_sync() even on UP + - timers: Rename del_timer_sync() to timer_delete_sync() + - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach + (CVE-2023-47233) + - [armhf] dts: marvell: Fix maxium->maxim typo in brownstone dts + - [x86] drm/vmwgfx: stop using ttm_bo_create v2 + - [x86] drm/vmwgfx: switch over to the new pin interface v2 + - [x86] drm/vmwgfx/vmwgfx_cmdbuf_res: Remove unused variable 'ret' + - [x86] drm/vmwgfx: Fix some static checker warnings + - [x86] drm/vmwgfx: Fix possible null pointer derefence with invalid + contexts + - media: xc4000: Fix atomicity violation in xc4000_get_frequency + (CVE-2024-24861) + - KVM: Always flush async #PF workqueue when vCPU is being destroyed + - [x86] crypto: qat - fix double free during reset + - [x86] crypto: qat - resolve race condition during AER recovery + - ext4: correct best extent lstart adjustment logic + - block: introduce zone_write_granularity limit + - block: Clear zone limits for a non-zoned stacked queue + - bounds: support non-power-of-two CONFIG_NR_CPUS + - fat: fix uninitialized field in nostale filehandles + - ubifs: Set page uptodate in the correct place + - ubi: Check for too small LEB size in VTBL code + - ubi: correct the calculation of fastmap size + - mtd: rawnand: meson: fix scrambling mode value in command macro + - PM: suspend: Set mem_sleep_current during kernel command line setup + - [powerpc*] fsl: Fix mfpmr build errors with newer binutils + - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB + - USB: serial: add device ID for VeriFone adapter + - USB: serial: cp210x: add ID for MGP Instruments PDS100 + - USB: serial: option: add MeiG Smart SLM320 product + - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M + - PM: sleep: wakeirq: fix wake irq warning in system suspend + - mmc: tmio: avoid concurrent runs of mmc_request_done() + - fuse: fix root lookup with nonzero generation + - fuse: don't unhash root + - usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros + - printk/console: Split out code that enables default console + - serial: Lock console when calling into driver before registration + - btrfs: fix off-by-one chunk length calculation at + contains_pending_extent() + - PCI: Drop pci_device_remove() test of pci_dev->driver + - PCI/PM: Drain runtime-idle callbacks before driver removal + - PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() + - PCI: Cache PCIe Device Capabilities register + - PCI: Work around Intel I210 ROM BAR overlap defect + - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited + - PCI/DPC: Quirk PIO log size for certain Intel Root Ports + - PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports + - Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" + - dm-raid: fix lockdep waring in "pers->hot_add_disk" + - mac802154: fix llsec key resources release in mac802154_llsec_key_del + - mm: swap: fix race between free_swap_and_cache() and swapoff() + - mmc: core: Fix switch on gp3 partition + - [armhf] drm/etnaviv: Restore some id values + - hwmon: (amc6821) add of_match table + - ext4: fix corruption during on-line resize + - nvmem: meson-efuse: fix function pointer type mismatch + - slimbus: core: Remove usage of the deprecated ida_simple_xx() API + - [arm64,armhf] phy: tegra: xusb: Add API to retrieve the port number of phy + - usb: gadget: tegra-xudc: Use dev_err_probe() + - usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic + - speakup: Fix 8bit characters from direct synth + - PCI/ERR: Clear AER status only when we control AER + - PCI/AER: Block runtime suspend when handling errors + - nfs: fix UAF in direct writes + - kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 + - PCI: dwc: endpoint: Fix advertised resizable BAR size + - vfio/platform: Disable virqfds on cleanup + - ring-buffer: Fix waking up ring buffer readers + - ring-buffer: Do not set shortest_full when full target is hit + - ring-buffer: Fix resetting of shortest_full + - ring-buffer: Fix full_waiters_pending in poll + - [s390x] zcrypt: fix reference counting on zcrypt card objects + - drm/panel: do not return negative error codes from drm_panel_get_modes() + - [armhf] drm/exynos: do not return negative values from .get_modes() + - drm/imx/ipuv3: do not return negative values from .get_modes() + - drm/vc4: hdmi: do not return negative values from .get_modes() + - nilfs2: fix failure to detect DAT corruption in btree and direct mappings + - nilfs2: prevent kernel bug at submit_bh_wbc() + - cpufreq: dt: always allocate zeroed cpumask + - [x86] CPU/AMD: Update the Zenbleed microcode revisions + - net: hns3: tracing: fix hclgevf trace event strings + - wireguard: netlink: check for dangling peer via is_dead instead of empty + list + - wireguard: netlink: access device through ctx instead of peer + - ahci: asm1064: correct count of reported ports + - ahci: asm1064: asm1166: don't limit reported ports + - drm/amd/display: Return the correct HDCP error code + - drm/amd/display: Fix noise issue on HDMI AV mute + - dm snapshot: fix lockup in dm_exception_table_exit + - vxge: remove unnecessary cast in kfree() + - [x86] stackprotector/32: Make the canary into a regular percpu variable + - [x86] pm: Work around false positive kmemleak report in + msr_build_context() + - scripts: kernel-doc: Fix syntax error due to undeclared args variable + (Closes: #1064035) + - comedi: comedi_test: Prevent timers rescheduling during deletion + - cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's + return value" + - netfilter: nf_tables: mark set as dead when unbinding anonymous set with + timeout (CVE-2024-26643) + - netfilter: nf_tables: disallow anonymous set with timeout flag + (CVE-2024-26642) + - netfilter: nf_tables: reject constant set with timeout + - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of + memory + - xfrm: Avoid clang fortify warning in copy_to_user_tmpl() + - [x86] KVM: SVM: Flush pages under kvm->lock to fix UAF in + svm_register_enc_region() + - ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo + ALC897 platform + - USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command + - usb: gadget: ncm: Fix handling of zero block length packets + - usb: port: Don't try to peer unused USB ports based on location + - tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled + - mei: me: add arrow lake point S DID + - mei: me: add arrow lake point H DID + - vt: fix unicode buffer corruption when deleting characters + - fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion + - tee: optee: Fix kernel panic caused by incorrect error handling + - xen/events: close evtchn after mapping cleanup (CVE-2024-26687) + - printk: Update @console_may_schedule in console_trylock_spinning() + - btrfs: allocate btrfs_ioctl_defrag_range_args on stack + - [x86] asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix + - [x86] bugs: Add asm helpers for executing VERW + - [x86] entry_64: Add VERW just before userspace transition + - [x86] entry_32: Add VERW just before userspace transition + - [x86] bugs: Use ALTERNATIVE() instead of mds_user_clear static key + - [x86] KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH + - [x86] KVM/VMX: Move VERW closer to VMentry for MDS mitigation + - [x86] Mitigate Register File Data Sampling (RFDS) vulnerability + (CVE-2023-28746): + + [x86] mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set + + Documentation/hw-vuln: Add documentation for RFDS + + [x86] rfds: Mitigate Register File Data Sampling (RFDS) + + [x86] KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests + - perf/core: Fix reentry problem in perf_output_read_group() + - efivarfs: Request at most 512 bytes for variable names + - [powerpc*] xor_vmx: Add '-mhard-float' to CFLAGS + - serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO + (CVE-2023-52488) + - mm/memory-failure: fix an incorrect use of tail pages + - mm/migrate: set swap entry values of THP tail pages properly. + - init: open /initrd.image with O_LARGEFILE + - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes + - exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() + - mmc: core: Initialize mmc_blk_ioc_data + - mmc: core: Avoid negative index with array access + - net: ll_temac: platform_get_resource replaced by wrong function + - usb: cdc-wdm: close race between read and workqueue + - ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs + (CVE-2024-26654) + - scsi: core: Fix unremoved procfs host directory regression + - [arm*] staging: vc04_services: changen strncpy() to strscpy_pad() + - [arm*] staging: vc04_services: fix information leak in create_component() + - USB: core: Add hub_get() and hub_put() routines + - [arm*] usb: dwc2: host: Fix remote wakeup from hibernation + - [arm*] usb: dwc2: host: Fix hibernation flow + - [arm*] usb: dwc2: host: Fix ISOC flow in DDMA mode + - [arm*] usb: dwc2: gadget: LPM flow fix + - usb: udc: remove warning when queue disabled ep + - usb: typec: ucsi: Ack unsupported commands + - usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset + - scsi: qla2xxx: Split FCE|EFT trace control + - scsi: qla2xxx: Fix command flush on cable pull + - scsi: qla2xxx: Delay I/O Abort on PCI error + - [x86] cpu: Enable STIBP on AMD if Automatic IBRS is enabled + - PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports + - scsi: lpfc: Correct size for wqe for memset() + - USB: core: Fix deadlock in usb_deauthorize_interface() + - nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet + - ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() + - tcp: properly terminate timers for kernel sockets + - ACPICA: debugger: check status of acpi_evaluate_object() in + acpi_db_walk_for_fields() + - bpf: Protect against int overflow for stack access size + - dm integrity: fix out-of-range warning + - r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d + - [x86] cpufeatures: Add new word for scattered features + - Bluetooth: hci_event: set the conn encrypted before conn establishes + - Bluetooth: Fix TOCTOU in HCI debugfs implementation (CVE-2024-24857, + CVE-2024-24858) + - netfilter: nf_tables: disallow timeout for anonymous sets (CVE-2023-52620) + - net/rds: fix possible cp null dereference + - vfio/pci: Disable auto-enable of exclusive INTx IRQ (CVE-2024-27437) + - vfio/pci: Lock external INTx masking ops (CVE-2024-26810) + - vfio: Introduce interface to flush virqfd inject workqueue + - vfio/pci: Create persistent INTx handler (CVE-2024-26812) + - vfio/platform: Create persistent IRQ handlers (CVE-2024-26813) + - vfio/fsl-mc: Block calling interrupt handler without trigger + (CVE-2024-26814) + - io_uring: ensure '0' is returned on file registration success + - Revert "x86/mm/ident_map: Use gbpages only where full GB page should be + mapped." + - mm, vmscan: prevent infinite loop for costly GFP_NOIO | + __GFP_RETRY_MAYFAIL allocations + - [x86] srso: Add SRSO mitigation for Hygon processors (CVE-2023-52482) + - block: add check that partition length needs to be aligned with block size + (CVE-2023-52458) + - netfilter: nf_tables: reject new basechain after table flag update + - netfilter: nf_tables: flush pending destroy work before exit_net release + - netfilter: nf_tables: Fix potential data-race in + __nft_flowtable_type_get() + - netfilter: validate user input for expected length + - vboxsf: Avoid an spurious warning if load_nls_xxx() fails + - bpf, sockmap: Prevent lock inversion deadlock in map delete elem + - net/sched: act_skbmod: prevent kernel-infoleak + - net: stmmac: fix rx queue priority assignment + - erspan: make sure erspan_base_hdr is present in skb->head + - ipv6: Fix infinite recursion in fib6_dump_done(). + - udp: do not transition UDP GRO fraglist partial checksums to unnecessary + - i40e: fix i40e_count_filters() to count only active/new filters + - i40e: fix vf may be used uninitialized in this function warning + - scsi: qla2xxx: Update manufacturer details + - scsi: qla2xxx: Update manufacturer detail + - Revert "usb: phy: generic: Get the vbus supply" + - udp: do not accept non-tunnel GSO skbs landing in a tunnel + - net: ravb: Always process TX descriptor ring + - [arm64] dts: qcom: sc7180: Remove clock for bluetooth on Trogdor + - [arm64] dts: qcom: sc7180-trogdor: mark bluetooth address as broken + - ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw + - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit + - scsi: mylex: Fix sysfs buffer lengths + - ata: sata_mv: Fix PCI device ID table declaration compilation warning + - ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with + microphone + - driver core: Introduce device_link_wait_removal() + - of: dynamic: Synchronize of_changeset_destroy() with the devlink removals + - [x86] mce: Make sure to grab mce_sysfs_mutex in set_bank() + - [s390x] entry: align system call table on 8 bytes + - [x86] bugs: Fix the SRSO mitigation on Zen3/4 + - [x86] retpoline: Do the necessary fixup to the Zen3/4 srso return thunk + for !SRSO + - mptcp: don't account accept() of non-MPC client as fallback to TCP + - [x86] cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined + word + - objtool: Add asm version of STACK_FRAME_NON_STANDARD + - wifi: ath9k: fix LNA selection in ath_ant_try_scan() + - VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() + - panic: Flush kernel log buffer at the end + - [arm64] dts: rockchip: fix rk3328 hdmi ports node + - [arm64] dts: rockchip: fix rk3399 hdmi ports node + - ionic: set adminq irq affinity + - pstore/zone: Add a null pointer check to the psz_kmsg_read + - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() + - btrfs: export: handle invalid inode or root reference in + btrfs_get_parent() + - btrfs: send: handle path ref underflow in header iterate_inode_ref() + - net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() + - Bluetooth: btintel: Fix null ptr deref in btintel_read_version + - Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails + - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs + - sysv: don't call sb_bread() with pointers_lock held + - scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() + - isofs: handle CDs with bad root inode but good Joliet root directory + - media: sta2x11: fix irq handler cast + - ext4: add a hint for block bitmap corrupt state in mb_groups + - ext4: forbid commit inconsistent quota data when errors=remount-ro + - drm/amd/display: Fix nanosec stat overflow + - SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to + unsigned int + - Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" + - libperf evlist: Avoid out-of-bounds access + - block: prevent division by zero in blk_rq_stat_sum() + - RDMA/cm: add timeout to cm_destroy_id wait + - Input: allocate keycode for Display refresh rate toggle + - [x86] platform/x86: touchscreen_dmi: Add an extra entry for a variant of + the Chuwi Vi8 tablet + - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent + environment + - tools: iio: replace seekdir() in iio_generic_buffer + - usb: typec: tcpci: add generic tcpci fallback compatible + - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined + - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 + - drivers/nvme: Add quirks for device 126f:2262 + - fbmon: prevent division by zero in fb_videomode_from_videomode() + - netfilter: nf_tables: release batch on table validation from abort path + - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path + (CVE-2024-26925) + - netfilter: nf_tables: discard table flag update with pending basechain + deletion + - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc + - virtio: reenable config if freezing device failed + - [x86] mm/pat: fix VM_PAT handling in COW mappings + - [x86] drm/i915/gt: Reset queue_priority_hint on parking + - Bluetooth: btintel: Fixe build regression + - [x86] VMCI: Fix possible memcpy() run-time warning in + vmci_datagram_invoke_guest_handler() + - kbuild: dummy-tools: adjust to stricter stackprotector check + - scsi: sd: Fix wrong zone_write_granularity value during revalidate + - [x86] retpoline: Add NOENDBR annotation to the SRSO dummy return thunk + - [x86] head/64: Re-enable stack protection + https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.216 + - batman-adv: Avoid infinite loop trying to resize local TT + - Bluetooth: Fix memory leak in hci_req_sync_complete() + - media: cec: core: remove length check of Timer Status + - nouveau: fix function cast warning + - net: openvswitch: fix unwanted error log on timeout policy probing + - u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one + file + - xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING + - geneve: fix header validation in geneve[6]_xmit_skb + - ipv6: fib: hide unused 'pn' variable + - ipv4/route: avoid unused-but-set-variable warning + - ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr + - Bluetooth: SCO: Fix not validating setsockopt user input + - netfilter: complete validation of user input + - net/mlx5: Properly link new fs rules into the tree + - af_unix: Do not use atomic ops for unix_sk(sk)->inflight. + - af_unix: Fix garbage collector racing against connect() (CVE-2024-26923) + - net: ena: Fix potential sign extension issue + - net: ena: Wrong missing IO completions check order + - net: ena: Fix incorrect descriptor free behavior + - [amd64] iommu/vt-d: Allocate local memory for page request queue + - [arm64] mailbox: imx: fix suspend failue + - btrfs: qgroup: correctly model root qgroup rsv in convert + - drm/client: Fully protect modes[] with dev->mode_config.mutex + - vhost: Add smp_rmb() in vhost_vq_avail_empty() + - [x86] cpu: Actually turn off mitigations by default for + SPECULATION_MITIGATIONS=n + - [x86] apic: Force native_apic_mem_read() to use the MOV instruction + - irqflags: Explicitly ignore lockdep_hrtimer_exit() argument + - btrfs: record delayed inode root in transaction + - kprobes: Fix possible use-after-free issue on kprobe registration + - Revert "tracing/trigger: Fix to return error if failed to alloc snapshot" + - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() + (CVE-2024-27020) + - netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924) + - tun: limit printing rate when illegal packet received by tun dev + (CVE-2024-27013) + - RDMA/rxe: Fix the problem "mutex_destroy missing" + - RDMA/cm: Print the old state when cm_destroy_id gets timeout + - RDMA/mlx5: Fix port number for counter query in multi-port configuration + - drm: nv04: Fix out of bounds access (CVE-2024-27008) + - drm/panel: visionox-rm69299: don't unregister DSI device + - clk: Remove prepare_lock hold assertion in __clk_release() + - clk: Mark 'all_lists' as const + - clk: remove extra empty line + - clk: Print an info line before disabling unused clocks + - clk: Initialize struct clk_core kref earlier + - clk: Get runtime PM before walking tree during disable_unused + (CVE-2024-27004) + - [x86] cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ + - [arm*] binder: check offset alignment in binder_get_object() + (CVE-2024-26926) + - [x86] thunderbolt: Avoid notify PM core about runtime PM resume + - [x86] thunderbolt: Fix wake configurations after device unplug + - [x86] comedi: vmk80xx: fix incomplete endpoint checking (CVE-2024-27001) + - USB: serial: option: add Fibocom FM135-GL variants + - USB: serial: option: add support for Fibocom FM650/FG650 + - USB: serial: option: add Lonsung U8300/U9300 product + - USB: serial: option: support Quectel EM060K sub-models + - USB: serial: option: add Rolling RW101-GL and RW135-GL support + - USB: serial: option: add Telit FN920C04 rmnet compositions + - Revert "usb: cdc-wdm: close race between read and workqueue" + - usb: dwc2: host: Fix dereference issue in DDMA completion flow. + (CVE-2024-26997) + - usb: Disable USB3 LPM at shutdown + - mei: me: disable RPL-S on SPS and IGN firmwares + - speakup: Avoid crash on very long word (CVE-2024-26994) + - fs: sysfs: Fix reference leak in sysfs_break_active_protection() + (CVE-2024-26993) + - init/main.c: Fix potential static_command_line memory overflow + (CVE-2024-26988) + - drm/amdgpu: validate the parameters of bo mapping operations more clearly + (CVE-2024-26922) + - nouveau: fix instmem race condition around ptr stores (CVE-2024-26984) + - nilfs2: fix OOB in nilfs_set_de_type (CVE-2024-26981) + - wifi: iwlwifi: mvm: remove old PASN station when adding a new one + - vxlan: drop packets from invalid src-address + - ipv4: check for NULL idev in ip_route_use_hint() + - net: usb: ax88179_178a: stop lying about skb->truesize + - net: gtp: Fix Use-After-Free in gtp_dellink + - ipvs: Fix checksumming on GSO of SCTP packets + - net: openvswitch: Fix Use-After-Free in ovs_ct_exit + - netfilter: nf_tables: honor table dormant flag from netdev release event + path + - i40e: Do not use WQ_MEM_RECLAIM flag for workqueue + - i40e: Report MFS in decimal base instead of hex + - iavf: Fix TC config comparison with existing adapter TC config + - net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets + - af_unix: Suppress false-positive lockdep splat for spin_lock() in + __unix_gc(). + - serial: core: Provide port lock wrappers + - Revert "crypto: api - Disallow identical driver names" + - net/mlx5e: Fix a race in command alloc flow + - tracing: Show size of requested perf buffer + - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker + together + - PM / devfreq: Fix buffer overflow in trans_stat_show (CVE-2023-52614) + - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() + - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 + - btrfs: fix information leak in btrfs_ioctl_logical_to_ino() + - cpu: Re-enable CPU mitigations by default for !X86 architectures + - drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 + - drm/amdgpu: Fix leak when GPU memory allocation fails + - irqchip/gic-v3-its: Prevent double free on error + - ethernet: Add helper for assigning packet type when dest address does not + match device address + - net: b44: set pause params only when interface is up + - stackdepot: respect __GFP_NOLOCKDEP allocation flag + - mtd: diskonchip: work around ubsan link failure + - tcp: Clean up kernel listener's reqsk in inet_twsk_purge() + - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() + - [x86] idma64: Don't try to serve interrupts when device is powered off + - i2c: smbus: fix NULL function pointer dereference + - HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up + - bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS + - udp: preserve the connected status if only UDP cmsg + - serial: core: fix kernel-doc for uart_port_unlock_irqrestore() + + [ Salvatore Bonaccorso ] + * Bump ABI to 29 + * [rt] Refresh "sched/vtime: Consolidate IRQ time accounting" + * [rt] Update to 5.10.215-rt107 + * [rt] Refresh "u64_stats: Disable preemption on 32bit-UP/SMP with RT during + updates" + * drivers/tty: Disable N_GSM + * tipc: fix UAF in error path + * tipc: fix a possible memleak in tipc_buf_append + + -- Salvatore Bonaccorso <carnil@debian.org> Fri, 03 May 2024 14:40:24 +0200 + linux (5.10.209-2progress6u1) fuchur; urgency=medium * Initial reupload to fuchur. |