-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 22 Nov 2024 23:27:23 +0100 Source: linux Binary: bpftool bpftool-dbgsym hyperv-daemons hyperv-daemons-dbgsym libcpupower-dev libcpupower1 libcpupower1-dbgsym linux-compiler-gcc-12-x86 linux-config-6.1 linux-cpupower linux-cpupower-dbgsym linux-headers-6.1.0-28-686 linux-headers-6.1.0-28-686-pae linux-headers-6.1.0-28-rt-686-pae linux-image-6.1.0-28-686-dbg linux-image-6.1.0-28-686-pae-dbg linux-image-6.1.0-28-686-pae-unsigned linux-image-6.1.0-28-686-unsigned linux-image-6.1.0-28-rt-686-pae-dbg linux-image-6.1.0-28-rt-686-pae-unsigned linux-image-686-dbg linux-image-686-pae-dbg linux-image-i386-signed-template linux-image-rt-686-pae-dbg linux-kbuild-6.1 linux-kbuild-6.1-dbgsym linux-libc-dev linux-perf linux-perf-dbgsym rtla usbip usbip-dbgsym Architecture: i386 Version: 6.1.119-1 Distribution: bookworm-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) Changed-By: Salvatore Bonaccorso Description: bpftool - Inspection and simple manipulation of BPF programs and maps hyperv-daemons - Support daemons for Linux running on Hyper-V libcpupower-dev - CPU frequency and voltage scaling tools for Linux (development fi libcpupower1 - CPU frequency and voltage scaling tools for Linux (libraries) linux-compiler-gcc-12-x86 - Compiler for Linux on x86 (meta-package) linux-config-6.1 - Debian kernel configurations for Linux 6.1 linux-cpupower - CPU power management tools for Linux linux-headers-6.1.0-28-686 - Header files for Linux 6.1.0-28-686 linux-headers-6.1.0-28-686-pae - Header files for Linux 6.1.0-28-686-pae linux-headers-6.1.0-28-rt-686-pae - Header files for Linux 6.1.0-28-rt-686-pae linux-image-6.1.0-28-686-dbg - Debug symbols for linux-image-6.1.0-28-686 linux-image-6.1.0-28-686-pae-dbg - Debug symbols for linux-image-6.1.0-28-686-pae linux-image-6.1.0-28-686-pae-unsigned - Linux 6.1 for modern PCs linux-image-6.1.0-28-686-unsigned - Linux 6.1 for older PCs linux-image-6.1.0-28-rt-686-pae-dbg - Debug symbols for linux-image-6.1.0-28-rt-686-pae linux-image-6.1.0-28-rt-686-pae-unsigned - Linux 6.1 for modern PCs, PREEMPT_RT linux-image-686-dbg - Debugging symbols for Linux 686 configuration (meta-package) linux-image-686-pae-dbg - Debugging symbols for Linux 686-pae configuration (meta-package) linux-image-i386-signed-template - Template for signed linux-image packages for i386 linux-image-rt-686-pae-dbg - Debugging symbols for Linux rt-686-pae configuration (meta-packag linux-kbuild-6.1 - Kbuild infrastructure for Linux 6.1 linux-libc-dev - Linux support headers for userspace development linux-perf - Performance analysis tools for Linux rtla - Real-Time Linux Analysis tools usbip - USB device sharing system over IP network Closes: 1062421 1085762 1086447 1087602 Changes: linux (6.1.119-1) bookworm-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.116 - cpufreq: Generalize of_perf_domain_get_sharing_cpumask phandle format - cpufreq: Avoid a bad reference count on CPU node (CVE-2024-50012) - mm: remove kern_addr_valid() completely - fs/proc/kcore: avoid bounce buffer for ktext data - fs/proc/kcore: convert read_kcore() to read_kcore_iter() - fs/proc/kcore: reinstate bounce buffer for KCORE_TEXT regions - fs/proc/kcore.c: allow translation of physical memory addresses - cgroup: Fix potential overflow issue when checking max_depth - wifi: iwlegacy: Fix "field-spanning write" warning in il_enqueue_hcmd() (Closes: #1062421) - mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING - wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys - wifi: ath11k: Fix invalid ring usage in full monitor mode - wifi: brcm80211: BRCM_TRACING should depend on TRACING - RDMA/cxgb4: Dump vendor specific QP details - RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down - RDMA/bnxt_re: synchronize the qp-handle table array - wifi: iwlwifi: mvm: disconnect station vifs if recovery failed - wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (CVE-2024-53059) - [armel,armhf] ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() - macsec: Fix use-after-free while sending the offloading packet (CVE-2024-50261) - net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (CVE-2024-53058) - ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() (CVE-2024-53042) - gtp: allow -1 to be specified as file description from userspace - net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (CVE-2024-53057) - netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (CVE-2024-50259) - bpf: Fix out-of-bounds write in trie_get_next_key() (CVE-2024-50262) - netfilter: Fix use-after-free in get_info() (CVE-2024-50257) - netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (CVE-2024-50256) - Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (CVE-2024-50255) - net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension - netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (CVE-2024-50251) - iomap: convert iomap_unshare_iter to use large folios - iomap: improve shared block detection in iomap_unshare_iter - iomap: don't bother unsharing delalloc extents - iomap: share iomap_unshare_iter predicate code with fsdax - fsdax: remove zeroing code from dax_unshare_iter - fsdax: dax_unshare_iter needs to copy entire blocks (CVE-2024-50250) - iomap: turn iomap_want_unshare_iter into an inline function - compiler-gcc: be consistent with underscores use for `no_sanitize` - compiler-gcc: remove attribute support check for `__no_sanitize_address__` - afs: Automatically generate trace tag enums - afs: Fix missing subdir edit when renamed between parent dirs - ACPI: CPPC: Make rmw_lock a raw_spin_lock (CVE-2024-50249) - fs/ntfs3: Check if more than chunk-size bytes are written (CVE-2024-50247) - fs/ntfs3: Fix warning possible deadlock in ntfs_set_state - fs/ntfs3: Stale inode instead of bad - fs/ntfs3: Fix possible deadlock in mi_read (CVE-2024-50245) - fs/ntfs3: Additional check in ni_clear() (CVE-2024-50244) - scsi: scsi_transport_fc: Allow setting rport state to current state - net: amd: mvme147: Fix probe banner message - NFS: remove revoked delegation from server's delegation list - misc: sgi-gru: Don't disable preemption in GRU driver - usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler - usb: gadget: dummy_hcd: Set transfer interval to 1 microframe - usb: gadget: dummy_hcd: execute hrtimer callback in softirq context - USB: gadget: dummy-hcd: Fix "task hung" problem - ALSA: usb-audio: Add quirks for Dell WD19 dock - usbip: tools: Fix detach_port() invalid port error path - usb: phy: Fix API devm_usb_put_phy() can not release the phy - usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() - xhci: Fix Link TRB DMA in command ring stopped completion event - xhci: Use pm_runtime_get to prevent RPM on unsupported systems - Revert "driver core: Fix uevent_show() vs driver detach race" - wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (CVE-2024-50237) - wifi: ath10k: Fix memory leak in management tx (CVE-2024-50236) - wifi: cfg80211: clear wdev->cqm_config pointer on free (CVE-2024-50235) - wifi: iwlegacy: Clear stale interrupts before resuming device (CVE-2024-50234) - iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (CVE-2024-50232) - iio: light: veml6030: fix microlux value calculation - nilfs2: fix potential deadlock with newly created symlinks (CVE-2024-50229) - block: fix sanity checks in blk_rq_map_user_bvec - cgroup/bpf: use a dedicated workqueue for cgroup bpf destruction (CVE-2024-53054) - ALSA: hda/realtek: Limit internal Mic boost on Dell platform - cxl/acpi: Move rescan to the workqueue - cxl/port: Fix cxl_bus_rescan() vs bus_rescan_devices() - mm/page_alloc: rename ALLOC_HIGH to ALLOC_MIN_RESERVE - mm/page_alloc: treat RT tasks similar to __GFP_HIGH - mm/page_alloc: explicitly record high-order atomic allocations in alloc_flags - mm/page_alloc: explicitly define what alloc flags deplete min reserves - mm/page_alloc: explicitly define how __GFP_HIGH non-blocking allocations accesses reserves - mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves - ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (CVE-2024-50218) - mctp i2c: handle NULL header address (CVE-2024-53043) - ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 - nvmet-auth: assign dh_key to NULL after kfree_sensitive (CVE-2024-50215) - io_uring: rename kiocb_end_write() local helper - fs: create kiocb_{start,end}_write() helpers - io_uring: use kiocb_{start,end}_write() helpers - io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (CVE-2024-53052) - mm: migrate: try again if THP split is failed due to page refcnt - migrate: convert unmap_and_move() to use folios - migrate: convert migrate_pages() to use folios - mm/migrate.c: stop using 0 as NULL pointer - migrate_pages: organize stats with struct migrate_pages_stats - migrate_pages: separate hugetlb folios migration - migrate_pages: restrict number of pages to migrate in batch - migrate_pages: split unmap_and_move() to _unmap() and _move() - vmscan,migrate: fix page count imbalance on node stats when demoting pages - io_uring: always lock __io_cqring_overflow_flush (Closes: #1087602) - [x86] bugs: Use code segment selector for VERW operand (CVE-2024-50072) - wifi: mac80211: fix NULL dereference at band check in starting tx ba session (CVE-2024-43911) - nilfs2: fix kernel bug due to missing clearing of checked flag (CVE-2024-50230) - wifi: iwlwifi: mvm: fix 6 GHz scan construction (CVE-2024-53055) - mm: shmem: fix data-race in shmem_getattr() (CVE-2024-50228) - mtd: spi-nor: winbond: fix w25q128 regression - drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing (CVE-2024-43904) - drm/amd/display: Skip on writeback when it's not applicable (CVE-2024-36914) - vt: prevent kernel-infoleak in con_font_get() - mm: avoid gcc complaint about pointer casting - migrate_pages_batch: fix statistics for longterm pin retry https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.117 - [arm64] dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610 - [arm64] dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator - [arm64] dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 - [arm64] dts: rockchip: Fix wakeup prop names on PineNote BT node - [arm64] dts: rockchip: Fix bluetooth properties on Rock960 boards - [arm64] dts: rockchip: Remove #cooling-cells from fan on Theobroma lion - [arm64] dts: rockchip: Fix LED triggers on rk3308-roc-cc - [arm64] dts: imx8qm: Fix VPU core alias name - [arm64] dts: imx8qxp: Add VPU subsystem file - [arm64] dts: imx8-ss-vpu: Fix imx8qm VPU IRQs - [arm64] dts: imx8mp: correct sdhc ipg clk - [armhf] ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin - HID: core: zero-initialize the report buffer (CVE-2024-50302) - [x86] platform/x86/amd/pmc: Detect when STB is not available (CVE-2024-53072) - sunrpc: handle -ENOTCONN in xs_tcp_setup_socket() - NFSv3: only use NFS timeout for MOUNT when protocols are compatible - NFSv3: handle out-of-order write replies. - nfs: avoid i_lock contention in nfs_clear_invalid_mapping - security/keys: fix slab-out-of-bounds in key_task_permission (CVE-2024-50301) - [arm64] net: enetc: set MAC address to the VF net_device - sctp: properly validate chunk size in sctp_sf_ootb() (CVE-2024-50299) - can: c_can: fix {rx,tx}_errors statistics - ice: change q_index variable type to s16 to store -1 value - i40e: fix race condition by adding filter's intermediate sync state (CVE-2024-53088) - [arm64] net: hns3: fix kernel crash when uninstalling driver (CVE-2024-50296) - net: phy: ti: add PHY_RST_AFTER_CLK_EN flag - net: stmmac: Fix unbalanced IRQ wake disable warning on single irq case - virtio_net: Add hash_key_length check (CVE-2024-53082) - Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown" - media: stb0899_algo: initialize cfr before using it - media: dvbdev: prevent the risk of out of memory access (CVE-2024-53063) - media: dvb_frontend: don't play tricks with underflow values - media: adv7604: prevent underflow condition when reporting colorspace - scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer - ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() - [armhf] ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove - media: ar0521: don't overflow when checking PLL values (CVE-2024-53081) - media: s5p-jpeg: prevent buffer overflows (CVE-2024-53061) - media: cx24116: prevent overflows on SNR calculus (CVE-2024-50290) - media: pulse8-cec: fix data timestamp at pulse8_setup() - media: v4l2-tpg: prevent the risk of a division by zero (CVE-2024-50287) - media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() - can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation - can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when switching CAN modes - ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create (CVE-2024-50286) - ksmbd: Fix the missing xa_store error check (CVE-2024-50284) - ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp (CVE-2024-50283) - pwm: imx-tpm: Use correct MODULO value for EPWM mode - drm/amdgpu: Adjust debugfs eviction and IB access permissions - drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (CVE-2024-50282) - drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (CVE-2024-53060) - thermal/drivers/qcom/lmh: Remove false lockdep backtrace - dm cache: correct the number of origin blocks to match the target length - dm cache: fix flushing uninitialized delayed_work on cache_ctr error (CVE-2024-50280) - dm cache: fix out-of-bounds access to the dirty bitset when resizing (CVE-2024-50279) - dm cache: optimize dirty bit checking with find_next_bit when resizing - dm cache: fix potential out-of-bounds access on the first resume (CVE-2024-50278) - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow - ALSA: usb-audio: Add quirk for HP 320 FHD Webcam - ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 - posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone - nfs: Fix KMSAN warning in decode_getfattr_attrs() (CVE-2024-53066) - net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc() - net: vertexcom: mse102x: Fix possible double free of TX skb (CVE-2024-50276) - mptcp: use sock_kfree_s instead of kfree - btrfs: reinitialize delayed ref list after deleting it from the list (CVE-2024-50273) - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540) - Revert "wifi: mac80211: fix RCU list iterations" - net: do not delay dst_entries_add() in dst_release() (CVE-2024-50036) - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format - filemap: Fix bounds checking in filemap_read() (CVE-2024-50272) - fs/proc: fix compile warning about variable 'vmcore_mmap_ops' - signal: restore the override_rlimit logic (CVE-2024-50271) - usb: musb: sunxi: Fix accessing an released usb phy (CVE-2024-50269) - usb: dwc3: fix fault at system suspend if device was already runtime suspended - usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() - USB: serial: io_edgeport: fix use after free in debug printk (CVE-2024-50267) - USB: serial: qcserial: add support for Sierra Wireless EM86xx - USB: serial: option: add Fibocom FG132 0x0112 composition - USB: serial: option: add Quectel RG650V - irqchip/gic-v3: Force propagation of the active state with a read-back - ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() - ucounts: fix counter leak in inc_rlimit_get_ucounts() - [x86] ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022 - net: sched: use RCU read-side critical section in taprio_dump() (CVE-2024-50126) - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans - media: amphion: Fix VPU core alias name https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.118 - Revert "Bluetooth: fix use-after-free in accessing skb after sending it" - Revert "Bluetooth: hci_sync: Fix overwriting request callback" - Revert "Bluetooth: af_bluetooth: Fix deadlock" - Revert "Bluetooth: hci_core: Fix possible buffer overflow" - Revert "Bluetooth: hci_conn: Consolidate code for aborting connections" (Closes: #1086447) - 9p: Avoid creating multiple slab caches with the same name - nvme: tcp: avoid race between queue_lock lock and destroy - block: Fix elevator_get_default() checking for NULL q->tag_set - HID: multitouch: Add support for B2402FVA track point - HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad - nvme: disable CC.CRIME (NVME_CC_CRIME) - bpf: use kvzmalloc to allocate BPF verifier environment - crypto: api - Fix liveliness check in crypto_alg_tested - [arm*] crypto: marvell/cesa - Disable hash algorithms - sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML - drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS - nvme-multipath: defer partition scanning (CVE-2024-53093) - [powerpc*] powernv: Free name on error in opal_event_init() - nvme: make keep-alive synchronous operation - bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 - fs: Fix uninitialized value issue in from_kuid and from_kgid - HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad - HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard - net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition - md/raid10: improve code of mrdev in raid10_sync_request - io_uring: fix possible deadlock in io_register_iowq_max_workers() (CVE-2024-41080) - uprobes: encapsulate preparation of uprobe args buffer - uprobe: avoid out-of-bounds memory access of fetching args (CVE-2024-50067) - drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (CVE-2024-49991) - ext4: fix timer use-after-free on failed mount (CVE-2024-49960) - Bluetooth: L2CAP: Fix uaf in l2cap_connect (CVE-2024-49950) - mm: krealloc: Fix MTE false alarm in __do_krealloc - [x86] platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors (CVE-2024-49986) - fs/ntfs3: Fix general protection fault in run_is_mapped_full (CVE-2024-50243) - 9p: fix slab cache name creation for real https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.119 - netlink: terminate outstanding dump on socket close - [arm64,armhf] drm/rockchip: vop: Fix a dereferenced before check warning - mptcp: error out earlier on disconnect - net/mlx5: fs, lock FTE when checking if active - net/mlx5e: kTLS, Fix incorrect page refcounting - net/mlx5e: CT: Fix null-ptr-deref in add rule err flow - virtio/vsock: Fix accept_queue memory leak - Bluetooth: hci_event: Remove code to removed CONFIG_BT_HS - Bluetooth: hci_core: Fix calling mgmt_device_connected - net/sched: cls_u32: replace int refcounts with proper refcounts - net: sched: cls_u32: Fix u32's systematic failure to free IDR entries for hnodes. - bonding: add ns target multicast address to slave device - [armel,armhf] 9419/1: mm: Fix kernel memory mapping for xip kernels - [x86] mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y - mm: fix NULL pointer dereference in alloc_pages_bulk_noprof - ocfs2: uncache inode which has failed entering the group - vdpa/mlx5: Fix PA offset with unaligned starting iotlb map - ima: fix buffer overrun in ima_eventdigest_init_common - [x86] KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled - [x86] KVM: x86: Unconditionally set irr_pending when updating APICv state - [x86] KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN - nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint - ALSA: hda/realtek - Fixed Clevo platform headset Mic issue - ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 - ocfs2: fix UBSAN warning in ocfs2_verify_volume() - nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint - Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" - mmc: sunxi-mmc: Fix A100 compatible description - drm/bridge: tc358768: Fix DSI command tx - drm/amd: Fix initialization mistake for NBIO 7.7.0 - staging: vchiq_arm: Get the rid off struct vchiq_2835_state - staging: vchiq_arm: Use devm_kzalloc() for vchiq_arm_state allocation - fs/ntfs3: Additional check in ntfs_file_release (CVE-2024-50242) - Bluetooth: ISO: Fix not validating setsockopt user input (CVE-2024-35964) - lib/buildid: Fix build ID parsing logic - cxl/pci: fix error code in __cxl_hdm_decode_init() - media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set - NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point - NFSD: Async COPY result needs to return a write verifier - NFSD: Limit the number of concurrent async COPY operations (CVE-2024-49974) - NFSD: Initialize struct nfsd4_copy earlier - NFSD: Never decrement pending_async_copies on error - mptcp: cope racing subflow creation in mptcp_rcv_space_adjust - mptcp: define more local variables sk - mptcp: add userspace_pm_lookup_addr_by_id helper - mptcp: update local address flags when setting it - mptcp: hold pm lock when deleting entry - mptcp: drop lookup_by_id in lookup_addr - mptcp: pm: use _rcu variant under rcu_read_lock - ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() (CVE-2024-26954) - ksmbd: fix potencial out-of-bounds when buffer offset is invalid (CVE-2024-26952) - net: add copy_safe_from_sockptr() helper - nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies - fs/9p: fix uninitialized values during inode evict (CVE-2024-36923) - ipvs: properly dereference pe in ip_vs_add_service (CVE-2024-42322) - net/sched: taprio: extend minimum interval restriction to entire cycle too (CVE-2024-36244) - net: fec: remove .ndo_poll_controller to avoid deadlocks (CVE-2024-38553) - mm: revert "mm: shmem: fix data-race in shmem_getattr()" - mm: avoid unsafe VMA hook invocation when error arises on mmap hook - mm: unconditionally close VMAs on error - mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling - mm: resolve faulty mmap_region() error path behaviour - drm/amd: check num of link levels when update pcie param (CVE-2023-52812) - char: xillybus: Prevent use-after-free due to race condition (CVE-2022-45888) - null_blk: Remove usage of the deprecated ida_simple_xx() API - null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (CVE-2024-36478) - null_blk: Fix return value of nullb_device_power_store() - parisc: fix a possible DMA corruption (CVE-2024-44949) - char: xillybus: Fix trivial bug with mutex - net: Make copy_safe_from_sockptr() match documentation . [ Salvatore Bonaccorso ] * Bump ABI to 28 * [x86] Revert "x86: Increase brk randomness entropy for 64-bit systems" (Closes: #1085762) Checksums-Sha1: 34aa79db116dc6d14dd2539cd95e89ea53affcaa 759888 bpftool-dbgsym_7.1.0+6.1.119-1_i386.deb 27918417fcc818801ca06fac888b62e783a14bda 1200044 bpftool_7.1.0+6.1.119-1_i386.deb eefb1dc711be19d83a5087fabd5e708f438deb3c 45388 hyperv-daemons-dbgsym_6.1.119-1_i386.deb c6b38b45bde36056bc6514a6ea6098bed66c5bbb 945468 hyperv-daemons_6.1.119-1_i386.deb 7f4ae33337faa32cd1b7d52896565f80ffb7689a 929636 libcpupower-dev_6.1.119-1_i386.deb e766ccd80f816e23773782c377ab1c7de32c53e7 22332 libcpupower1-dbgsym_6.1.119-1_i386.deb a7377e95b3f35d3327034f99e8349f529777b4e3 936296 libcpupower1_6.1.119-1_i386.deb c9251e9102604bd7ccb3859e8a257f44ebc94d54 927704 linux-compiler-gcc-12-x86_6.1.119-1_i386.deb e923527adf40875d069260af637e27f54bf963f9 1087700 linux-config-6.1_6.1.119-1_i386.deb 9e2ce5eebc2b773bc0b6123a293b890af3b8c0c2 191172 linux-cpupower-dbgsym_6.1.119-1_i386.deb 83cbba829f246fcb48a7670163b97c3b9c399f46 1045540 linux-cpupower_6.1.119-1_i386.deb ad538a8c5427c935eb5532def8937e8d58fc905d 1448460 linux-headers-6.1.0-28-686-pae_6.1.119-1_i386.deb c65d2f93ea7020336e61b284259f615f9b642bd1 1449416 linux-headers-6.1.0-28-686_6.1.119-1_i386.deb d23a696d76276efa74b888c6d834af7109100ea3 1448616 linux-headers-6.1.0-28-rt-686-pae_6.1.119-1_i386.deb 2a8679f3ef7407649098e5c9fa1bd9fe958e4d70 759224316 linux-image-6.1.0-28-686-dbg_6.1.119-1_i386.deb 9987b56c5bfc9cf9914a3a231fb8976f0dedefa4 761796336 linux-image-6.1.0-28-686-pae-dbg_6.1.119-1_i386.deb 69b9280a3692be4d9d34e15e6a21beb4f9021a34 49615960 linux-image-6.1.0-28-686-pae-unsigned_6.1.119-1_i386.deb 8c73c77913a81f9afed88af8846762b96f3e202a 49388832 linux-image-6.1.0-28-686-unsigned_6.1.119-1_i386.deb 85e444849009f0e6e1777d5ee2778c2995fbbd6b 767950264 linux-image-6.1.0-28-rt-686-pae-dbg_6.1.119-1_i386.deb eac77540c959aa87020d90b806023a19bb035832 49753120 linux-image-6.1.0-28-rt-686-pae-unsigned_6.1.119-1_i386.deb e4699c1f2fde36f2044cd20efee321894e44463b 1308 linux-image-686-dbg_6.1.119-1_i386.deb 59b1e847381eb346e1c6697ee8662cd27b1ef52c 1312 linux-image-686-pae-dbg_6.1.119-1_i386.deb 1703639819422a5cad7a3656e35256274744a9af 1677120 linux-image-i386-signed-template_6.1.119-1_i386.deb 8b48b882c438bde653ccb651c990a2a7bcb98e2e 1320 linux-image-rt-686-pae-dbg_6.1.119-1_i386.deb 2b143fc27245b68028b807458658f3cd7b98ceaa 976704 linux-kbuild-6.1-dbgsym_6.1.119-1_i386.deb 91fa8cb442fb7375a427f51acd1596b64ad4c888 1195336 linux-kbuild-6.1_6.1.119-1_i386.deb ee3841d9d574740cfc2a02778c2d05a1c0b268f4 2074440 linux-libc-dev_6.1.119-1_i386.deb 6a6b8233cf181016b98873d93205b08810e51e9b 7632500 linux-perf-dbgsym_6.1.119-1_i386.deb 0e7ae612889781bb8ce7d4f2ed16191c419bcfa1 3047980 linux-perf_6.1.119-1_i386.deb b092414327a5830320dc963236195fb8d4495bc2 19119 linux_6.1.119-1_i386-buildd.buildinfo 1a35eb9a9000ac0907dd88f91edd15a9888d1ef1 967344 rtla_6.1.119-1_i386.deb 007bec2cc04fcdc46601ed90e1f456d62330a0d3 137808 usbip-dbgsym_2.0+6.1.119-1_i386.deb bd849dfe6370d3f7d3631e808b5269f64b902a6d 966948 usbip_2.0+6.1.119-1_i386.deb Checksums-Sha256: 7618be0df9de7cb8c263e2a3cb937474e91c4fb2d2eb979245f5e7d370a1c052 759888 bpftool-dbgsym_7.1.0+6.1.119-1_i386.deb 6f9c9d4a58f874b4fccd0b3348981ea07c528fa615e3310dd613df6c6b6e383b 1200044 bpftool_7.1.0+6.1.119-1_i386.deb a6a7d62850845bf89aba892644356642166e901989b0add6be9c9021b9754681 45388 hyperv-daemons-dbgsym_6.1.119-1_i386.deb 8d699be366884b46827ae9eebf0c057dbea519b68ea3a5d8bc77fdeff348859b 945468 hyperv-daemons_6.1.119-1_i386.deb 02a8855e6243d6edda374a9357370c047faf4c05ab3312516f0de6804f185032 929636 libcpupower-dev_6.1.119-1_i386.deb 49e3bd0064d6a0ee1bdd18a1d1054e44c483c89dd18686f95f1111e21c889529 22332 libcpupower1-dbgsym_6.1.119-1_i386.deb b8209739b83fe4ae5e07cf595d1592bb5b7884a5967066049ae38444eae81df1 936296 libcpupower1_6.1.119-1_i386.deb 8b0e87a3536e0a26b9aab8c54cbe2eb4fe657f9e3d5f57f63a47fc2b36f4a0a5 927704 linux-compiler-gcc-12-x86_6.1.119-1_i386.deb 1f6991ad6f6fb273bd3dec88fea27fa03e40c0a1eecc1743f61fc324b2938b44 1087700 linux-config-6.1_6.1.119-1_i386.deb 63df583dde64f9ac317a59e2ee3cb89c0856c1edc8d19bb6ae17ba384a379a48 191172 linux-cpupower-dbgsym_6.1.119-1_i386.deb 792102402731aea5075206fecca170de6e05c66fab26e366d0068545fe32969c 1045540 linux-cpupower_6.1.119-1_i386.deb def589d2d3a24a66cc8a886457233d907b04fe18f8c36eb96f60851f5056af4e 1448460 linux-headers-6.1.0-28-686-pae_6.1.119-1_i386.deb 183e97eafa2c9d832d6b8bfec315a38a0e113844091b2471e15d91c5d238ba84 1449416 linux-headers-6.1.0-28-686_6.1.119-1_i386.deb 0b936663c76296b2a7eb414e66a9760d36e46f144c2624160dc9bd38a5c1ccff 1448616 linux-headers-6.1.0-28-rt-686-pae_6.1.119-1_i386.deb 95fb3cb5826cd5da6a9fecdc63f90fdaae6da87393d2ccae486dde3f820d1845 759224316 linux-image-6.1.0-28-686-dbg_6.1.119-1_i386.deb ca757ece18e1cfa7794bd0f4ee313f9dd712babecfad1fa7ad763c3105f263c8 761796336 linux-image-6.1.0-28-686-pae-dbg_6.1.119-1_i386.deb 035a2b536b951393ee48248b207d67e87ad8c4d2d7914f986fc104b2dc7db5d4 49615960 linux-image-6.1.0-28-686-pae-unsigned_6.1.119-1_i386.deb 451f35e481fd9c49a879cf74c33525d407b76b83018877f7a193ee0866bc9171 49388832 linux-image-6.1.0-28-686-unsigned_6.1.119-1_i386.deb 5c1afb313ad8d2bdf2fb61ca158397086c27ff4887649023c1c77f6e7e8d4174 767950264 linux-image-6.1.0-28-rt-686-pae-dbg_6.1.119-1_i386.deb 4d1fc34015c0aa36d2183cd1c27f84f95939206fdeb2ddd76e83f89f6e52c111 49753120 linux-image-6.1.0-28-rt-686-pae-unsigned_6.1.119-1_i386.deb 590c2c45e339de767eec42313c8275d99083f973daff80745de489a615e22884 1308 linux-image-686-dbg_6.1.119-1_i386.deb 0bba6b1ea366e9fbece27511f61dab5a0832e1631819b41ba1dfd6391bd7fe1b 1312 linux-image-686-pae-dbg_6.1.119-1_i386.deb f4ba143723c13c11c437c643d37fca0be4a2c14c6d052efa3dcffbd52a36708a 1677120 linux-image-i386-signed-template_6.1.119-1_i386.deb 8a69c00f7fc2a0250f0afae036e5e2b6f73b68b98c0c79a2a2f1114b00c00d36 1320 linux-image-rt-686-pae-dbg_6.1.119-1_i386.deb 8c9ab2afd64420ab553955dd45a17b1e742b950558dc962b7942d52b658c9606 976704 linux-kbuild-6.1-dbgsym_6.1.119-1_i386.deb adf0a3e13ecaf921b85d7b9ff8e56bddec880f148bc865e340d07ee86052043e 1195336 linux-kbuild-6.1_6.1.119-1_i386.deb 4a66783b8859b45da9fb46b56a1fd9ae2d31173df4f3511a5344b9d204284b0b 2074440 linux-libc-dev_6.1.119-1_i386.deb 0f9b4726f45399cc2bcb381d0ffab12f26a4170658bd4f0efd412f3024ed40be 7632500 linux-perf-dbgsym_6.1.119-1_i386.deb 5fc0a796c06309355cf04d4aa24a3e3052d2856d82b843d2173304b8b805aeff 3047980 linux-perf_6.1.119-1_i386.deb 2925b028d18de33ed03068412fd1a4ec785de16d1b3f9224475e74f6a9549a41 19119 linux_6.1.119-1_i386-buildd.buildinfo 5f7fd98da64b2179fa9e3588dc8ee5a7d1f786c7cae9c5f62b4a8c4ba2b812f5 967344 rtla_6.1.119-1_i386.deb 933b4830b2be05852c703746b245363e989ac6075a955d2882944ecceef20695 137808 usbip-dbgsym_2.0+6.1.119-1_i386.deb 9e6ce579704fa344c6d1ab27d35bdf5311174f6337d66805b5a33d122f1f3e94 966948 usbip_2.0+6.1.119-1_i386.deb Files: 27e4ff348f8e3d7ea1a2fe0bcf215e9b 759888 debug optional bpftool-dbgsym_7.1.0+6.1.119-1_i386.deb 4f71cf351aca40498333795786cdcc91 1200044 devel optional bpftool_7.1.0+6.1.119-1_i386.deb 521129bb5507424665f4fadb0df674c1 45388 debug optional hyperv-daemons-dbgsym_6.1.119-1_i386.deb d4a20f4eda564fad036490cbe1f0329d 945468 admin optional hyperv-daemons_6.1.119-1_i386.deb 1d1e9c9ee546551ff3fb3bd9bce3d01e 929636 libdevel optional libcpupower-dev_6.1.119-1_i386.deb cd2f4414743bc890197d21ba7f880d1b 22332 debug optional libcpupower1-dbgsym_6.1.119-1_i386.deb c3d132b05e1ff5775f6c93c3ff6d3c79 936296 libs optional libcpupower1_6.1.119-1_i386.deb 7d4ae9e6d481b920ac4a71a204562f44 927704 kernel optional linux-compiler-gcc-12-x86_6.1.119-1_i386.deb 0d7bd11ea792746e8a9becf07a4294eb 1087700 kernel optional linux-config-6.1_6.1.119-1_i386.deb b8b81f7375f954ae8296681e51518faa 191172 debug optional linux-cpupower-dbgsym_6.1.119-1_i386.deb f092a8979aaa324723c65c62a9eb3583 1045540 admin optional linux-cpupower_6.1.119-1_i386.deb 5d4d22ba7a7a19bee81ffc795df4f5ee 1448460 kernel optional linux-headers-6.1.0-28-686-pae_6.1.119-1_i386.deb 2c28b21b873461b867b86c63b8308d46 1449416 kernel optional linux-headers-6.1.0-28-686_6.1.119-1_i386.deb 549b769e33b8b65125522d4485a2b4c9 1448616 kernel optional linux-headers-6.1.0-28-rt-686-pae_6.1.119-1_i386.deb 4dcc2588a2ec5e5f4568270b3f25b431 759224316 debug optional linux-image-6.1.0-28-686-dbg_6.1.119-1_i386.deb 518fe16802c85e68161aa980f742d765 761796336 debug optional linux-image-6.1.0-28-686-pae-dbg_6.1.119-1_i386.deb bf269819f12f7f1da5892e852b377cab 49615960 kernel optional linux-image-6.1.0-28-686-pae-unsigned_6.1.119-1_i386.deb 1b813dbf4180cd54ed7529125a1f708d 49388832 kernel optional linux-image-6.1.0-28-686-unsigned_6.1.119-1_i386.deb bc4fb380679bdf7c0b2a662bba6a51ed 767950264 debug optional linux-image-6.1.0-28-rt-686-pae-dbg_6.1.119-1_i386.deb b995d18f21baf4c79543a0172792f9b4 49753120 kernel optional linux-image-6.1.0-28-rt-686-pae-unsigned_6.1.119-1_i386.deb f9b5bfae84b76a45389a76788b799df6 1308 kernel optional linux-image-686-dbg_6.1.119-1_i386.deb 07eb9be4735851f01b7cbe881a1a9be0 1312 kernel optional linux-image-686-pae-dbg_6.1.119-1_i386.deb a9630194a86ada163bf17ac29da5c699 1677120 kernel optional linux-image-i386-signed-template_6.1.119-1_i386.deb 406c7cace04d2ceaefd859f06b0c4041 1320 kernel optional linux-image-rt-686-pae-dbg_6.1.119-1_i386.deb 931280695ae8cdbdb4bdfdde03a288be 976704 debug optional linux-kbuild-6.1-dbgsym_6.1.119-1_i386.deb 569404f1607a4baaacff8a2b07d1185f 1195336 kernel optional linux-kbuild-6.1_6.1.119-1_i386.deb 1f3c0993bfe0e2c4b8fcc4a38a87525c 2074440 devel optional linux-libc-dev_6.1.119-1_i386.deb 8dc0e744f7e5843c7deebb6661ceefcd 7632500 debug optional linux-perf-dbgsym_6.1.119-1_i386.deb f80d485472c9af23e3e910c44c8a97ff 3047980 devel optional linux-perf_6.1.119-1_i386.deb da61ba771c7761ec4384d40574efedc0 19119 kernel optional linux_6.1.119-1_i386-buildd.buildinfo 1f1e1f1f05419c98d0bbeb251a1286da 967344 devel optional rtla_6.1.119-1_i386.deb f781c17dfce56d1dbafb36977e7d0bab 137808 debug optional usbip-dbgsym_2.0+6.1.119-1_i386.deb 915b56cc04f8d745e2efe5c4667ff87a 966948 admin optional usbip_2.0+6.1.119-1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEGBeuno8wiDXCewDuqqLQG5ksqMMFAmdBo5YACgkQqqLQG5ks qMNCdg/+N4Bo5LuNFInqRLx3asySRQw2k4OeNF/9OMLXuOLZJfe47OYWfdYZ0JUc 4RI84NI9p9JXe/m2PuzbQhM/ui7k9utS/NvkPJGEMb5ASfECNrer0/mG4pE6tZhx Hra596JtHCL+72KS+4a4vyLt2iDG2HNkwNw6uuhqlND0mk4tzpjXA08725FN/WIy npgpeoieRTGBVeG4jacDGi0dGh+hxU5lqnrHIQNlFBNnyHtzdCWmOqJ10zMhiqFr gXC5VofFBcth6sq6SgrNjkIkx8XbR0Thlhffzh40uv7NNnAQyFVrqVVhEtGatu33 jHZ8H4lLSxXZFD7gp5pThD09BPi7Vym60bA49EkhJ1cKKXEuoAK8lTEy1Byf6j49 8YMn1MXJgb5dBg4CCSsV3GTiz7FT/wFN2Vqz1iHvxnPQ6fWxIkWkaJEH76gHnrbi PLBFuFft2K5tLG4v96vr/e8iClkVicjGFbX8XwAuMYSfdaq3RKissAhUs7+vc0mJ W5e4YWIxKAj2IQt+aEG5mpSq3dcXuKtACSA+4fy35dAipzjANfYomerS7AkQJA4A oW0Hyyd3PP2rl+0v32BP+GSiYL4w9Vn5mq2gzEELh1W8VgLalTwopmC+YnFnGSF7 jDMuSrKkDanN3sXlyXoIU+hVO/0jKWCbTDc1tHI4kvcfSTxPeYc= =g6F1 -----END PGP SIGNATURE-----