-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 07 Feb 2025 10:43:47 +0100 Source: linux Binary: linux-doc linux-doc-6.1 linux-headers-6.1.0-31-common linux-headers-6.1.0-31-common-rt linux-source linux-source-6.1 linux-support-6.1.0-31 Architecture: all Version: 6.1.128-1 Distribution: bookworm-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) Changed-By: Salvatore Bonaccorso Description: linux-doc - Linux kernel specific documentation (meta-package) linux-doc-6.1 - Linux kernel specific documentation for version 6.1 linux-headers-6.1.0-31-common - Common header files for Linux 6.1.0-31 linux-headers-6.1.0-31-common-rt - Common header files for Linux 6.1.0-31-rt linux-source - Linux kernel source (meta-package) linux-source-6.1 - Linux kernel source for version 6.1 with Debian patches linux-support-6.1.0-31 - Support files for Linux 6.1 Closes: 1093243 1094766 Changes: linux (6.1.128-1) bookworm-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.125 - ceph: give up on paths longer than PATH_MAX (CVE-2024-53685) - bpf, sockmap: Fix race between element replace and close() (CVE-2024-56664) - sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers (CVE-2024-53128) - jbd2: increase IO priority for writing revoke records - jbd2: flush filesystem device before updating tail sequence - dm array: fix releasing a faulty array block twice in dm_array_cursor_end - dm array: fix unreleased btree blocks on closing a faulty array cursor - dm array: fix cursor index when skipping across block boundaries - exfat: fix the infinite loop in exfat_readdir() - exfat: fix the infinite loop in __exfat_free_cluster() - scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and transitivity - net: 802: LLC+SNAP OID:PID lookup on start of skb data - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog - tcp/dccp: allow a connection when sk_max_ack_backlog is zero - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute - bnxt_en: Fix possible memory leak when hwrm_req_replace fails - cxgb4: Avoid removal of uninserted tid - ice: fix incorrect PHY settings for 100 GB/s - tls: Fix tls_sw_sendmsg error handling - Bluetooth: hci_sync: Fix not setting Random Address when required - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset - netfilter: nf_tables: imbalance in flowtable binding - netfilter: conntrack: clamp maximum hashtable size to INT_MAX - sched: sch_cake: add bounds checks to host bulk flow fairness counts - net/mlx5: Fix variable not being completed when function returns - ksmbd: fix a missing return value check bug - afs: Fix the maximum cell name length - ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked - dm thin: make get_first_thin use rcu-safe list first function - dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy - sctp: sysctl: rto_min/max: avoid using current->nsproxy - sctp: sysctl: auth_enable: avoid using current->nsproxy - sctp: sysctl: udp_port: avoid using current->nsproxy - sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy - drm/amd/display: Add check for granularity in dml ceil/floor helpers - thermal: of: fix OF node leak in of_thermal_zone_find() - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] - drm/amd/display: increase MAX_SURFACES to the value supported by hw - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) - bpf: Add MEM_WRITE attribute - bpf: Fix overloading of MEM_UNINIT's meaning (CVE-2024-50164) - USB: serial: option: add MeiG Smart SRM815 - USB: serial: option: add Neoway N723-EA support - usb-storage: Add max sectors quirk for Nokia 208 - USB: serial: cp210x: add Phoenix Contact UPS Device - usb: dwc3: gadget: fix writing NYET threshold - topology: Keep the cpumask unchanged when printing cpumap - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null - usb: dwc3-am62: Disable autosuspend during remove - USB: usblp: return error when setting unsupported protocol - USB: core: Disable LPM only for non-suspended ports - usb: fix reference leak in usb_new_device() - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind - iio: light: vcnl4035: fix information leak in triggered buffer - iio: imu: kmx61: fix information leak in triggered buffer - iio: gyro: fxas21002c: Fix missing data update in trigger handler - iio: inkern: call iio_device_put() only on mapped devices - io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() - of/address: Add support for 3 address cell bus - of: address: Fix address translation when address-size is greater than 2 - of: address: Remove duplicated functions - of: address: Store number of bus flag cells rather than bool - of: address: Preserve the flags portion on 1:1 dma-ranges mapping - ocfs2: correct return value of ocfs2_local_free_info() - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (CVE-2024-57892) - drm: bridge: adv7511: use dev_err_probe in probe function - drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (CVE-2024-57887) - xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.126 - Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.127 - [arm64,armhf] net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() - bpf: Fix bpf_sk_select_reuseport() memory leak - openvswitch: fix lockup on tx to unregistering netdev with carrier - pktgen: Avoid out-of-bounds access in get_imix_entries - net: add exit_batch_rtnl() method - gtp: use exit_batch_rtnl() method - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp(). - gtp: Destroy device along with udp socket's netns dismantle. - nfp: bpf: prevent integer overflow in nfp_bpf_event_output() - net/mlx5: Fix RDMA TX steering prio - net/mlx5: Clear port select structure when fail to create - [arm64] drm/v3d: Ensure job pointer is set to NULL after job completion - hwmon: (tmp513) Fix division of negative numbers - Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data" - i2c: mux: demux-pinctrl: check initial mux selection, too - i2c: rcar: fix NACK handling when being a target - nvmet: propagate npwg topology - mac802154: check local interfaces before deleting sdata list - hfs: Sanity check the root record - fs: fix missing declaration of init_files - kheaders: Ignore silly-rename files - cachefiles: Parse the "secctx" immediately - scsi: ufs: core: Honor runtime/system PM levels if set by host controller drivers - ACPI: resource: acpi_dev_irq_override(): Check DMI match last - iomap: avoid avoid truncating 64-bit offset to 32 bits - poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() - [x86] asm: Make serialize() always_inline - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA - zram: fix potential UAF of zram table - mptcp: be sure to send ack when mptcp-level window re-opens - net: ethernet: xgbe: re-add aneg to supported features in PHY quirks - vsock/virtio: discard packets if the transport changes - vsock/virtio: cancel close work in the destructor - vsock: reset socket state when de-assigning the transport - vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] - filemap: avoid truncating 64-bit offset to 32 bits - fs/proc: fix softlockup in __read_vmcore (part 2) - gpiolib: cdev: Fix use after free in lineinfo_changed_notify (CVE-2024-36899) - [arm64] pmdomain: imx8mp-blk-ctrl: add missing loop break condition - irqchip: Plug a OF node reference leak in platform_irqchip_probe() - irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly - irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() - hrtimers: Handle CPU state correctly on hotplug - [x86] drm/i915/fb: Relax clear color alignment to 64 bytes - Revert "PCI: Use preserve_config in place of pci_flags" - iio: imu: inv_icm42600: fix spi burst write not supported - iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on - [arm64,armhf] iio: adc: rockchip_saradc: fix information leak in triggered buffer (CVE-2024-57907) - drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' (CVE-2024-56608) - drm/amdgpu: fix usage slab after free (CVE-2024-56551) - block: fix uaf for flush rq while iterating tags (CVE-2024-53170) - Revert "drm/amdgpu: rework resume handling for display (v2)" (Closes: #1094766) - RDMA/rxe: Fix the qp flush warnings in req (CVE-2024-53229) - scsi: sg: Fix slab-use-after-free read in sg_release() (CVE-2024-56631) - Revert "regmap: detach regmap from dev on regmap_exit" - wifi: ath10k: avoid NULL pointer error during sdio remove (CVE-2024-56599) - erofs: tidy up EROFS on-disk naming - erofs: handle NONHEAD !delta[1] lclusters gracefully - nfsd: add list_head nf_gc to struct nfsd_file - [x86] xen: fix SLS mitigation in xen_hypercall_iret() - net: fix data-races around sk->sk_forward_alloc (CVE-2024-53124) https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.128 - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request - drm/amd/display: Use HW lock mgr for PSR1 - [arm64,armhf] irqchip/sunxi-nmi: Add missing SKIP_WAKE flag - regmap: detach regmap from dev on regmap_exit - ipv6: Fix soft lockups in fib6_select_path under high next hop churn (CVE-2024-56703) - softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel - xfs: bump max fsgeom struct version - xfs: hoist freeing of rt data fork extent mappings - xfs: prevent rt growfs when quota is enabled - xfs: rt stubs should return negative errnos when rt disabled - xfs: fix units conversion error in xfs_bmap_del_extent_delay - xfs: make sure maxlen is still congruent with prod when rounding down - xfs: introduce protection for drop nlink - xfs: handle nimaps=0 from xfs_bmapi_write in xfs_alloc_file_space - xfs: allow read IO and FICLONE to run concurrently - xfs: factor out xfs_defer_pending_abort - xfs: abort intent items when recovery intents fail - xfs: only remap the written blocks in xfs_reflink_end_cow_extent - xfs: up(ic_sema) if flushing data device fails - xfs: fix internal error from AGFL exhaustion - xfs: inode recovery does not validate the recovered inode - xfs: clean up dqblk extraction - xfs: dquot recovery does not validate the recovered dquot - xfs: clean up FS_XFLAG_REALTIME handling in xfs_ioctl_setattr_xflags - xfs: respect the stable writes flag on the RT device - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag - io_uring: fix waiters missing wake ups (Closes: #1093243) - net: sched: fix ets qdisc OOB Indexing - block: fix integer overflow in BLKSECDISCARD (CVE-2024-49994) - Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad" - vfio/platform: check the bounds of read/write syscalls - ext4: fix access to uninitialised lock in fc replay path (CVE-2024-50014) - ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (CVE-2024-50304) - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service - wifi: iwlwifi: add a few rate index validity checks - smb: client: fix UAF in async decryption (CVE-2024-50047) - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() - Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null" - ALSA: usb-audio: Add delay quirk for USB Audio Device - Input: atkbd - map F23 key to support default copilot shortcut - Input: xpad - add unofficial Xbox 360 wireless receiver clone - Input: xpad - add support for wooting two he (arm) - smb: client: fix NULL ptr deref in crypto_aead_setkey() - [arm64] drm/v3d: Assign job pointer to NULL before signaling the fence . [ Salvatore Bonaccorso ] * Bump ABI to 31 * [rt] Update to 6.1.127-rt48 Checksums-Sha1: a31ad274091dbacdf5f154245489d51d6cb0bb90 37010180 linux-doc-6.1_6.1.128-1_all.deb 49a1fa0b25df67d7fa3430dbd71036bce262b835 1104 linux-doc_6.1.128-1_all.deb 9d0898b3425ef8da9624d4d374f88c71e2c99a4b 8496808 linux-headers-6.1.0-31-common-rt_6.1.128-1_all.deb 9498a7e9f234a619d7e43b5c91277f46aaf5d8f7 10148948 linux-headers-6.1.0-31-common_6.1.128-1_all.deb cf33d6c6c42a42246903a8e0137dc90e3d627270 138707408 linux-source-6.1_6.1.128-1_all.deb 3f34cebe8807682e40e107f3fa86a0389a17e4db 1100 linux-source_6.1.128-1_all.deb fb91d8f7a61bcd7cd5db6ecbce100ae78e1e7d28 1005708 linux-support-6.1.0-31_6.1.128-1_all.deb b174c1c36cd3ef45a9d8a30b3b0b50bc81828409 13300 linux_6.1.128-1_all-buildd.buildinfo Checksums-Sha256: ce76ac7b0ce4436f410ed55eb03de6de4864d88db03c88a08554d6551231f011 37010180 linux-doc-6.1_6.1.128-1_all.deb c85d31f6e8955c14f68d8654865a5900890235e265ccaf30302ca75e121b84c2 1104 linux-doc_6.1.128-1_all.deb 5c10815e7ea7f55ca519576fde5f848b76635e7c1193d8a82c83c9bfa88d1178 8496808 linux-headers-6.1.0-31-common-rt_6.1.128-1_all.deb 7fe1ca7d48c58a0be828ab0ed112abe1bef4c22402161375e12b91417449f9a1 10148948 linux-headers-6.1.0-31-common_6.1.128-1_all.deb dc4ca0ad80d97dd0546bc3800ab6baa6713a6863935bc5fac08e3055542b2a2f 138707408 linux-source-6.1_6.1.128-1_all.deb da071e90aa636c1fbfee14d5ba63fbdb79bf4e218afd5a4f2a506c029ab515fb 1100 linux-source_6.1.128-1_all.deb 884a46562e92fd58b049eabfb7376dcde531a84fc2efe87197c18510150f50d9 1005708 linux-support-6.1.0-31_6.1.128-1_all.deb d3c57108b13534d9d11e47984031ff57164dbdaba737b45fced878ae28b3af50 13300 linux_6.1.128-1_all-buildd.buildinfo Files: cc0148b085cc2358ac90b3157c4250b7 37010180 doc optional linux-doc-6.1_6.1.128-1_all.deb 12ccbc14cf96c2120ddae5a83023f0df 1104 doc optional linux-doc_6.1.128-1_all.deb 4227a987ec8cafecb2d447e3a01ba510 8496808 kernel optional linux-headers-6.1.0-31-common-rt_6.1.128-1_all.deb f3a1ece8625ae48cd0aba33993072fda 10148948 kernel optional linux-headers-6.1.0-31-common_6.1.128-1_all.deb bf065124c6d9ea92440819c34b8e6c59 138707408 kernel optional linux-source-6.1_6.1.128-1_all.deb 26f25500edef8dbe63ce5010773020e1 1100 kernel optional linux-source_6.1.128-1_all.deb f79a53d744d5aa702eac014ea92f8666 1005708 devel optional linux-support-6.1.0-31_6.1.128-1_all.deb 3fc12c9572e76269f6a693700bb34194 13300 kernel optional linux_6.1.128-1_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEe8x49oT2k+seQstpgDm7h4zfCpIFAmel6VAACgkQgDm7h4zf CpLF+w//RS8/VQSomIM3uQslMyKqm7dUG2Kwj9dMAd3cVnQ9wsmMR5fdnxJ5+TUT hp9gUiK3KDURyD4NCm2bDEfAP0kQV1xyjESoGRQf8zv3m6VPBpiPRNOvUDnFlGUz nMJyzHrWVhVFU2tiLc2Btzf062QKDZYYB09TU5fk2dYOlhLdvRRdaHMjdJ8TAWsY QLawQlQfd7BlUrZMk8spL9LSxeDN0zxKVM9USUCKGxSJVQ1bOgisqIJd67YuQPK7 AAbZcWW7fDzEk+43u+7AMbx3MS3KrDc4lUJWwd+AYqa8RgV+wj5A/Yw934F1mcbs 4sgPOlSGlSJ2doxZG12hd97VNIr5mMcmoO2Iy2NZl8tX8B9rTBHIczNcC3QULdK8 q4AIbIo/aS54KpNZppC/sKxTb+KHkermza6Z7FjkniQEwtA4TImDgZMxLi+ua2Vb VW+2NxCrfJlAxZirWD7eiD+AnmpTK3+moURrf9YOAvSCoWcIYoMS+xtE5ZZ80xV5 wUtwKEEibdQnc42OJaY5Wl9OEvLXRl+0gaeUZKA11+W1Tu1XOwdZwptxtA+Lgfi0 1Kd/gCAgDHtXHBPHooM5H2HQyRAMx8ib5xtND7JbLgmYFWzpKDHmnzHGPM+TeCB+ Sue/RefJIyp7WW4hcehPQ4OcouVP1mgRorucPnVdlqLiYeS3mTk= =3Yj+ -----END PGP SIGNATURE-----