[PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits
Forwarded: not-needed
Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.
The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was
not present in the 'lenny' kernel, and seems to receive only sporadic
maintenance. Therefore disable auto-loading.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name af_802154-Disable-auto-loading-as-mitigation-against.patch
Tweak gitignore for Debian pkg-kernel using git svn.
Forwarded: not-needed
[bwh: Tweak further for pure git]
Gbp-Pq: Topic debian
Gbp-Pq: Name gitignore.patch
linux (5.10.234-1) bullseye-security; urgency=high
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.227
- [arm*] usb: dwc3: Decouple USB 2.0 L1 & L2 events
- [arm*] usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error
after resume bug
- [arm*] usb: dwc3: core: update LC timer as per USB Spec V3.2
- usbnet: ipheth: fix carrier detection in modes 1 and 4
- net: phy: vitesse: repair vsc73xx autonegotiation
- btrfs: update target inode's ctime on unlink
- Input: ads7846 - ratelimit the spi_sync error message
- [x86] Input: synaptics - enable SMBus for HP Elitebook 840 G2
- [arm64] drm/msm/adreno: Fix error return if missing firmware-name
- [x86] Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table
- NFS: Avoid unnecessary rescanning of the per-server delegation list
- [arm64] dts: rockchip: override BIOS_DISABLE signal via GPIO hog on
RK3399 Puma
- hwmon: (pmbus) Introduce and use write_byte_data callback
- hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev
>= 1.2
- ice: fix accounting for filters shared by multiple VSIs
- net/mlx5: Update the list of the PCI supported devices
- net/mlx5e: Add missing link modes to ptys2ethtool_map
- fou: fix initialization of grc (CVE-2024-46865)
- [armhf] net: ftgmac100: Enable TX interrupt to avoid TX timeout
- [arm64] net: dpaa: Pad packets to ETH_ZLEN (CVE-2024-46854)
- [arm64] spi: nxp-fspi: fix the KASAN report out-of-bounds bug
(CVE-2024-46853)
- soundwire: stream: Revert "soundwire: stream: fix programming slave ports
for non-continous port maps" (regression in 5.10.225)
- [arm*] ASoC: meson: axg-card: fix 'use-after-free' (CVE-2024-46849)
- dma-buf: heaps: Fix off-by-one in CMA heap fault handler
- ALSA: hda/realtek - Fixed ALC256 headphone no sound
- ALSA: hda/realtek - FIxed ALC285 headphone no sound
- [armhf] net: ftgmac100: Ensure tx descriptor updates are visible
- wifi: iwlwifi: lower message level for FW buffer destination
- wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
(CVE-2024-47672)
- [x86] hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides
frequency
- ocfs2: add bounds checking to ocfs2_xattr_find_entry() (CVE-2024-47670)
- ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
(CVE-2024-41016)
- netfilter: nft_set_pipapo: walk over current view on netlink dump
(CVE-2024-27017)
- netfilter: nf_tables: missing iterator type in lookup walk
- gpio: prevent potential speculation leaks in gpio_device_get_desc()
(CVE-2024-44931)
- mptcp: pm: Fix uaf in __timer_delete_sync (CVE-2024-46858)
- inet: inet_defrag: prevent sk release while still in use (CVE-2024-26921)
- [x86] ibt,ftrace: Search for __fentry__ location
- ftrace: Fix possible use-after-free issue in ftrace_location()
(CVE-2024-38588)
- gpiolib: cdev: Ignore reconfiguration without direction
- USB: serial: pl2303: add device id for Macrosilicon MS3020
- USB: usbtmc: prevent kernel-usb-infoleak (CVE-2024-47671)
- wifi: rtw88: always wait for both firmware loading attempts
(CVE-2024-47718)
- fs: explicitly unregister per-superblock BDIs
- mount: warn only once about timestamp range expiration
- fs/namespace: fnic: Switch to use %ptTd
- mount: handle OOM on mnt_warn_timestamp_expiry
- padata: Honor the caller's alignment in case of chunk_size 0
- can: j1939: use correct function name in comment
- netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire
- netfilter: nf_tables: reject element expiration with no timeout
- netfilter: nf_tables: reject expiration higher than timeout
- [armhf] cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails
appropriately
- wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan()
- wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors
- wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
(CVE-2024-47713)
- wifi: wilc1000: fix potential RCU dereference issue in
wilc_parse_join_bss_param (CVE-2024-47712)
- sock_map: Add a cond_resched() in sock_hash_free() (CVE-2024-47710)
- can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().
(CVE-2024-47709)
- Bluetooth: btusb: Fix not handling ZPL/short-transfer
- net: geneve: support IPv4/IPv6 as inner protocol
- geneve: Fix incorrect inner network header offset when innerprotoinherit
is set
- [arm64] net: enetc: Use IRQF_NO_AUTOEN flag in request_irq()
- r8169: disable ALDPS per default for RTL8125
- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input
- net: tipc: avoid possible garbage value
- block, bfq: fix possible UAF for bfqq->bic with merge chain
(CVE-2024-47706)
- block, bfq: choose the last bfqq from merge chain in
bfq_setup_cooperator()
- block, bfq: don't break merge chain in bfq_split_bfqq()
- block: print symbolic error name instead of error code
- block: fix potential invalid pointer dereference in blk_add_partition
(CVE-2024-47705)
- hwmon: (max16065) Fix overflows seen when writing limits
- device property: Add const qualifier to device_get_match_data() parameter
- i2c: Add i2c_get_match_data()
- hwmon: (max16065) Remove use of i2c_match_id()
- hwmon: (max16065) Fix alarm attributes
- [x86] mtd: slram: insert break after errors in parsing the map
- hwmon: (ntc_thermistor) fix module autoloading
- [arm*] power: supply: axp20x_battery: allow disabling battery charging
- [arm*] power: supply: axp20x_battery: Remove design from min and max
voltage
- [x86] power: supply: max17042_battery: Fix SOC threshold calc w/ no
current sense
- [armhf] drm/stm: Fix an error handling path in stm_drm_platform_probe()
- drm/amdgpu: Replace one-element array with flexible-array member
- drm/amdgpu: properly handle vbios fake edid sizing
- drm/radeon: Replace one-element array with flexible-array member
- drm/radeon: properly handle vbios fake edid sizing
- [arm*] drm/rockchip: vop: Allow 4096px width scaling
- [arm*] drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode
- drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets
- jfs: fix out-of-bounds in dbNextAG() and diAlloc() (CVE-2024-47723)
- [arm64] drm/msm: Fix incorrect file name output in adreno_request_fw()
- [arm64] drm/msm/a5xx: disable preemption in submits by default
- [arm64] drm/msm/a5xx: properly clear preemption records on resume
- [arm64] drm/msm/a5xx: fix races in preemption evaluation stage
- [arm64] drm/msm: Add priv->mm_lock to protect active/inactive lists
- [arm64] drm/msm: Drop priv->lastctx
- [arm64] drm/msm/a5xx: workaround early ring-buffer emptiness check
- [arm64] drm/msm: fix %s null argument error
- [x86] xen: use correct end address of kernel for conflict checking
- xen/swiotlb: add alignment check for dma buffers
- tpm: Clean up TPM space after command failure (CVE-2024-49851)
- xz: cleanup CRC32 edits from 2018
- kthread: add kthread_work tracepoints
- kthread: fix task state in kthread worker if being frozen
- ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard
- ext4: avoid buffer_head leak in ext4_mark_inode_used()
- ext4: avoid potential buffer_head leak in __ext4_new_inode()
- ext4: avoid negative min_clusters in find_group_orlov()
- ext4: return error on ext4_find_inline_entry
- ext4: avoid OOB when system.data xattr changes underneath the filesystem
(CVE-2024-47701)
- nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
(CVE-2024-47699)
- nilfs2: determine empty node blocks as corrupted
- nilfs2: fix potential oob read in nilfs_btree_check_delete()
(CVE-2024-47757)
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit
- perf sched timehist: Fix missing free of session in
perf_sched__timehist()
- perf sched timehist: Fixed timestamp error when unable to confirm event
sched_in time
- perf time-utils: Fix 32-bit nsec parsing
- [arm64] clk: imx: imx8mp: fix clock tree update of TF-A managed clocks
- [arm*] clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error
(CVE-2024-47698)
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error
(CVE-2024-47697)
- [arm*] PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
(CVE-2024-47756)
- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
(CVE-2024-47696)
- [arm*] pinctrl: single: fix missing error code in pcs_probe()
- [armhf] clk: ti: dra7-atl: Fix leak of of_nodes
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire
- nfsd: fix refcount leak when file is unhashed after being found
- [armhf] pinctrl: mvebu: Use devm_platform_get_and_ioremap_resource()
- [armhf] pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function
- [arm64] RDMA/hns: Add mapped page count checking for MTR
- [arm64] RDMA/hns: Refactor root BT allocation for MTR
- [arm64] RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range()
- [arm64] RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled
(CVE-2024-47735)
- [arm64] RDMA/hns: Optimize hem allocation performance
- RDMA/cxgb4: Added NULL check for lookup_atid (CVE-2024-47749)
- nfsd: call cache_put if xdr_reserve_space returns NULL (CVE-2024-47737)
- nfsd: return -EINVAL when namelen is 0 (CVE-2024-47692)
- f2fs: enhance to update i_mode and acl atomically in f2fs_setattr()
- f2fs: fix to update i_ctime in __f2fs_setxattr()
- f2fs: remove unneeded check condition in __f2fs_setxattr()
- f2fs: reduce expensive checkpoint trigger frequency
- iio: adc: ad7606: fix oversampling gpio array
- iio: adc: ad7606: fix standby gpio state to match the documentation
- vdpa: Add eventfd for the vdpa callback
- vhost_vdpa: assign irq bypass producer token correctly (CVE-2024-47748)
- Revert "dm: requeue IO if mapping table not yet available" (regression in
5.10.111)
- netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
(CVE-2024-47685)
- tcp: check skb is non-NULL in tcp_rto_delta_us() (CVE-2024-47684)
- net: qrtr: Update packets cloning when broadcasting
- netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
- drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination
- selinux,smack: don't bypass permissions check in inode_setsecctx hook
(CVE-2024-46695)
- ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error
- [x86] Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk
table
- [x86] Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk
table
- [x86] Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD
line
- drm/amd/display: Round calculated vtotal
- USB: appledisplay: close race between probe and completion handler
- USB: misc: cypress_cy7c63: check for short transfer
- USB: class: CDC-ACM: fix race between get_serial and set_serial
- firmware_loader: Block path traversal (CVE-2024-47742)
- tty: rp2: Fix reset with non forgiving PCIe host bridges
- [amd64] crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS
failure
- drbd: Fix atomicity violation in drbd_uuid_set_bm()
- drbd: Add NULL check for net_conf to prevent dereference in state
validation
- ACPI: sysfs: validate return type of _STR method (CVE-2024-49860)
- [x86] ACPI: resource: Add another DMI match for the TongFang GMxXGxx
- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption
(CVE-2024-49858)
- [x86] perf/x86/intel/pt: Fix sampling synchronization
- wifi: rtw88: 8822c: Fix reported RX band width
- f2fs: prevent possible int overflow in dir_block_index()
- f2fs: avoid potential int overflow in sanity_check_area_boundary()
- [arm64] dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency
- [arm64] dts: rockchip: Correct the Pinebook Pro battery design capacity
- vfs: fix race between evice_inodes() and find_inode()&iput()
(CVE-2024-47679)
- fs: Fix file_set_fowner LSM hook inconsistencies
- nfs: fix memory leak in error path of nfs4_do_reclaim
- padata: use integer wrap around to prevent deadlock on seq_nr overflow
(CVE-2024-47739)
- [arm64] PCI: xilinx-nwl: Use irq_data_get_irq_chip_data()
- [arm64] PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler
- USB: misc: yurex: fix race between read and write
- pps: remove usage of the deprecated ida_simple_xx() API
- pps: add an error check in parport_attach
- xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them.
- [armhf] i2c: aspeed: Update the stop sw state when the bus recovery
occurs
- i2c: isch: Add missed 'else'
- usb: yurex: Fix inconsistent locking bug in yurex_read()
- [arm*] mailbox: bcm2835: Fix timeout during suspend mode (CVE-2024-49963)
- ceph: remove the incorrect Fw reference check when dirtying pages
(CVE-2024-50179)
- net/mlx5: Fix error path in multi-packet WQE transmit (CVE-2024-50001)
- net/mlx5: Added cond_resched() to crdump collection
- netfilter: nf_tables: prevent nf_skb_duplicated corruption
(CVE-2024-49952)
- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq()
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO
(CVE-2024-49949) (regression in 5.10.82)
- net: add more sanity checks to qdisc_pkt_len_init() (CVE-2024-49948)
- ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (regresion in
5.10.204)
- sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
(CVE-2024-49944)
- media: usbtv: Remove useless locks in usbtv_video_free() (CVE-2024-27072)
- Bluetooth: L2CAP: Fix not validating setsockopt user input
(CVE-2024-35965)
- ALSA: mixer_oss: Remove some incorrect kfree_const() usages
- ALSA: hda/realtek: Fix the push button function for the ALC257
- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs
- [x86] ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin
(regression in 5.10.226)
- f2fs: Require FMODE_WRITE for atomic write ioctls (CVE-2024-47740)
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit
(CVE-2024-49938)
- ice: Adjust over allocation of memory in ice_sched_add_root_node() and
ice_sched_add_node()
- net/xen-netback: prevent UAF in xenvif_flush_hash() (CVE-2024-49936)
- [arm64] net: hisilicon: hip04: fix OF node leak in probe()
- [arm64] net: hisilicon: hns_dsaf_mac: fix OF node leak in
hns_mac_get_info()
- [arm64] net: hisilicon: hns_mdio: fix OF node leak in probe()
- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails
- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails
- net: sched: consistently use rcu_replace_pointer() in taprio_change()
(CVE-2024-50127)
- blk_iocost: fix more out of bound shifts (CVE-2024-49933)
- wifi: ath11k: fix array out-of-bound access in SoC stats (CVE-2024-49930)
- ACPI: EC: Do not release locks during operation region accesses
- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in
acpi_db_convert_to_package() (CVE-2024-49962)
- tipc: guard against string buffer overrun (CVE-2024-49995)
- [arm*] net: mvpp2: Increase size of queue_name buffer
- ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR).
- ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family
- net: atlantic: Avoid warning about potential string truncation
- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect()
process
- ACPICA: iasl: handle empty connection_node
- proc: add config & param to block forcing mem writes
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_cmd_802_11_scan_ext() (CVE-2024-50008)
- nfp: Use IRQF_NO_AUTOEN flag in request_irq()
- signal: Replace BUG_ON()s
- ALSA: usb-audio: Add logitech Audio profile quirk
- [x86] ALSA: asihpi: Fix potential OOB array access (CVE-2024-50007)
- ALSA: hdsp: Break infinite MIDI input flush loop
- [i386] syscall: Avoid memcpy() for ia32 syscall_get_arguments()
- [arm*] iommu/arm-smmu-qcom: hide last LPASS SMMU context bank from linux
- [amd64] iommu/vt-d: Always reserve a domain ID for identity setup
- [amd64] iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0
count
- drm/amd/display: Add null check for top_pipe_to_program in
commit_planes_for_stream (CVE-2024-49913)
- ata: sata_sil: Rename sil_blacklist to sil_quirks
- drm/amd/display: Check null pointers before using dc->clk_mgr
(CVE-2024-49907)
- jfs: UBSAN: shift-out-of-bounds in dbFindBits
- jfs: Fix uaf in dbFreeBits (CVE-2024-49903)
- jfs: check if leafidx greater than num leaves per dmap tree
(CVE-2024-49902)
- jfs: Fix uninit-value access of new_ea in ea_buffer (CVE-2024-49900)
- [x86] drm/amdgpu: add raven1 gfxoff quirk
- [x86] drm/amdgpu: enable gfxoff quirk on HP 705G4
- drm/amd/display: Check stream before comparing them (CVE-2024-49896)
- drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format
translation (CVE-2024-49895)
- drm/amd/display: Fix index out of bounds in degamma hardware format
translation (CVE-2024-49894)
- drm/amd/display: Fix index out of bounds in DCN30 color transformation
(CVE-2024-49969)
- drm/amd/display: Initialize get_bytes_per_element's default to 1
(CVE-2024-49892_
- drm/printer: Allow NULL data in devcoredump printer
- scsi: aacraid: Rearrange order of struct aac_srb_unit
- drm/radeon/r100: Handle unknown family in r100_cp_init_microcode()
- drm/amd/pm: ensure the fw_info is not null before using it
(CVE-2024-49890)
- of/irq: Refer to actual buffer size in of_irq_parse_one()
- ext4: ext4_search_dir should return a proper error
- ext4: avoid use-after-free in ext4_ext_show_leaf() (CVE-2024-49889)
- ext4: fix i_data_sem unlock order in ext4_ind_migrate() (CVE-2024-50006)
- [armhf] spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm
enabled
- [armhf] i2c: stm32f7: Do not prepare/unprepare clock during runtime
suspend/resume (CVE-2024-49985)
- perf/core: Fix small negative period being ignored
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS
- ALSA: core: add isascii() check to card ID generator
- ALSA: line6: add hw monitor volume control to POD HD500X
- [x86] ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9
- ext4: no need to continue when the number of entries is 1
- ext4: fix slab-use-after-free in ext4_split_extent_at() (CVE-2024-49884)
- ext4: propagate errors from ext4_find_extent() in ext4_insert_range()
- ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space()
- ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free
(CVE-2024-49983)
- ext4: aovid use-after-free in ext4_ext_insert_extent() (CVE-2024-49883)
- ext4: fix double brelse() the buffer of the extents path (CVE-2024-49882)
- ext4: update orig_path in ext4_find_extent() (CVE-2024-49881)
- ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit()
- of/irq: Support #msi-cells=<0> in of_msi_get_domain
- [armhf] drm: omapdrm: Add missing check for alloc_ordered_workqueue
(CVE-2024-49879)
- jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns
error (CVE-2024-49959)
- jbd2: correctly compare tids with tid_geq function in
jbd2_fc_begin_commit
- mm: krealloc: consider spare memory for __GFP_ZERO
- ocfs2: fix uninit-value in ocfs2_get_block()
- ocfs2: reserve space for inline xattr before attaching reflink tree
(CVE-2024-49958)
- ocfs2: cancel dqi_sync_work before freeing oinfo (CVE-2024-49966)
- ocfs2: remove unreasonable unlock in ocfs2_read_blocks (CVE-2024-49965)
- ocfs2: fix null-ptr-deref when journal load failed. (CVE-2024-49957)
- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
(CVE-2024-49877)
- exfat: fix memory leak in exfat_load_bitmap() (CVE-2024-50013)
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds
- nfsd: map the EBADMSG to nfserr_io to avoid warning (CVE-2024-49875)
- NFSD: Fix NFSv4's PUTPUBFH operation
- aoe: fix the potential use-after-free problem in more places
(CVE-2024-49982)
- [arm*] clk: rockchip: fix error for unknown clocks
- media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags
- [arm64] media: venus: fix use after free bug in venus_remove due to race
condition (CVE-2024-49981)
- iio: magnetometer: ak8975: Fix reading for ak099xx sensors
- tomoyo: fallback to realpath if symlink's pathname does not exist
(Closes: #
1082001)
- net: stmmac: Fix zero-division error when disabling tc cbs
(CVE-2024-49977)
- [x86] ACPI: resource: Add Asus Vivobook X1704VAP to
irq1_level_low_skip_override[]
- [x86] ACPI: resource: Add Asus ExpertBook B2502CVA to
irq1_level_low_skip_override[]
- btrfs: fix a NULL pointer dereference when failed to start a new
trasacntion (CVE-2024-49868)
- btrfs: wait for fixup workers before stopping cleaner kthread during
umount (CVE-2024-49867)
- drm/sched: Add locking to drm_sched_entity_modify_sched
- kconfig: qconf: fix buffer overflow in debug links
- ext4: properly sync file size update after O_SYNC direct IO
- ext4: dax: fix overflowing extents beyond inode size when partially
writing (CVE-2024-50015)
- [arm64] Add Cortex-715 CPU part definition
- [arm64] cputype: Add Neoverse-N3 definitions
- [arm64] errata: Expand speculative SSBS workaround once more
- uprobes: fix kernel info leak via "[uprobes]" vma (CVE-2024-49975)
- [arm64] drm/rockchip: define gamma registers for RK3399
- [arm64] drm/rockchip: support gamma control on RK3399
- [armhf] drm/rockchip: vop: clear DMA stop bit on RK3066
- r8169: add tally counter fields added with RTL8125 (CVE-2024-49973)
- ACPI: battery: Simplify battery hook locking
- ACPI: battery: Fix possible crash when unregistering a battery hook
(CVE-2024-49955)
- ext4: fix inode tree inconsistency caused by ENOMEM
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (CVE-2024-49863)
- tracing: Remove precision vsnprintf() check from print event
- drm/crtc: fix uninitialized variable use even harder (regression in
5.10.209)
- tracing: Have saved_cmdlines arrays all in one allocation
- virtio_console: fix misc probe bugs
- kallsyms: Make kallsyms_on_each_symbol generally available
- kallsyms: Make module_kallsyms_on_each_symbol generally available
- tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols
- tracing/kprobes: Fix symbol counting logic by looking at modules as well
- Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal
- bpf: Check percpu map value size first
- ext4: nested locking for xattr inode
- RDMA/mad: Improve handling of timed out WRs of mad agent (CVE-2024-50095)
- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip
- [arm64] PCI: Add ACS quirk for Qualcomm SA8775P
- [x86] i2c: i801: Use a different adapter-name for IDF adapters
- PCI: Mark Creative Labs EMU20k2 INTx masking as broken
- ntb: ntb_hw_switchtec: Fix use after free vulnerability in
switchtec_ntb_remove due to race condition (CVE-2024-50059)
- media: videobuf2-core: clear memory related fields in
__vb2_plane_dmabuf_put()
- [armhf] clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D
(CVE-2024-50181)
- [arm*] usb: chipidea: udc: enable suspend interrupt after usb reset
- [arm*] usb: dwc2: Adjust the timing of USB Driver Interrupt Registration
in the Crashkernel Scenario
- virtio_pmem: Check device status before requesting flush (CVE-2024-50184)
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus
attribute
- drm/amd/display: Check null pointer before dereferencing se
(CVE-2024-50049)
- [x86] fbdev: sisfb: Fix strbuf array overflow (CVE-2024-50180)
- RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (CVE-2024-38544)
- NFSD: Mark filecache "down" if init fails
- ice: fix VLAN replay after reset
- SUNRPC: Fix integer overflow in decode_rc_list()
- NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()
(CVE-2024-50046)
- net: phy: dp83869: fix memory corruption when enabling fiber
(CVE-2024-50188)
- tcp: fix to allow timestamp undo if no retransmits were sent
- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe
- netfilter: br_netfilter: fix panic with metadata_dst skb (CVE-2024-50045)
- Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
(CVE-2024-50044)
- [armhf] net: dsa: b53: fix jumbo frame mtu check
- [armhf] net: dsa: b53: fix max MTU for 1g switches
- [armhf] net: dsa: b53: fix max MTU for BCM5325/BCM5365
- [armhf] net: dsa: b53: allow lower MTUs on BCM5325/5365
- [armhf] net: dsa: b53: fix jumbo frames on 10/100 ports
- [armhf] gpio: aspeed: Add the flush write to ensure the write complete.
- [armhf] gpio: aspeed: Use devm_clk api to manage clock source
- igb: Do not bring the device up after non-fatal error (CVE-2024-50040)
- net/sched: accept TCA_STAB only for root qdisc (CVE-2024-50039)
- sctp: ensure sk_state is set to CLOSED if hashing fails in
sctp_listen_start
- net: Add l3mdev index to flow struct and avoid oif reset for port devices
- netfilter: rpfilter/fib: Populate flowic_l3mdev field
- netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces.
- netfilter: fib: check correct rtable in vrf setups
- ppp: fix ppp_async_encode() illegal access (CVE-2024-50035)
- slip: make slhc_remember() more robust against malicious packets
(CVE-2024-50033)
- resource: fix region_intersects() vs add_memory_driver_managed()
(CVE-2024-49878)
- HID: plantronics: Workaround for an unexcepted opposite volume key
- [arm*] usb: dwc3: core: Stop processing of pending events if controller
is halted
- usb: xhci: Fix problem with xhci resume from suspend
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip
- net: Fix an unsafe loop on the list (CVE-2024-50024)
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error
(CVE-2024-50096)
- net: geneve: add missing netlink policy and size for
IFLA_GENEVE_INNER_PROTO_INHERIT
- xfrm: Pass flowi_oif or l3mdev as oif to xfrm_dst_lookup
- net: Handle l3mdev in ip_tunnel_init_flow
- net: seg6: fix seg6_lookup_any_nexthop() to handle VRFs using
flowi_l3mdev
- net: vrf: determine the dst using the original ifindex for multicast
- netfilter: ip6t_rpfilter: Fix regression with VRF interfaces
- ext4: fix warning in ext4_dio_write_end_io()
- [arm64] RDMA/hns: Fix uninitialized variable
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.228
- [x86] ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2
- posix-clock: Fix missing timespec64 check in pc_clock_settime()
(CVE-2024-50195)
- [arm64] probes: Remove broken LDR (literal) uprobe support
(CVE-2024-50099)
- [arm64] probes: Fix simulate_ldr*_literal()
- [arm64] net: macb: Avoid 20s boot delay by skipping MDIO bus registration
for fixed-link PHY
- [arm*] irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC
v4.1
- fat: fix uninitialized variable
- mm/swapfile: skip HugeTLB pages for unuse_vma (CVE-2024-50199)
- wifi: mac80211: fix potential key use-after-free (CVE-2023-52530)
- KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
(CVE-2024-40953)
- io_uring/sqpoll: do not allow pinning outside of cpuset
- io_uring/sqpoll: retain test for whether the CPU is valid
- io_uring/sqpoll: do not put cpumask on stack
- [x86] cpufeatures: Define X86_FEATURE_AMD_IBPB_RET
- [x86] cpufeatures: Add a IBPB_NO_RET BUG flag
- [x86] entry: Have entry_ibpb() invalidate return predictions
- [x86] bugs: Skip RSB fill at VMEXIT
- [x86] bugs: Do not use UNTRAIN_RET with IBPB on entry
- blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
(CVE-2024-50082)
- io_uring/sqpoll: close race on waiting for sqring entries
- drm/radeon: Fix encoder->possible_clones (CVE-2024-50201)
- [x86] drm/vmwgfx: Handle surface check failure correctly
- iio: hid-sensors: Fix an error handling path in
_hid_sensor_set_report_latency()
- iio: light: veml6030: fix ALS sensor resolution
- iio: light: veml6030: fix IIO device retrieval from embedded device
(CVE-2024-50198)
- iio: light: opt3001: add missing full-scale range value
- Bluetooth: Remove debugfs directory on module init failure
- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001
- xhci: Fix incorrect stream context type macro
- USB: serial: option: add support for Quectel EG916Q-GL
- USB: serial: option: add Telit FN920C04 MBIM compositions
- parport: Proper fix for array out-of-bounds access (CVE-2024-50074)
- [x86] resctrl: Annotate get_mem_config() functions as __init
- [x86] apic: Always explicitly disarm TSC-deadline timer
- [i386] x86/entry_32: Do not clobber user EFLAGS.ZF (regression in
5.10.215)
- [i386] x86/entry_32: Clear CPU buffers after register restore in NMI
return (CVE-2024-50193)
- [arm*] irqchip/gic-v4: Don't allow a VMOVP on a dying VPE
(CVE-2024-50192)
- mptcp: handle consistently DSS corruption (CVE-2024-50185)
- tcp: fix mptcp DSS corruption due to large pmtu xmit (CVE-2024-50083)
- nilfs2: propagate directory read errors from nilfs_find_entry()
(CVE-2024-50202)
- [x86] ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP
EliteOne 1000 G2
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.229
- [amd64,arm64] RDMA/bnxt_re: Add a check for memory allocation
(CVE-2024-50209)
- [arm*] dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP
- ipv4: give an IPv4 dev to blackhole_netdev
- [amd64,arm64] RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
(CVE-2024-50208)
- [arm64] drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate
calculation
- macsec: don't increment counters for an unrelated SA
- net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid
- net: systemport: fix potential memory leak in bcm_sysport_xmit()
(CVE-2024-50171)
- genetlink: hold RCU in genlmsg_mcast()
- scsi: target: core: Fix null-ptr-deref in target_alloc_device()
(CVE-2024-50153)
- smb: client: fix OOBs when building SMB2_IOCTL request (CVE-2024-50151)
- usb: typec: altmode should keep reference to parent (CVE-2024-50150)
- Bluetooth: bnep: fix wild-memory-access in proto_unregister
(CVE-2024-50148)
- [arm64] uprobe fix the uprobe SWBP_INSN in big-endian
- [arm64] probes: Fix uprobes for big-endian kernels (CVE-2024-50194)
- block, bfq: fix procress reference leakage for bfqq in merge chain
- exec: don't WARN for racy path_noexec check (CVE-2024-50010)
- iomap: update ki_pos a little later in iomap_dio_complete
- [x86] drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape
with real VLA (CVE-2024-50134)
- [arm64] ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit
- [arm64] Force position-independent veneers
- jfs: Fix sanity check in dbMount
- tracing: Consider the NULL character when validating the event length
(CVE-2024-50131)
- xfrm: extract dst lookup parameters into a struct
- xfrm: respect ip protocols rules criteria when performing dst lookups
- be2net: fix potential memory leak in be_xmit() (CVE-2024-50167)
- net: usb: usbnet: fix name regression
- net: sched: fix use-after-free in taprio_change()
- r8169: avoid unsolicited interrupts
- posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
(CVE-2024-50210)
- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
(CVE-2024-50205)
- [armhf] ASoC: stm32: spdifrx: fix dma channel release in
stm32_spdifrx_remove (CVE-2024-50292)
- [arm*] media: s5p-jpeg: prevent buffer overflows (CVE-2024-53061)
- ALSA: hda/realtek: Update default depop procedure
- drm/amd: Guard against bad data for ATIF ACPI method (CVE-2024-50117)
- [x86] ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[]
- [arm64] ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix
initial lid detection issue
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag
(CVE-2024-50116)
- openat2: explicitly return -E2BIG for (usize > PAGE_SIZE)
- [x86] KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
(CVE-2024-50115)
- [x86] ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593
- [x86] hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER
event
- selinux: improve error checking in sel_write_load()
- serial: protect uart_port_dtr_rts() in uart_shutdown() too
(CVE-2024-50058)
- net: phy: dp83822: Fix reset pin definitions
- [arm64] ASoC: qcom: Fix NULL Dereference in
asoc_qcom_lpass_cpu_platform_probe() (CVE-2024-50103)
- xfrm: validate new SA's prefixlen using SA family when sel.family is
unset (CVE-2024-50142)
- cgroup: Fix potential overflow issue when checking max_depth
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys
- RDMA/cxgb4: Dump vendor specific QP details
- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down
- mac80211: do drv_reconfig_complete() before restarting all
- mac80211: Add support to trigger sta disconnect on hardware restart
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()
(CVE-2024-53059)
- [armhf] ASoC: cs42l51: Fix some error handling paths in cs42l51_probe()
- ipv4: ip_tunnel: Fix suspicious RCU usage warning in
ip_tunnel_init_flow() (CVE-2024-53042)
- gtp: allow -1 to be specified as file description from userspace
- net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (CVE-2024-53057)
- bpf: Fix out-of-bounds write in trie_get_next_key() (CVE-2024-50262)
- net: support ip generic csum processing in skb_csum_hwoffload_help
- net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension
- netfilter: nft_payload: sanitize offset and length before calling
skb_checksum() (CVE-2024-50251)
- NFS: remove revoked delegation from server's delegation list
- usbip: tools: Fix detach_port() invalid port error path
- usb: phy: Fix API devm_usb_put_phy() can not release the phy
- xhci: Fix Link TRB DMA in command ring stopped completion event
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems
- Revert "driver core: Fix uevent_show() vs driver detach race" (regression
in 5.10.224)
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower
(CVE-2024-50237)
- wifi: ath10k: Fix memory leak in management tx (CVE-2024-50236)
- wifi: iwlegacy: Clear stale interrupts before resuming device
(CVE-2024-50234)
- staging: iio: frequency: ad9832: fix division by zero in
ad9832_calc_freqreg() (CVE-2024-50233)
- iio: light: veml6030: fix microlux value calculation
- nilfs2: fix potential deadlock with newly created symlinks
(CVE-2024-50229)
- mm: add remap_pfn_range_notrack
- mm: avoid leaving partial pfn mappings around in error case
(CVE-2024-47674)
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (CVE-2024-50218)
- [i386] bugs: Use code segment selector for VERW operand (CVE-2024-50072)
- nilfs2: fix kernel bug due to missing clearing of checked flag
(CVE-2024-50230)
- mm: shmem: fix data-race in shmem_getattr()
- Revert "drm/mipi-dsi: Set the fwnode for mipi_dsi_device" (regression
in 5.10.181)
- drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)
(CVE-2024-39497)
- vt: prevent kernel-infoleak in con_font_get()
- mac80211: always have ieee80211_sta_restart()
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.230
- [arm64] dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-
excavator
- [arm64] dts: rockchip: Remove hdmi's 2nd interrupt on rk3328
- [arm64] dts: rockchip: Fix bluetooth properties on Rock960 boards
- [arm64] dts: rockchip: Remove #cooling-cells from fan on Theobroma lion
- [arm64] dts: rockchip: Fix LED triggers on rk3308-roc-cc
- [arm64] dts: imx8mp: correct sdhc ipg clk
- [armhf] dts: rockchip: fix rk3036 acodec node
- [armhf] dts: rockchip: drop grf reference from rk3036 hdmi
- [armhf] dts: rockchip: Fix the spi controller on rk3036
- [armhf] dts: rockchip: Fix the realtek audio codec on rk3036-kylin
- HID: core: zero-initialize the report buffer (CVE-2024-50302)
- security/keys: fix slab-out-of-bounds in key_task_permission
(CVE-2024-50301)
- [arm64] net: enetc: set MAC address to the VF net_device
- sctp: properly validate chunk size in sctp_sf_ootb() (CVE-2024-50299)
- [armhf] can: c_can: fix {rx,tx}_errors statistics
- [arm64] net: hns3: fix kernel crash when uninstalling driver
(CVE-2024-50296)
- net: phy: export phy_error and phy_trigger_machine
- net: phy: ti: implement generic .handle_interrupt() callback
- net: phy: ti: add PHY_RST_AFTER_CLK_EN flag
- [arm*] net: arc: fix the device for dma_map_single/dma_unmap_single
(CVE-2024-50295)
- Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown"
(regression in 5.10.226)
- media: stb0899_algo: initialize cfr before using it
- media: dvbdev: prevent the risk of out of memory access (CVE-2024-53063)
- media: dvb_frontend: don't play tricks with underflow values
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer
- ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init()
- [armhf] ASoC: stm32: spdifrx: fix dma channel release in
stm32_spdifrx_remove
- media: cx24116: prevent overflows on SNR calculus (CVE-2024-50290)
- media: pulse8-cec: fix data timestamp at pulse8_setup()
- media: v4l2-tpg: prevent the risk of a division by zero (CVE-2024-50287)
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()
(CVE-2024-50282)
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported
(CVE-2024-53060)
- dm cache: correct the number of origin blocks to match the target length
- dm cache: fix out-of-bounds access to the dirty bitset when resizing
(CVE-2024-50279)
- dm cache: optimize dirty bit checking with find_next_bit when resizing
- dm cache: fix potential out-of-bounds access on the first resume
(CVE-2024-50278)
- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t
overflow
- io_uring: rename kiocb_end_write() local helper
- fs: create kiocb_{start,end}_write() helpers
- io_uring: use kiocb_{start,end}_write() helpers
- io_uring/rw: fix missing NOWAIT check for O_DIRECT start write
(CVE-2024-53052)
- nfs: Fix KMSAN warning in decode_getfattr_attrs() (CVE-2024-53066)
- btrfs: reinitialize delayed ref list after deleting it from the list
(CVE-2024-50273)
- splice: don't generate zero-len segement bvecs
- spi: Fix deadlock when adding SPI controllers on SPI buses
(CVE-2021-47469)
- spi: fix use-after-free of the add_lock mutex
- net: bridge: xmit: make sure we have at least eth header len bytes
(CVE-2024-38538)
- Revert "perf hist: Add missing puts to hist__account_cycles" (regression
in 5.10.201)
- perf session: Add missing evlist__delete when deleting a session
- net: do not delay dst_entries_add() in dst_release() (CVE-2024-50036)
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in
uvc_parse_format (CVE-2024-53104)
- [arm*] usb: musb: sunxi: Fix accessing an released usb phy
(CVE-2024-50269)
- usb: typec: fix potential out of bounds in
ucsi_ccg_update_set_new_cam_cmd() (CVE-2024-50268)
- USB: serial: io_edgeport: fix use after free in debug printk
(CVE-2024-50267)
- USB: serial: qcserial: add support for Sierra Wireless EM86xx
- USB: serial: option: add Fibocom FG132 0x0112 composition
- USB: serial: option: add Quectel RG650V
- [arm*] irqchip/gic-v3: Force propagation of the active state with a read-
back
- ocfs2: remove entry once instead of null-ptr-dereference in
ocfs2_xa_remove() (CVE-2024-50265)
- ALSA: usb-audio: Support jack detection on Dell dock
- ALSA: usb-audio: Add quirks for Dell WD19 dock
- [x86] hv_sock: Initializing vsk->trans to NULL to prevent a dangling
pointer (CVE-2024-53103)
- vsock/virtio: Initialization of the dangling pointer occurring in vsk->
trans (CVE-2024-50264)
- net: phy: ti: take into account all possible interrupt sources
- 9p: Avoid creating multiple slab caches with the same name
- HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad
- bpf: use kvzmalloc to allocate BPF verifier environment
- [arm*] crypto: marvell/cesa - Disable hash algorithms
- fs: Fix uninitialized value issue in from_kuid and from_kgid
(CVE-2024-53101)
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition
- md/raid10: improve code of mrdev in raid10_sync_request
- io_uring: fix possible deadlock in io_register_iowq_max_workers()
(CVE-2024-41080)
- mm: krealloc: Fix MTE false alarm in __do_krealloc (CVE-2024-53097)
- 9p: fix slab cache name creation for real
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.231
- [arm64] dts: allwinner: pinephone: Add mount matrix to accelerometer
- media: i2c: tc358743: Fix crash in the probe error path when using
polling (CVE-2024-56576)
- media: ts2020: fix null-ptr-deref in ts2020_probe() (CVE-2024-56574)
- [arm64] media: venus: Fix pm_runtime_set_suspended() with runtime pm
enabled
- media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate()
- media: uvcvideo: Stop stream during unregister
- ovl: Filter invalid inodes with missing lookup function (CVE-2024-56570)
- ftrace: Fix regression with module command in stack_trace_filter
(CVE-2024-56569)
- netlink: terminate outstanding dump on socket close (CVE-2024-53140)
- net/mlx5: fs, lock FTE when checking if active (CVE-2024-53121)
- net/mlx5e: kTLS, Fix incorrect page refcounting (CVE-2024-53138)
- [x86] mm: Fix a kdump kernel failure on SME system when
CONFIG_IMA_KEXEC=y
- ocfs2: uncache inode which has failed entering the group (CVE-2024-53112)
- [x86] KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind
CONFIG_BROKEN (CVE-2024-53135)
- nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint
(CVE-2024-53131)
- ocfs2: fix UBSAN warning in ocfs2_verify_volume()
- nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint
(CVE-2024-53130)
- [arm*] Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than
4K" (CVE-2024-53127) (regression in 5.10.226)
- mmc: core: fix return value check in devm_mmc_alloc_host()
- NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point
- NFSD: Async COPY result needs to return a write verifier
- NFSD: Limit the number of concurrent async COPY operations
(CVE-2024-49974)
- NFSD: Initialize struct nfsd4_copy earlier
- NFSD: Never decrement pending_async_copies on error
- mm: revert "mm: shmem: fix data-race in shmem_getattr()" (CVE-2024-53136)
- mm: avoid unsafe VMA hook invocation when error arises on mmap hook
- mm: unconditionally close VMAs on error
- mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling
- mm: resolve faulty mmap_region() error path behaviour (CVE-2024-53096)
- [x86] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10
tablet
- mac80211: fix user-power when emulating chanctx
- [x86] ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13
- net: usb: qmi_wwan: add Quectel RG650V
- [arm*] regulator: rk808: Add apply_bit for BUCK3 on RK809
- [armhf] ASoC: stm: Prevent potential division by zero in
stm32_sai_mclk_round_rate()
- [armhf] ASoC: stm: Prevent potential division by zero in
stm32_sai_get_clk_div()
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width
- ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry
- ipmr: Fix access to mfc_cache_list without lock held
- rcu-tasks: Idle tasks on offline CPUs are in quiescent states
- cifs: Fix buffer overflow when parsing NFS reparse points
(CVE-2024-49996)
- nvme: fix metadata handling in nvme-passthrough
- [x86] barrier: Do not serialize MSR accesses on AMD
- [x86] xen/pvh: Annotate indirect branch as safe
- initramfs: avoid filename buffer overrun (CVE-2024-53142)
- nvme-pci: fix freeing of the HMB descriptor table (CVE-2024-56756)
- [arm64] fix .data.rel.ro size assertion when CONFIG_LTO_CLANG
- [arm64] acpi/arm64: Adjust error handling procedure in
gtdt_parse_timer_block()
- hfsplus: don't query the device logical block size multiple times
(CVE-2024-56548)
- [arm64] crypto: caam - Fix the pointer passed to caam_qi_shutdown()
(CVE-2024-56754)
- [arm64] EDAC/bluefield: Fix potential integer overflow (CVE-2024-53161)
- crypto: pcrypt - Call crypto layer directly when padata_do_parallel()
return -EBUSY (CVE-2024-56690)
- [arm64] crypto: cavium - Fix the if condition to exit loop after timeout
- [arm64] crypto: caam - add error check to caam_rsa_set_priv_key_form
- [arm*] crypto: bcm - add error check in the ahash_hmac_init function
(CVE-2024-56681)
- [arm64] crypto: cavium - Fix an error handling path in
cpt_ucode_load_fw()
- time: Fix references to _msecs_to_jiffies() handling of values
- [armhf] soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq()
- [arm*] soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
(CVE-2024-53158)
- [arm*] mmc: mmc_spi: drop buggy snprintf()
- tpm: fix signed/unsigned bug when checking event logs
- Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline"
- cgroup/bpf: only cgroup v2 can be attached by bpf programs
- [armhf] pwm: imx27: Workaround of the pwm output bug when decrease the
duty cycle
- [armhf] dts: cubieboard4: Fix DCDC5 regulator constraints
- [arm*] firmware: arm_scpi: Check the DVFS OPP count returned by the
firmware (CVE-2024-53157)
- [x86] media: atomisp: Add check for rgby_data memory allocation failure
(CVE-2024-56705)
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
(CVE-2024-53156)
- [armhf] drm/omap: Fix locking in omap_gem_new_dmabuf()
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq()
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq()
- [armhf] drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq()
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2
- xfrm: rename xfrm_state_offload struct to allow reuse
- xfrm: store and rely on direction to construct offload flags
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_config_scan() (CVE-2024-56539)
- [arm64] octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c
(CVE-2024-56728)
- [arm*] drm/panfrost: Remove unused id_mask from struct panfrost_model
- [arm64] drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq()
- [armhf] drm/etnaviv: rework linear window offset calculation
- [armhf] drm/etnaviv: Request pages from DMA32 zone on addressing_limited
- [armhf] drm/etnaviv: dump: fix sparse warnings
- [armhf] drm/etnaviv: fix power register offset on GC300
- [armhf] drm/etnaviv: hold GPU lock across perfmon sampling
- [arm64] drm/msm/dpu: cast crtc_clk calculation to u64 in
_dpu_core_perf_calc_clk()
- netlink: typographical error in nlmsg_type constants definition
- bpf, sockmap: Several fixes to bpf_msg_push_data
- bpf, sockmap: Several fixes to bpf_msg_pop_data (CVE-2024-56720)
- bpf, sockmap: Fix sk_msg_reset_curr
- [amd64] drm/amdkfd: Fix wrong usage of INIT_WORK()
- ALSA: usx2y: Fix spaces
- ALSA: usx2y: Coding style fixes
- ALSA: usx2y: Cleanup probe and disconnect callbacks
- ALSA: usx2y: Use snd_card_free_when_closed() at disconnection
(CVE-2024-56533)
- ALSA: us122l: Use snd_card_free_when_closed() at disconnection
(CVE-2024-56532)
- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
(CVE-2024-56531)
- ALSA: 6fire: Release resources at card release (CVE-2024-53239)
- driver core: Introduce device_find_any_child() helper
- Bluetooth: fix use-after-free in device_for_each_child() (CVE-2024-53237)
- netpoll: Use rcu_access_pointer() in netpoll_poll_lock
- trace/trace_event_perf: remove duplicate samples on the first tracepoint
event
- [armhf] mfd: da9052-spi: Change read-mask to write-mask
- [x86] mfd: intel_soc_pmic_bxtwc: Use dev_err_probe()
- [x86] mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device
(CVE-2024-56691)
- [x86] mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device
(CVE-2024-56724)
- [x86] mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices
(CVE-2024-56723)
- scsi: bfa: Fix use-after-free in bfad_im_module_exit() (CVE-2024-53227)
- scsi: fusion: Remove unused variable 'rc'
- scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()
(CVE-2024-56748)
- scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()
(CVE-2024-56747)
- [arm64] RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()
(CVE-2024-53226)
- ocfs2: fix uninitialized value in ocfs2_file_read_iter() (CVE-2024-53155)
- perf cs-etm: Don't flush when packet_queue fills up
- perf probe: Fix libdw memory leak
- perf probe: Correct demangled symbols in C++ program
- [i386] PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads
- [i386] PCI: cpqphp: Fix PCIBIOS_* return value confusion
- f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block
- f2fs: avoid using native allocate_segment_by_default()
- f2fs: remove struct segment_allocation default_salloc_ops
- f2fs: open code allocate_segment_by_default
- f2fs: remove the unused flush argument to change_curseg
- f2fs: check curseg->inited before write_sum_page in change_curseg
- perf trace: avoid garbage when not printing a trace event's arguments
- perf trace: Do not lose last events in a race
- perf trace: Avoid garbage when not printing a syscall's arguments
- [arm64] rpmsg: glink: Add TX_DATA_CONT command while sending
- [arm64] rpmsg: glink: Send READ_NOTIFY command in FIFO full case
- [arm64] rpmsg: glink: Fix GLINK command prefix
- [arm64] rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name
length
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
(CVE-2024-53217)
- NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir()
- NFSD: Fix nfsd4_shutdown_copy()
- vfio/pci: Properly hide first-in-list PCIe extended capability
(CVE-2024-53214)
- power: supply: core: Remove might_sleep() from power_supply_put()
- power: supply: bq27xxx: Support CHARGE_NOW for bq27z561/bq28z610/bq34z100
- power: supply: bq27xxx: Fix registers of bq27426
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device
- tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL
configuration
- [armhf] net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken
- net: introduce a netdev feature for UDP GRO forwarding
- bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down
- ipmr: convert /proc handlers to rcu_read_lock()
- ipmr: fix tables suspicious RCU usage
- iio: light: al3010: Fix an error handling path in al3010_probe()
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read()
- usb: yurex: make waiting on yurex_write interruptible
- USB: chaoskey: fail open after removal
- USB: chaoskey: Fix possible deadlock chaoskey_list_lock
- misc: apds990x: Fix missing pm_runtime_disable()
- ALSA: hda/realtek - Add type for ALC287
- ALSA: hda/realtek: Update ALC256 depop procedure
- apparmor: fix 'Do simple duplicate message elimination'
- xen: Fix the issue of resource not being properly released in
xenbus_dev_probe() (CVE-2024-53198)
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox
devices (CVE-2024-53197)
- ext4: supress data-race warnings in ext4_free_inodes_{count,set}()
- ext4: fix FS_IOC_GETFSMAP handling
- jfs: xattr: check invalid xattr size more strictly
- ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata()
- [x86] perf/x86/intel/pt: Fix buffer full but size is 0 case
- [amd64] crypto: x86/aegis128 - access 32-bit arguments as 32-bit
- [arm64] KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow
status
- PCI: Fix use-after-free of slot->bus on hot remove (CVE-2024-53194)
- fsnotify: fix sending inotify event with unexpected filename
- [x86] comedi: Flush partial mappings in error case (CVE-2024-53148)
- tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler
- exfat: fix uninit-value in __exfat_get_dentry_set
- Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}()
- driver core: bus: Fix double free in driver API bus_register()
(CVE-2024-50055)
- Revert "usb: gadget: composite: fix OS descriptors w_value logic"
(regression in 5.10.217)
- netfilter: ipset: add missing range check in bitmap_ip_uadt
(CVE-2024-53141)
- spi: Fix acpi deferred irq probe
- [arm64] platform/chrome: cros_ec_typec: fix missing fwnode reference
decrement
- ubi: wl: Put source PEB into correct list if trying locking LEB failed
- [um] ubd: Do not use drvdata in release (CVE-2024-53184)
- [um] net: Do not use drvdata in release (CVE-2024-53183)
- [um] vector: Do not use drvdata in release (CVE-2024-53181)
- [arm64] tls: Fix context-switching of tpidrro_el0 when kpti is enabled
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding
- HID: wacom: Interpret tilt data from Intuos Pro BT as signed values
- [armhf] media: wl128x: Fix atomicity violation in fmc_send_cmd()
(CVE-2024-56700)
- media: v4l2-core: v4l2-dv-timings: check cvt/gtf result
- ALSA: hda/realtek: Update ALC225 depop procedure
- ALSA: hda/realtek: Set PCBeep to default value for ALC274
- [x86] ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4
Max
- [x86] ALSA: hda/realtek: Apply quirk for Medion E15433
- [arm*] usb: dwc3: gadget: Fix checking for number of TRBs left
- [arm*] usb: dwc3: gadget: Fix looping of queued SG entries
(CVE-2024-56698)
- lib: string_helpers: silence snprintf() output truncation warning
- NFSD: Prevent a potential integer overflow (CVE-2024-53146)
- SUNRPC: make sure cache entry active before cache_show (CVE-2024-53174)
- [arm64] rpmsg: glink: Propagate TX failures in intentless mode as well
- [um] Fix potential integer overflow during physmem setup
(CVE-2024-53145)
- NFSv4.0: Fix a use-after-free problem in the asynchronous open()
(CVE-2024-53173)
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work()
(CVE-2024-56739)
- ubifs: Correct the total block count by deducting journal reservation
- ubi: fastmap: Fix duplicate slab cache names while attaching
(CVE-2024-53172)
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit
(CVE-2024-53171)
- jffs2: fix use of uninitialized variable
- block: return unsigned int from bdev_io_min
- 9p/xen: fix init sequence
- 9p/xen: fix release of IRQ (CVE-2024-56704)
- nfs: ignore SB_RDONLY when mounting nfs
- SUNRPC: correct error code comment in xs_tcp_setup_socket()
- SUNRPC: Convert rpc_client refcount to use refcount_t
- sunrpc: remove unnecessary test in rpc_task_set_client()
- SUNRPC: Replace internal use of SOCKWQ_ASYNC_NOSPACE
- sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (CVE-2024-56688)
- quota: flush quota_release_work upon quota writeback (CVE-2024-56780)
- btrfs: ref-verify: fix use-after-free after invalid ref action
(CVE-2024-56581)
- ad7780: fix division by zero in ad7780_write_raw() (CVE-2024-56567)
- util_macros.h: fix/rework find_closest() macros
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()
(CVE-2024-56562)
- dm thin: Add missing destroy_work_on_stack()
- nfsd: make sure exp active before svc_export_show (CVE-2024-56558)
- nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur
(CVE-2024-56779)
- btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in
walk_down_proc() (CVE-2024-46841)
- [armhf] drm/etnaviv: flush shader L1 cache after user commandstream
- [x86] iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
- [armhf] can: sun4i_can: sun4i_can_err(): call can_change_state() even if
cf is NULL
- [armhf] can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
- ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
(CVE-2024-53680)
- netfilter: x_tables: fix LED ID check in led_tg_check() (CVE-2024-56650)
- ptp: Add error handling for adjfine callback in ptp_clock_adjtime
- net/sched: tbf: correct backlog statistic for GSO packets
- net: hsr: avoid potential out-of-bound access in fill_frame_info()
(CVE-2024-56648)
- can: j1939: j1939_session_new(): fix skb reference counting
(CVE-2024-56645)
- net/ipv6: release expired exception dst cached in socket (CVE-2024-56644)
- dccp: Fix memory leak in dccp_feat_change_recv (CVE-2024-56643)
- tipc: Fix use-after-free of kernel socket in cleanup_bearer().
(CVE-2024-56642)
- net/qed: allow old cards not supporting "num_images" to work
- igb: Fix potential invalid memory access in igb_init_module()
(CVE-2024-52332)
- net: sched: fix erspan_opt settings in cls_flower
- netfilter: ipset: Hold module reference while requesting a module
(CVE-2024-56637)
- netfilter: nft_set_hash: skip duplicated elements pending gc run
- ethtool: Fix wrong mod state in case of verbose and no_mask bitset
- geneve: do not assume mac header is set in geneve_xmit_skb()
(CVE-2024-56636)
- gpio: grgpio: Add NULL check in grgpio_probe (CVE-2024-56634)
- tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg
(CVE-2024-56633)
- ocfs2: free inode when ocfs2_get_init_inode() fails (CVE-2024-56630)
- bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie
- bpf: Fix exact match conditions in trie_get_next_key()
- HID: wacom: fix when get product name maybe null pointer (CVE-2024-56629)
- tracing: Fix cmp_entries_dup() to respect sort() comparison rules
- [arm64] ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL
(CVE-2024-57874)
- ALSA: usb-audio: add mixer mapping for Corsair HS80
- [x86] ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8
- [x86] ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360
(NP730QFG)
- scsi: qla2xxx: Fix NVMe and NPIV connect issue
- scsi: qla2xxx: Supported speed displayed incorrectly for VPorts
- scsi: qla2xxx: Fix use after free on unload (CVE-2024-56623)
- scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
(CVE-2024-56619)
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again
(CVE-2024-48881) (regression in 5.10.188)
- bpf: fix OOB devmap writes when deleting elements (CVE-2024-56615)
- dma-buf: fix dma_fence_array_signaled v4
- regmap: detach regmap from dev on regmap_exit
- [x86] mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla
10 tablet
- mmc: core: Further prevent card detect during shutdown
- ocfs2: update seq_file index in ocfs2_dlm_seq_next
- [arm*] iommu/arm-smmu: Defer probe of clients after smmu device bound
(CVE-2024-56568)
- btrfs: avoid unnecessary device path update for the same device
- kcsan: Turn report_filterlist_lock into a raw_spinlock (CVE-2024-56610)
- media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera
- media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108
- [arm*] drm/vc4: hvs: Set AXI panic modes for the HVS
- drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model
- drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check()
- r8169: don't apply UDP padding quirk on RTL8126A
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate()
- af_packet: avoid erroring out after sock_init_data() in packet_create()
(CVE-2024-56606)
- Bluetooth: L2CAP: do not leave dangling sk pointer on error in
l2cap_sock_create() (CVE-2024-56605)
- net: af_can: do not leave a dangling sk pointer in can_create()
(CVE-2024-56603)
- net: ieee802154: do not leave a dangling sk pointer in
ieee802154_create() (CVE-2024-56602)
- net: inet: do not leave a dangling sk pointer in inet_create()
(CVE-2024-56601)
- net: inet6: do not leave a dangling sk pointer in inet6_create()
(CVE-2024-56600)
- wifi: ath5k: add PCI ID for SX76X
- wifi: ath5k: add PCI ID for Arcadyan devices
- drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr
- dma-debug: fix a possible deadlock on radix_lock (CVE-2024-47143)
- jfs: array-index-out-of-bounds fix in dtReadFirst (CVE-2024-56598)
- jfs: fix shift-out-of-bounds in dbSplit (CVE-2024-56597)
- jfs: fix array-index-out-of-bounds in jfs_readdir (CVE-2024-56596)
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
(CVE-2024-56595)
- drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov
- drm/amdgpu: set the right AMDGPU sg segment limitation (CVE-2024-56594)
- wifi: ipw2x00: libipw_rx_any(): fix bad alignment
- wifi: brcmfmac: Fix oops due to NULL pointer dereference in
brcmf_sdiod_sglist_rw() (CVE-2024-56593)
- Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables
- ASoC: hdmi-codec: reorder channel allocation list
- net/neighbor: clear error in case strict check is not set
- netpoll: Use rcu_access_pointer() in __netpoll_setup
- tracing: Use atomic64_inc_return() in trace_clock_counter()
- [arm64] scsi: hisi_sas: Add cond_resched() for no forced preemption model
(CVE-2024-56589)
- leds: class: Protect brightness_show() with led_cdev->led_access mutex
(CVE-2024-56587)
- scsi: st: Don't modify unknown block number in MTIOCGET
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset
- [arm64] pinctrl: qcom-pmic-gpio: add support for PM8937
- nvdimm: rectify the illogical code within nd_dax_probe()
- f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.
(CVE-2024-56586)
- PCI: Add 'reset_subordinate' to reset hierarchy below bridge
- PCI: Add ACS quirk for Wangxun FF5xxx NICs
- i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to
avoid deadlock (CVE-2024-43098)
- [arm*] usb: chipidea: udc: handle USB Error Interrupt if IOC not set
- misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle
- sched/core: Remove the unnecessary need_resched() check in
nohz_csd_func()
- sched/fair: Remove update of blocked load from newidle_balance
- sched/fair: Remove unused parameter of update_nohz_stats
- sched/fair: Merge for each idle cpu loop of ILB
- sched/fair: Trigger the update of blocked load on newly idle cpu
- sched/fair: Add NOHZ balancer flag for nohz.next_balance updates
- sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU
turning busy
- sched/core: Prevent wakeup of ksoftirqd during idle load balance
- btrfs: fix missing snapshot drew unlock when root is dead during swap
activation
- [arm64] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*
- [arm64] KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device
- [arm64] KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE
- jffs2: Prevent rtime decompress memory corruption (CVE-2024-57850)
- jffs2: Fix rtime decompressor
- drm/amd/display: Check BIOS images before it is used (CVE-2024-46809)
- modpost: Add .irqentry.text to OTHER_SECTIONS
- scsi: sd: Fix sd_do_mode_sense() buffer length handling
- scsi: core: Fix scsi_mode_select() buffer length handling
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources
(CVE-2024-53150)
- media: uvcvideo: Require entities to have a non-zero unique ID
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.232
- tcp: check space before adding MPTCP SYN options
- [armhf] ata: sata_highbank: fix OF node reference leak in
highbank_initialize_phys()
- [arm*] usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature
- usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to
accessing null pointer (CVE-2024-56670)
- xfs: don't drop errno values when we fail to ficlone the entire range
- xfs: fix scrub tracepoints when inode-rooted btrees are involved
- bpf, sockmap: Fix update element with same
- virtio/vsock: Fix accept_queue memory leak (CVE-2024-53119)
- exfat: fix potential deadlock on __exfat_get_dentry_set (CVE-2024-42315)
- [amd64,arm64] acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl
(CVE-2024-56662)
- batman-adv: Do not send uninitialized TT changes
- batman-adv: Remove uninitialized data in full table TT response
- batman-adv: Do not let TT changes list grows indefinitely
- tipc: fix NULL deref in cleanup_bearer() (CVE-2024-56661)
- [x86] net: lapb: increase LAPB_HEADER_LEN (CVE-2024-56659)
- ACPI: resource: Fix memory resource type union access
- cxgb4: use port number to set mac addr
- net/sched: netem: account for backlog updates from child qdisc
(CVE-2024-56770)
- net: bonding, dummy, ifb, team: advertise NETIF_F_GSO_SOFTWARE
- bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
- team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
- ACPICA: events/evxfregn: don't release the ContextMutex that was never
acquired
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights()
- bpf: sync_linked_regs() must preserve subreg_def (CVE-2024-53125)
- tracing/kprobes: Skip symbol counting logic for module symbols in
create_local_trace_kprobe()
- [x86] drm/i915: Fix memory leak by correcting cache object name in error
handler
- xen/netfront: fix crash when removing device (CVE-2024-53240)
- [x86] make get_cpu_vendor() accessible from Xen code
- [x86] objtool/x86: allow syscall instruction
- [x86] static-call: provide a way to do very early static-call updates
- [x86] xen: don't do PV iret hypercall through hypercall page
(CVE-2024-53241)
- [x86] xen: add central hypercall functions
- [x86] xen: use new hypercall functions instead of hypercall page
- [x86] xen: remove hypercall page (CVE-2024-53241)
- ALSA: usb-audio: Fix a DMA to stack memory bug
- [i386] static-call: fix 32-bit build
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.233
- net: sched: fix ordering of qlen adjustment (CVE-2024-53164)
- PCI/AER: Disable AER service on suspend
- ALSA: usb: Fix UBSAN warning in parse_audio_unit()
- PCI: Add ACS quirk for Broadcom BCM5760X NIC
- [arm*] usb: dwc2: gadget: Don't write invalid mapped sg entries into
dma_desc with iommu enabled
- erofs: fix order >= MAX_ORDER warning due to crafted negative i_size
- erofs: fix incorrect symlink detection in fast symlink
- net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll
- net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving
proposal msg
- net/smc: check return value of sock_recvmsg when draining clc data
(CVE-2024-57791)
- netdevsim: prevent bad user input in nsim_dev_health_break_write()
(CVE-2024-56716)
- net: hinic: Fix cleanup in create_rxqs/txqs()
- netfilter: ipset: Fix for recursive locking warning
- [arm*] mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC
quirk
- efivarfs: Fix error on non-existent file
- USB: serial: option: add TCL IK512 MBIM & ECM
- USB: serial: option: add MeiG Smart SLM770A
- USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready
- USB: serial: option: add MediaTek T7XX compositions
- USB: serial: option: add Telit
FE910C04 rmnet compositions
- zram: refuse to use zero sized block device as backing device
- btrfs: tree-checker: reject inline extent items with 0 ref count
- [x86] Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet
(CVE-2024-55916)
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget
- of/irq: Fix using uninitialized variable @addr_len in API of
_irq_parse_one()
- nilfs2: prevent use of deleted inode (CVE-2024-53690)
- of: Fix error path in of_parse_phandle_with_args_map()
- of: Fix refcount leakage for OF node returned by __of_get_dma_parent()
- ceph: validate snapdirname option length when mounting
- epoll: Add synchronous wakeup support for ep_poll_callback
- media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
(CVE-2024-56769)
- tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress()
- bpf: Check negative offsets in __bpf_skb_min_len()
- nfsd: restore callback functionality for NFSv4.0
- [x86] mtd: diskonchip: Cast an operand to prevent potential overflow
- phy: core: Fix an OF node refcount leakage in _of_phy_get()
- phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup()
- phy: core: Fix that API devm_phy_put() fails to release the phy
- phy: core: Fix that API devm_of_phy_provider_unregister() fails to
unregister the phy provider
- phy: core: Fix that API devm_phy_destroy() fails to destroy the phy
- [arm*] dmaengine: mv_xor: fix child node refcount handling in early exit
- [armhf] dmaengine: at_xdmac: avoid null_prt_deref in
at_xdmac_prep_dma_memset (CVE-2024-56767)
- [armhf] mtd: rawnand: fix double free in atmel_pmecc_create_user()
(CVE-2024-56766)
- tracing/kprobe: Make trace_kprobe's module callback called after
jump_label update
- [x86] watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04
- [x86] scsi: qla1280: Fix hw revision numbering for ISP1020/1040
- scsi: megaraid_sas: Fix for a potential deadlock (CVE-2024-57807)
- ALSA: hda/conexant: fix Z60MR100 startup pop issue
- regmap: Use correct format specifier for logging range errors
- [x86] platform/x86: asus-nb-wmi: Ignore unknown event 0xCF
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver
load time
- [x86] scsi: storvsc: Do not flag MAINTENANCE_IN return of
SRB_STATUS_DATA_OVERRUN as an error
- virtio-blk: don't keep queue frozen during system suspend
(CVE-2024-57946)
- skbuff: introduce skb_expand_head()
- ipv6: use skb_expand_head in ip6_finish_output2
- ipv6: use skb_expand_head in ip6_xmit
- ipv6: fix possible UAF in ip6_finish_output2()
- bpf: Check validity of link->type in bpf_link_show_fdinfo()
(CVE-2024-53099)
- bpf: fix recursive lock when verdict program return SK_PASS
(CVE-2024-56694)
- drm/dp_mst: Fix MST sideband message body length check (CVE-2024-56616)
- [arm64] mm: Rename asid2idx() to ctxid2asid()
- [arm64] Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit
ASIDs
- [arm*] power: supply: gpio-charger: Fix set charge current limits
(CVE-2024-57792)
- btrfs: avoid monopolizing a core when activating a swap file
- nfsd: cancel nfsd_shrinker_work using sync mode in
nfs4_state_shutdown_net (CVE-2024-50121)
- skb_expand_head() adjust skb->truesize incorrectly
- ipv6: prevent possible UAF in ip6_xmit()
- [x86] hyperv: Fix hv tsc page based sched_clock for hibernation
- selinux: ignore unknown extended permissions (CVE-2024-57931)
- [x86] thunderbolt: Add support for Intel Alder Lake
- [x86] thunderbolt: Add support for Intel Raptor Lake
- [x86] thunderbolt: Add support for Intel Meteor Lake
- [x86] thunderbolt: Add Intel Barlow Ridge PCI ID
- [x86] thunderbolt: Add support for Intel Lunar Lake
- [x86] thunderbolt: Add support for Intel Panther Lake-M/P
- RDMA/mlx5: Enforce same type port association for multiport RoCE
- [arm64] drm/bridge: adv7511_audio: Update Audio InfoFrame properly
- netrom: check buffer length before accessing it (CVE-2024-57802)
- netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
(CVE-2024-54031)
- net: llc: reset skb->transport_header
- ALSA: usb-audio: US16x08: Initialize array before use
- RDMA/rtrs: Ensure 'ib_sge list' is accessible (CVE-2024-36476)
- af_packet: fix vlan_get_tci() vs MSG_PEEK (CVE-2024-57902)
- af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (CVE-2024-57901)
- ila: serialize calls to nf_register_net_hooks() (CVE-2024-57900)
- [x86] dmaengine: dw: Select only supported masters for ACPI devices
- btrfs: switch extent buffer tree lock to rw_semaphore
- btrfs: locking: remove all the blocking helpers
- btrfs: rename and export __btrfs_cow_block()
- btrfs: fix use-after-free when COWing tree bock and tracing is enabled
(CVE-2024-56759)
- kernel: Initialize cpumask before parsing
- tracing: Prevent bad count for tracing_cpumask_write (CVE-2024-56763)
- wifi: mac80211: wake the queues in case of failure in resume
- btrfs: flush delalloc workers queue before stopping cleaner kthread
during unmount (CVE-2024-57896)
- sound: usb: format: don't warn that raw DSD is unsupported
- bpf: fix potential error return
- net: usb: qmi_wwan: add Telit
FE910C04 compositions
- [arm*] irqchip/gic: Correct declaration of *percpu_base pointer in union
gic_base
- btrfs: locking: remove the recursion handling code
- btrfs: don't set lock_owner when locking extent buffer for reading
- modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host
- modpost: fix the missed iteration for the max bit in do_input()
- RDMA/uverbs: Prevent integer overflow issue (CVE-2024-57890)
- [armhf] pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap
locking (CVE-2024-57889)
- sky2: Add device ID 11ab:4373 for Marvell
88E8075
- net/sctp: Prevent autoclose integer overflow in sctp_association_init()
(CVE-2024-57938)
- [arm64] drm: adv7511: Drop dsi single lane support
- mm: vmscan: account for free pages to prevent infinite Loop in
throttle_direct_reclaim() (CVE-2024-57884)
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.234
- ceph: give up on paths longer than PATH_MAX (CVE-2024-53685)
- jbd2: flush filesystem device before updating tail sequence
- dm array: fix releasing a faulty array block twice in dm_array_cursor_end
(CVE-2024-57929)
- dm array: fix unreleased btree blocks on closing a faulty array cursor
- dm array: fix cursor index when skipping across block boundaries
- exfat: fix the infinite loop in exfat_readdir() (CVE-2024-57940)
- netfilter: nft_dynset: honor stateful expressions in set definition
- ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe()
- net: 802: LLC+SNAP OID:PID lookup on start of skb data
- tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
- tcp/dccp: allow a connection when sk_max_ack_backlog is zero
- net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (CVE-2025-21653)
- cxgb4: Avoid removal of uninserted tid
- netfilter: nf_tables: imbalance in flowtable binding
- netfilter: conntrack: clamp maximum hashtable size to INT_MAX
(CVE-2025-21648)
- afs: Fix the maximum cell name length (CVE-2025-21646)
- dm thin: make get_first_thin use rcu-safe list first function
(CVE-2025-21664)
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
(CVE-2025-21640)
- sctp: sysctl: auth_enable: avoid using current->nsproxy (CVE-2025-21638)
- drm/amd/display: Add check for granularity in dml ceil/floor helpers
(CVE-2024-57922)
- [x86] ACPI: resource: Add TongFang GM5HG0A to
irq1_edge_low_force_override[]
- [x86] ACPI: resource: Add Asus Vivobook X1504VAP to
irq1_level_low_skip_override[]
- drm/amd/display: increase MAX_SURFACES to the value supported by hw
- scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and
transitivity
- md/raid5: fix atomicity violation in raid5_cache_count
- USB: serial: option: add MeiG Smart SRM815
- USB: serial: option: add Neoway N723-EA support
- usb-storage: Add max sectors quirk for Nokia 208
- USB: serial: cp210x: add Phoenix Contact UPS Device
- [arm*] usb: dwc3: gadget: fix writing NYET threshold
- USB: usblp: return error when setting unsupported protocol
- USB: core: Disable LPM only for non-suspended ports
- usb: fix reference leak in usb_new_device()
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (CVE-2024-57913)
- iio: pressure: zpa2326: fix information leak in triggered buffer
(CVE-2024-57912)
- iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered
buffer (CVE-2024-57911)
- iio: light: vcnl4035: fix information leak in triggered buffer
(CVE-2024-57910)
- iio: imu: kmx61: fix information leak in triggered buffer
(CVE-2024-57908)
- iio: adc: ti-ads8688: fix information leak in triggered buffer
(CVE-2024-57906)
- iio: gyro: fxas21002c: Fix missing data update in trigger handler
- iio: adc: at91: call input_free_device() on allocated iio_dev
(CVE-2024-57904)
- iio: inkern: call iio_device_put() only on mapped devices
- [arm64] dts: rockchip: add #power-domain-cells to power domain nodes
- [arm64] dts: rockchip: add hevc power domain clock to rk3328
- loop: let set_capacity_revalidate_and_notify update the bdev size
- nvme: let set_capacity_revalidate_and_notify update the bdev size
- sd: update the bdev size in sd_revalidate_disk
- block: remove the update_bdev parameter to
set_capacity_revalidate_and_notify
- ocfs2: correct return value of ocfs2_local_free_info()
- ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
(CVE-2024-57892)
- [arm64] drm: bridge: adv7511: Remove redundant null check before
clk_disable_unprepare
- drm/mipi-dsi: Create devm device registration
- drm/mipi-dsi: Create devm device attachment
- [arm64] drm/bridge: adv7533: Switch to devm MIPI-DSI helpers
- [arm64] drm: bridge: adv7511: unregister cec i2c device after cec adapter
- [arm64] drm: bridge: adv7511: use dev_err_probe in probe function
- [arm64] drm: adv7511: Fix use-after-free in adv7533_attach_dsi()
(CVE-2024-57887)
- sctp: sysctl: rto_min/max: avoid using current->nsproxy (CVE-2025-21639)
- [armhf] net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
- bpf: Fix bpf_sk_select_reuseport() memory leak (CVE-2025-21683)
- net: net_namespace: Optimize the code
- net: add exit_batch_rtnl() method
- gtp: use exit_batch_rtnl() method
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
- gtp: Destroy device along with udp socket's netns dismantle.
(CVE-2025-21678)
- nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
- net/mlx5: Add priorities for counters in RDMA namespaces
- net/mlx5: Refactor mlx5_get_flow_namespace
- net/mlx5: Fix RDMA TX steering prio
- [armhf] drm/v3d: Ensure job pointer is set to NULL after job completion
(CVE-2025-21697)
- mac802154: check local interfaces before deleting sdata list
(CVE-2024-57948)
- hfs: Sanity check the root record
- fs: fix missing declaration of init_files
- kheaders: Ignore silly-rename files
- poll_wait: add mb() to fix theoretical race between waitqueue_active()
and .poll()
- nvmet: propagate npwg topology
- [x86] asm: Make serialize() always_inline
- [amd64,arm64] net: ethernet: xgbe: re-add aneg to supported features in
PHY quirks
- vsock/virtio: cancel close work in the destructor
- vsock: reset socket state when de-assigning the transport
- fs/proc: fix softlockup in __read_vmcore (part 2) (CVE-2025-21694)
- gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(CVE-2024-36899)
- [arm*] irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
- hrtimers: Handle CPU state correctly on hotplug (CVE-2024-57951)
- iio: imu: inv_icm42600: fix spi burst write not supported
- iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on
- [arm*] iio: adc: rockchip_saradc: fix information leak in triggered
buffer (CVE-2024-57907)
- drm/radeon: check bo_va->bo is non-NULL before using it (CVE-2024-41060)
- vmalloc: fix accounting with i915
- [arm64] RDMA/hns: Fix deadlock on SRQ async events. (CVE-2024-38591)
- blk-cgroup: Fix UAF in blkcg_unpin_online() (CVE-2024-56672)
- ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
(CVE-2024-47707)
- nfsd: add list_head nf_gc to struct nfsd_file
- fou: remove warn in gue_gro_receive on unsupported protocol
(CVE-2024-44940)
- vsock/virtio: discard packets if the transport changes (CVE-2025-21669)
- vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
(CVE-2025-21666)
- [x86] xen: fix SLS mitigation in xen_hypercall_iret()
- scsi: sg: Fix slab-use-after-free read in sg_release() (CVE-2024-56631)
- net: fix data-races around sk->sk_forward_alloc (CVE-2024-53124)
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS
request
- [arm*] irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
(CVE-2025-21699)
- net: sched: fix ets qdisc OOB Indexing (CVE-2025-21692)
- vfio/platform: check the bounds of read/write syscalls (CVE-2025-21687)
- Bluetooth: RFCOMM: Fix not validating setsockopt user input
(CVE-2024-35966)
- ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
(CVE-2024-50304)
- wifi: iwlwifi: add a few rate index validity checks
- USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
(CVE-2025-21689)
- Input: atkbd - map F23 key to support default copilot shortcut
- [x86] Input: xpad - add unofficial Xbox 360 wireless receiver clone
- [x86] Input: xpad - add support for wooting two he (arm)
- [armhf] drm/v3d: Assign job pointer to NULL before signaling the fence
(CVE-2025-21688)
- xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals
- Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM
conditionals
[ Ben Hutchings ]
* Bump ABI to 34
* [rt] Update to 5.10.234-rt126
* perf cs-etm: Add missing variable in cs_etm__process_queues()
* xen: Fix regressions in 5.10.227 and 5.10.232:
- [x86] xen: fix xen_hypercall_hvm() to not clobber %rbx
- [x86] xen: add FRAME_END to xen_hypercall_hvm()
- [x86] static-call: Remove early_boot_irqs_disabled check to fix Xen PVH
dom0
- Revert "xen/swiotlb: add alignment check for dma buffers"
* netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (regression in
5.10.232)
* Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (regression
in 5.10.231)
* ALSA: hda/realtek: Fixup ALC225 depop procedure (regression in 5.10.231)
* gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
(regression in 5.10.234)
[ Salvatore Bonaccoros ]
* d/salsa-ci.yml: Suppress aliased-location lintian errors
* debian/salsa-ci.yml: Include run of .build-after-script from common
pipeline.
* debian/salsa-ci.yml: Reference .build-after-script from after_script
section
[dgit import unpatched linux 5.10.234-1]
projects / linux.git / log