Accepted linux-signed-amd64 5.10.251+1 (source) into oldoldstable-security

Fri, 13 Mar 2026 04:00:57 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 09 Mar 2026 12:26:03 +0100
Source: linux-signed-amd64
Architecture: source
Version: 5.10.251+1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Kernel Team <[email protected]>
Changed-By: Ben Hutchings <[email protected]>
Changes:
 linux-signed-amd64 (5.10.251+1) bullseye-security; urgency=high
 .
   * Sign kernel from linux 5.10.251-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.250
     - rbd: check for EOD after exclusive lock is ensured to be held
     - KVM: Don't clobber irqfd routing type when deassigning irqfd
       (CVE-2026-23198)
     - netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
       (CVE-2025-38201)
     - binderfs: fix ida_alloc_max() upper bound
     - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined
       (CVE-2025-71224)
     - wifi: wlcore: ensure skb headroom before skb_push (CVE-2025-71222)
     - net: usb: sr9700: support devices with virtual driver CD
     - block,bfq: fix aux stat accumulation destination
     - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL
     - [amd64] HID: intel-ish-hid: Reset enum_devices_done before enumeration
     - [x86] ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk
     - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list
     - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101)
     - ring-buffer: Avoid softlockup in ring_buffer_resize() during memory free
     - wifi: mac80211: collect station statistics earlier when disconnect
     - wifi: cfg80211: Fix bitrate calculation overflow for HE rates
     - scsi: target: iscsi: Fix use-after-free in
       iscsit_dec_session_usage_count() (CVE-2026-23193)
     - scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
       (CVE-2026-23216)
     - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice
     - [x86] platform/x86: toshiba_haps: Fix memory leaks in add/remove routines
       (CVE-2026-23176)
     - [x86] platform/x86: intel_telemetry: Fix PSS event register mask
     - net: liquidio: Initialize netdev pointer before queue setup
     - net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup
     - net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup
     - macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209)
     - tipc: use kfree_sensitive() for session key material
     - [armhf] hwmon: (occ) Mark occ_init_attribute() as __printf
     - nvmet-tcp: add an helper to free the cmd buffers
     - nvmet-tcp: fix memory leak when performing a controller reset
     - nvmet-tcp: fix regression in data_digest calculation
     - nvmet-tcp: don't map pages which can't come from HIGHMEM
     - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
       (CVE-2026-23112)
     - [amd64] ASoC: amd: fix memory leak in acp3x pdm dma ops (CVE-2026-23190)
     - [x86] platform/x86: intel_telemetry: Fix swapped arrays in PSS output
     - gve: Fix stats report corruption on queue count change
     - tracing: Fix ftrace event field alignments
     - gve: Correct ethtool rx_dropped calculation
     - nvmet-tcp: pass iov_len instead of sg->length to bvec_set_page()
     https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.251
     - [armhf] crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists
       correctly (CVE-2026-23222)
     - crypto: virtio - Add spinlock protection with virtqueue notification
       (CVE-2026-23229)
     - nilfs2: Fix potential block overflow that cause system hang
       (CVE-2025-71237)
     - scsi: qla2xxx: Delay module unload while fabric scan in progress
       (CVE-2025-71235)
     - scsi: qla2xxx: Query FW again before proceeding with login
     - [armhf] gpio: omap: do not register driver in probe()
     - [x86] ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU
     - romfs: check sb_set_blocksize() return value (CVE-2026-23238)
     - [x86] platform/x86: classmate-laptop: Add missing NULL pointer checks
       (CVE-2026-23237)
     - gpiolib: acpi: Fix gpio count with string references
     - fs: dlm: fix invalid derefence of sb_lvbptr (CVE-2022-50516)
     - crypto: virtio - Remove duplicated virtqueue_kick in
       virtio_crypto_skcipher_crypt_req
     - scsi: qla2xxx: Validate sp before freeing associated memory
       (CVE-2025-71236)
     - scsi: qla2xxx: Free sp in error path to fix system crash (CVE-2025-71232)
     - scsi: qla2xxx: Fix bsg_done() causing double free (CVE-2025-71238)
     - fbdev: smscufx: properly copy ioctl memory to kernelspace
       (CVE-2026-23236)
     - f2fs: fix out-of-bounds access in sysfs attribute read/write
       (CVE-2026-23235)
     - f2fs: fix to avoid UAF in f2fs_write_end_io() (CVE-2026-23234)
     - USB: serial: option: add Telit FN920C04 RNDIS compositions
 .
   [ Ben Hutchings ]
   * [armhf] Revert "ARM: 9468/1: fix memset64() on big-endian"
   * ip6_tunnel: Fix usage of skb_vlan_inet_prepare() (Closes: #1127597)
   * CI: Delete support for ccache, which was removed from common pipeline
   * CI: Update build job to work after another common pipeline change
   * [rt] Update to 5.10.251-rt146
 .
   [ Salvatore Bonaccorso ]
   * apparmor: fix kernel-doc complaints
   * apparmor: Fix kernel-doc warnings in apparmor/policy.c
   * apparmor: validate DFA start states are in bounds in unpack_pdb
   * apparmor: fix memory leak in verify_header
   * apparmor: replace recursive profile removal with iterative approach
   * apparmor: fix: limit the number of levels of policy namespaces
   * apparmor: fix side-effect bug in match_char() macro usage
   * apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
   * apparmor: Fix double free of ns_name in aa_replace_profiles()
   * apparmor: fix unprivileged local user can do privileged policy management
   * apparmor: fix differential encoding verification
   * apparmor: fix race on rawdata dereference
   * apparmor: fix race between freeing data and fs accessing it
Checksums-Sha1:
 a33d6983bb47b16e55611b440363d4cd20abe99d 8001 linux-signed-amd64_5.10.251+1.dsc
 ba0b95983ba989a501c2dc86b45f500dc2621fff 633996 
linux-signed-amd64_5.10.251+1.tar.xz
Checksums-Sha256:
 638bc897f4ee5e7b62c789c9ad089b113acf9a58e88ceb4a839856687b0db1ba 8001 
linux-signed-amd64_5.10.251+1.dsc
 6efcbdc25c295264bdc5511c794e4d70cd4b59082ac76b166201f117a16f065b 633996 
linux-signed-amd64_5.10.251+1.tar.xz
Files:
 b90afa9734fb96d03080c238769c9e9b 8001 kernel optional 
linux-signed-amd64_5.10.251+1.dsc
 1962374f754b35b27fdeccd451774ee1 633996 kernel optional 
linux-signed-amd64_5.10.251+1.tar.xz

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQSInBJdRTWyTRy0ztFCTVFtUgONCgUCabPfrQAKCRBCTVFtUgON
Cus+AP4jc2XUjDuUeYjE/SYi6AgJJZeZ1khSnLuotmLIWbrkqAD5ASlH3PHwzr1v
adIp4jaz1+m2beZj6MX5xT+xOQQk3wg=
=29xC
-----END PGP SIGNATURE-----

Attachment: pgp2qhRPSJAc1.pgp
Description: PGP signature

Reply via email to