-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 09 Mar 2026 12:26:03 +0100 Source: linux Architecture: source Version: 5.10.251-1 Distribution: bullseye-security Urgency: high Maintainer: Debian Kernel Team <[email protected]> Changed-By: Ben Hutchings <[email protected]> Closes: 1127597 Changes: linux (5.10.251-1) bullseye-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.250 - rbd: check for EOD after exclusive lock is ensured to be held - KVM: Don't clobber irqfd routing type when deassigning irqfd (CVE-2026-23198) - netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (CVE-2025-38201) - binderfs: fix ida_alloc_max() upper bound - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined (CVE-2025-71224) - wifi: wlcore: ensure skb headroom before skb_push (CVE-2025-71222) - net: usb: sr9700: support devices with virtual driver CD - block,bfq: fix aux stat accumulation destination - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL - [amd64] HID: intel-ish-hid: Reset enum_devices_done before enumeration - [x86] ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) - ring-buffer: Avoid softlockup in ring_buffer_resize() during memory free - wifi: mac80211: collect station statistics earlier when disconnect - wifi: cfg80211: Fix bitrate calculation overflow for HE rates - scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (CVE-2026-23193) - scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (CVE-2026-23216) - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice - [x86] platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (CVE-2026-23176) - [x86] platform/x86: intel_telemetry: Fix PSS event register mask - net: liquidio: Initialize netdev pointer before queue setup - net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup - net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup - macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209) - tipc: use kfree_sensitive() for session key material - [armhf] hwmon: (occ) Mark occ_init_attribute() as __printf - nvmet-tcp: add an helper to free the cmd buffers - nvmet-tcp: fix memory leak when performing a controller reset - nvmet-tcp: fix regression in data_digest calculation - nvmet-tcp: don't map pages which can't come from HIGHMEM - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (CVE-2026-23112) - [amd64] ASoC: amd: fix memory leak in acp3x pdm dma ops (CVE-2026-23190) - [x86] platform/x86: intel_telemetry: Fix swapped arrays in PSS output - gve: Fix stats report corruption on queue count change - tracing: Fix ftrace event field alignments - gve: Correct ethtool rx_dropped calculation - nvmet-tcp: pass iov_len instead of sg->length to bvec_set_page() https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.251 - [armhf] crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly (CVE-2026-23222) - crypto: virtio - Add spinlock protection with virtqueue notification (CVE-2026-23229) - nilfs2: Fix potential block overflow that cause system hang (CVE-2025-71237) - scsi: qla2xxx: Delay module unload while fabric scan in progress (CVE-2025-71235) - scsi: qla2xxx: Query FW again before proceeding with login - [armhf] gpio: omap: do not register driver in probe() - [x86] ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU - romfs: check sb_set_blocksize() return value (CVE-2026-23238) - [x86] platform/x86: classmate-laptop: Add missing NULL pointer checks (CVE-2026-23237) - gpiolib: acpi: Fix gpio count with string references - fs: dlm: fix invalid derefence of sb_lvbptr (CVE-2022-50516) - crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req - scsi: qla2xxx: Validate sp before freeing associated memory (CVE-2025-71236) - scsi: qla2xxx: Free sp in error path to fix system crash (CVE-2025-71232) - scsi: qla2xxx: Fix bsg_done() causing double free (CVE-2025-71238) - fbdev: smscufx: properly copy ioctl memory to kernelspace (CVE-2026-23236) - f2fs: fix out-of-bounds access in sysfs attribute read/write (CVE-2026-23235) - f2fs: fix to avoid UAF in f2fs_write_end_io() (CVE-2026-23234) - USB: serial: option: add Telit FN920C04 RNDIS compositions . [ Ben Hutchings ] * [armhf] Revert "ARM: 9468/1: fix memset64() on big-endian" * ip6_tunnel: Fix usage of skb_vlan_inet_prepare() (Closes: #1127597) * CI: Delete support for ccache, which was removed from common pipeline * CI: Update build job to work after another common pipeline change * [rt] Update to 5.10.251-rt146 . [ Salvatore Bonaccorso ] * apparmor: fix kernel-doc complaints * apparmor: Fix kernel-doc warnings in apparmor/policy.c * apparmor: validate DFA start states are in bounds in unpack_pdb * apparmor: fix memory leak in verify_header * apparmor: replace recursive profile removal with iterative approach * apparmor: fix: limit the number of levels of policy namespaces * apparmor: fix side-effect bug in match_char() macro usage * apparmor: fix missing bounds check on DEFAULT table in verify_dfa() * apparmor: Fix double free of ns_name in aa_replace_profiles() * apparmor: fix unprivileged local user can do privileged policy management * apparmor: fix differential encoding verification * apparmor: fix race on rawdata dereference * apparmor: fix race between freeing data and fs accessing it Checksums-Sha1: e34cbd7e2a375272d496a1d1f515eb64519532ee 209429 linux_5.10.251-1.dsc 4eb6fc52d0275cb73f77c7303bf9751d0528a910 122143548 linux_5.10.251.orig.tar.xz d908a9078a357c3fdc2807324abadefe00b8e1e1 1794760 linux_5.10.251-1.debian.tar.xz c33b6010dbde2de54ad872d12e556db5b0451db1 6215 linux_5.10.251-1_source.buildinfo Checksums-Sha256: 99eb045af1b72195eff8865032c1612f0cae96c78b9c0622e384acc50f0a4e2e 209429 linux_5.10.251-1.dsc 706a020b79d01b7a14fe639554fcf6adcd93b81e4c3194218f5c8c523ef9a753 122143548 linux_5.10.251.orig.tar.xz 0666875fb2facc9c141d91085e6fd731064fc04327512f402c9d1d77d7d0510a 1794760 linux_5.10.251-1.debian.tar.xz 4a9c5f763391599ce7669498394ad0effd6a9c2a331ff7bc032c9e14a0dfb36c 6215 linux_5.10.251-1_source.buildinfo Files: 6800b1e31fd2fd05ccd77e7374fa5990 209429 kernel optional linux_5.10.251-1.dsc 07c0163109b8263be1918e8861498a9a 122143548 kernel optional linux_5.10.251.orig.tar.xz 44aab2e94107c7153efb6b3620f225d7 1794760 kernel optional linux_5.10.251-1.debian.tar.xz 7405ee77e36de5a06e8b9aedf9bda093 6215 kernel optional linux_5.10.251-1_source.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAmmzHpgACgkQ57/I7JWG EQnctxAAsnfIAFkK0lvdy2gVcxk+viacefDvJe1tewQ7T8GSJJMR43ak1uQ6PE/W tP9huSej6dgVA2ZWpfgQI7AuzqRuGx4wDTZ9ZvzgPrKYiH7JHL9uArYjhs3xgLwt ByL1Jhhc4WiLJN++QCUDlCz2l++7YfE7IYdchMQiGYGTv5jRre+pVzGe3vrTr/OH BPW8FUxsns8QV4LbWbhnWUHU7gc1hTsP7EsTbnd+ImQuyzw/T6N7ZY/Ci3M9IOOI VwDswwnlWuULdGyxhaRGdRPePk9eEiK6ArJXL7JE9kavrg5L/Gv09nZVylbbs8vX ApOLsbGR6FVGepgjoIBZPMAqVFLaGxqtTztICjUZh0lvi/hR1d2Lad0aSd9LPGhr rn6ZPEuIMFE8TSYL/+GMCD0B7bg0A4WaeA6LSJ4+ir8jg55VEkanUgayK0ejWsSx CrKfon2Iw4wgedqOd0oqxTEJIq68K4YYzeTfWpSIVQd+5q4BIyZazKqkb2cv58GK DgyuM2xwVHldh/H8XyeVsRtaiOM8c4RYoHg0TOVQFhId7kCCrkvENnj5kDMck/tU npOnj7sz/keAKUrwPSZQax4s6VZbixWAP+x5PtDQ8vdaSkt2cG7Vyqzn+HXfRdhg 0u6jaR5ytzMuTmd5o6ZAjrXwcaN84Hc18u1JuWLttuZYbPzWM4A= =dcdC -----END PGP SIGNATURE-----
pgp5G8NYJS5LB.pgp
Description: PGP signature
