Accepted linux-signed-arm64 5.10.251+1 (source) into oldoldstable-security

Fri, 13 Mar 2026 04:01:03 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 09 Mar 2026 12:26:03 +0100
Source: linux-signed-arm64
Architecture: source
Version: 5.10.251+1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Kernel Team <[email protected]>
Changed-By: Ben Hutchings <[email protected]>
Changes:
 linux-signed-arm64 (5.10.251+1) bullseye-security; urgency=high
 .
   * Sign kernel from linux 5.10.251-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.250
     - rbd: check for EOD after exclusive lock is ensured to be held
     - KVM: Don't clobber irqfd routing type when deassigning irqfd
       (CVE-2026-23198)
     - netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
       (CVE-2025-38201)
     - binderfs: fix ida_alloc_max() upper bound
     - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined
       (CVE-2025-71224)
     - wifi: wlcore: ensure skb headroom before skb_push (CVE-2025-71222)
     - net: usb: sr9700: support devices with virtual driver CD
     - block,bfq: fix aux stat accumulation destination
     - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL
     - [amd64] HID: intel-ish-hid: Reset enum_devices_done before enumeration
     - [x86] ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk
     - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list
     - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101)
     - ring-buffer: Avoid softlockup in ring_buffer_resize() during memory free
     - wifi: mac80211: collect station statistics earlier when disconnect
     - wifi: cfg80211: Fix bitrate calculation overflow for HE rates
     - scsi: target: iscsi: Fix use-after-free in
       iscsit_dec_session_usage_count() (CVE-2026-23193)
     - scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
       (CVE-2026-23216)
     - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice
     - [x86] platform/x86: toshiba_haps: Fix memory leaks in add/remove routines
       (CVE-2026-23176)
     - [x86] platform/x86: intel_telemetry: Fix PSS event register mask
     - net: liquidio: Initialize netdev pointer before queue setup
     - net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup
     - net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup
     - macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209)
     - tipc: use kfree_sensitive() for session key material
     - [armhf] hwmon: (occ) Mark occ_init_attribute() as __printf
     - nvmet-tcp: add an helper to free the cmd buffers
     - nvmet-tcp: fix memory leak when performing a controller reset
     - nvmet-tcp: fix regression in data_digest calculation
     - nvmet-tcp: don't map pages which can't come from HIGHMEM
     - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
       (CVE-2026-23112)
     - [amd64] ASoC: amd: fix memory leak in acp3x pdm dma ops (CVE-2026-23190)
     - [x86] platform/x86: intel_telemetry: Fix swapped arrays in PSS output
     - gve: Fix stats report corruption on queue count change
     - tracing: Fix ftrace event field alignments
     - gve: Correct ethtool rx_dropped calculation
     - nvmet-tcp: pass iov_len instead of sg->length to bvec_set_page()
     https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.251
     - [armhf] crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists
       correctly (CVE-2026-23222)
     - crypto: virtio - Add spinlock protection with virtqueue notification
       (CVE-2026-23229)
     - nilfs2: Fix potential block overflow that cause system hang
       (CVE-2025-71237)
     - scsi: qla2xxx: Delay module unload while fabric scan in progress
       (CVE-2025-71235)
     - scsi: qla2xxx: Query FW again before proceeding with login
     - [armhf] gpio: omap: do not register driver in probe()
     - [x86] ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU
     - romfs: check sb_set_blocksize() return value (CVE-2026-23238)
     - [x86] platform/x86: classmate-laptop: Add missing NULL pointer checks
       (CVE-2026-23237)
     - gpiolib: acpi: Fix gpio count with string references
     - fs: dlm: fix invalid derefence of sb_lvbptr (CVE-2022-50516)
     - crypto: virtio - Remove duplicated virtqueue_kick in
       virtio_crypto_skcipher_crypt_req
     - scsi: qla2xxx: Validate sp before freeing associated memory
       (CVE-2025-71236)
     - scsi: qla2xxx: Free sp in error path to fix system crash (CVE-2025-71232)
     - scsi: qla2xxx: Fix bsg_done() causing double free (CVE-2025-71238)
     - fbdev: smscufx: properly copy ioctl memory to kernelspace
       (CVE-2026-23236)
     - f2fs: fix out-of-bounds access in sysfs attribute read/write
       (CVE-2026-23235)
     - f2fs: fix to avoid UAF in f2fs_write_end_io() (CVE-2026-23234)
     - USB: serial: option: add Telit FN920C04 RNDIS compositions
 .
   [ Ben Hutchings ]
   * [armhf] Revert "ARM: 9468/1: fix memset64() on big-endian"
   * ip6_tunnel: Fix usage of skb_vlan_inet_prepare() (Closes: #1127597)
   * CI: Delete support for ccache, which was removed from common pipeline
   * CI: Update build job to work after another common pipeline change
   * [rt] Update to 5.10.251-rt146
 .
   [ Salvatore Bonaccorso ]
   * apparmor: fix kernel-doc complaints
   * apparmor: Fix kernel-doc warnings in apparmor/policy.c
   * apparmor: validate DFA start states are in bounds in unpack_pdb
   * apparmor: fix memory leak in verify_header
   * apparmor: replace recursive profile removal with iterative approach
   * apparmor: fix: limit the number of levels of policy namespaces
   * apparmor: fix side-effect bug in match_char() macro usage
   * apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
   * apparmor: Fix double free of ns_name in aa_replace_profiles()
   * apparmor: fix unprivileged local user can do privileged policy management
   * apparmor: fix differential encoding verification
   * apparmor: fix race on rawdata dereference
   * apparmor: fix race between freeing data and fs accessing it
Checksums-Sha1:
 69f90065ab1db3379e49270fd7d36715aadadd73 6732 linux-signed-arm64_5.10.251+1.dsc
 2a51d37c5bd0e924e83615113532c4ca8758bfa9 633484 
linux-signed-arm64_5.10.251+1.tar.xz
Checksums-Sha256:
 cb5ad419745c6218a1554b0137b689cf45b67750bf9c8bc96fb96572fd28a78b 6732 
linux-signed-arm64_5.10.251+1.dsc
 05f7e724a8c9a40aa60f02697bd1767b177a67f3d2de4470c5d46b7d57564371 633484 
linux-signed-arm64_5.10.251+1.tar.xz
Files:
 ba2110d2e6fb1dbcd7eb97b27a70e99a 6732 kernel optional 
linux-signed-arm64_5.10.251+1.dsc
 a544bac548a3ffaa52537ce8bec0891f 633484 kernel optional 
linux-signed-arm64_5.10.251+1.tar.xz

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQSInBJdRTWyTRy0ztFCTVFtUgONCgUCabPREAAKCRBCTVFtUgON
Cp0HAQDpc4RUho8/NY8Xqc1/R0/tFLZ4wb9GFDe3rLZ/e4iLHQEA8gZmlWFZ2A7L
O8OkWM238CamhDV5wip3sROCSuTb+gM=
=Uu+W
-----END PGP SIGNATURE-----

Attachment: pgpFnwUJTaqdF.pgp
Description: PGP signature

Reply via email to