Groups | Search | Server Info | Keyboard shortcuts | Login | Register
Groups > linux.debian.changes > #13719
| From | Debian FTP Masters <ftpmaster@ftp-master.debian.org> |
|---|---|
| Newsgroups | linux.debian.changes |
| Subject | Accepted linux-signed-amd64 6.12.86+1 (source) into proposed-updates |
| Date | 2026-05-09 10:40 +0200 |
| Message-ID | <MSLo5-3ObX-5@gated-at.bofh.it> (permalink) |
| Organization | linux.* mail to news gateway |
[Multipart message — attachments visible in raw view] - view raw
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 08 May 2026 08:54:02 +0200
Source: linux-signed-amd64
Architecture: source
Version: 6.12.86+1
Distribution: trixie-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Changes:
linux-signed-amd64 (6.12.86+1) trixie-security; urgency=high
.
* Sign kernel from linux 6.12.86-1
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.86
- ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES
- ALSA: usb-audio: Avoid false E-MU sample-rate notifications
- ALSA: usb-audio: Fix Audio Advantage Micro II SPDIF switch
- usb: xhci: Make usb_host_endpoint.hcpriv survive endpoint_disable()
- usb: chipidea: otg: not wait vbus drop if use role_switch
- usb: chipidea: core: allow ci_irq_handler() handle both ID and VBUS change
- ALSA: usb-audio: Evaluate packsize caps at the right place
- LoongArch: Add spectre boundry for syscall dispatch table
- drm/nouveau: fix u32 overflow in pushbuf reloc bounds check
- leds: qcom-lpg: Check for array overflow when selecting the high
resolution
- greybus: gb-beagleplay: bound bootloader receive buffering
- greybus: gb-beagleplay: fix sleep in atomic context in hdlc_tx_frames()
- misc: ibmasm: fix OOB MMIO read in ibmasm_handle_mouse_interrupt()
- ibmasm: fix OOB reads in command_file_write due to missing size checks
- ibmasm: fix heap over-read in ibmasm_send_i2o_message()
- driver core: Don't let a device probe until it's ready
- drm/nouveau: fix nvkm_device leak on aperture removal failure
- kbuild: rust: allow `clippy::uninlined_format_args`
- firmware: google: framebuffer: Do not mark framebuffer as busy
- arm64/mm: Enable batched TLB flush in unmap_hotplug_range()
- padata: Fix pd UAF once and for all (CVE-2025-38584)
- padata: Remove comment for reorder_work
- rust: init: fix `clippy::undocumented_unsafe_blocks` warnings
- drm/amdgpu: Use vmemdup_array_user in amdgpu_bo_create_list_entry_array
- drm/amdgpu: Limit BO list entry count to prevent resource exhaustion
(CVE-2026-23468)
- device property: Make modifications of fwnode "flags" thread safe
- ocfs2: split transactions in dio completion to avoid credit exhaustion
- zram: do not forget to endio for partial discard requests
- wifi: rtw88: check for PCI upstream bridge existence
- vfio/cdx: Serialize VFIO_DEVICE_SET_IRQS with a per-device mutex
- vfio/cdx: Fix NULL pointer dereference in interrupt trigger path
- um: drivers: call kernel_strrchr() explicitly in cow_user.c
- spi: imx: fix use-after-free on unbind
- spi: ch341: fix memory leaks on probe failures
- mm/memory_hotplug: fix hwpoisoned large folio handling in
do_migrate_range()
- crypto: pcrypt - Fix handling of MAY_BACKLOG requests
- of: unittest: fix use-after-free in of_unittest_changeset()
- of: unittest: fix use-after-free in testdrv_probe()
- hwmon: (powerz) Fix missing usb_kill_urb() on signal interrupt
- media: amphion: Fix race between m2m job_abort and device_run
- ALSA: control: Validate buf_len before strnlen() in
snd_ctl_elem_init_enum_names()
- net: caif: clear client service pointer on teardown
- net: strparser: fix skb_head leak in strp_abort_strp()
- media: mtk-jpeg: fix use-after-free in release path due to uncancelled
work
- crypto: atmel-sha204a - Fix OTP sysfs read and error handling
- PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown
- Revert "ALSA: usb: Increase volume range that triggers a warning"
- PCI: epf-mhi: Return 0, not remaining timeout, when eDMA ops complete
- lib/ts_kmp: fix integer overflow in pattern length calculation
- media: i2c: imx219: Check return value of devm_gpiod_get_optional() in
imx219_probe()
- net: qrtr: ns: Fix use-after-free in driver remove()
- ext2: reject inodes with zero i_nlink and valid mode in ext2_iget()
- ALSA: aoa: i2sbus: fix OF node lifetime handling
- ALSA: ctxfi: Add fallback to default RSR for S/PDIF
- ALSA: seq_oss: return full count for successful SEQ_FULLSIZE writes
- erofs: fix the out-of-bounds nameoff handling for trailing dirents
- jbd2: fix deadlock in jbd2_journal_cancel_revoke()
- md/raid10: fix deadlock with check operation and nowait requests
- mfd: stpmic1: Attempt system shutdown twice in case PMIC is confused
- mtd: docg3: fix use-after-free in docg3_release()
- nvme-pci: add NVME_QUIRK_DISABLE_WRITE_ZEROES for Kingston OM3SGP4
- nvme: respect NVME_QUIRK_DISABLE_WRITE_ZEROES when wzsl is set
- parisc: _llseek syscall is only available for 32-bit userspace
- remoteproc: xlnx: Only access buffer information if IPI is buffered
- sched: Use u64 for bandwidth ratio calculations
- rbd: fix null-ptr-deref when device_add_disk() fails
- block: fix zone write plugs refcount handling in
disk_zone_wplug_schedule_bio_work()
- io_uring/timeout: check unused sqe fields
- iio: adc: ti-ads7950: use iio_push_to_buffers_with_ts_unaligned()
- io_uring/poll: fix signed comparison in io_poll_get_ownership()
- io_uring/poll: ensure EPOLL_ONESHOT is propagated for EPOLL_URING_WAKE
- ALSA: core: Fix potential data race at fasync handling
- ALSA: caiaq: Fix control_put() result and cache rollback
- ALSA: caiaq: Handle probe errors properly
- ALSA: 6fire: Fix input volume change detection
- ALSA: pcmtest: fix reference leak on failed device registration
- ALSA: pcmtest: Fix resource leaks in module init error paths
- iio: adc: ad7768-1: fix one-shot mode data acquisition
- rxrpc: Fix memory leaks in rxkad_verify_response()
- rxrpc: Fix rxkad crypto unalignment handling
- rxrpc: Fix re-decryption of RESPONSE packets
- tools/accounting: handle truncated taskstats netlink messages
- arm64: dts: marvell: uDPU: add ethernet aliases
- net: qrtr: ns: Free the node during ctrl_cmd_bye()
- net: rds: fix MR cleanup on copy error
- net: txgbe: fix firmware version check
- net/smc: avoid early lgr access in smc_clc_wait_msg
- net: ks8851: Reinstate disabling of BHs around IRQ handler
- netconsole: avoid out-of-bounds access on empty string in trim_newline()
- net: ks8851: Avoid excess softirq scheduling
- drm/arcpgu: fix device node leak
- RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv
- ipv4: icmp: validate reply type before using icmp_pointers
- libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply()
- extract-cert: Wrap key_pass with '#ifdef USE_PKCS11_ENGINE'
- tpm: avoid -Wunused-but-set-variable
- LoongArch: Show CPU vulnerabilites correctly
- power: supply: axp288_charger: Do not cancel work before initializing it
- hwmon: (pt5161l) Fix bugs in pt5161l_read_block_data()
- randomize_kstack: Maintain kstack_offset per task
- mmc: block: use single block write in retry
- mmc: sdhci-of-dwcmshc: Disable clock before DLL configuration
- arm64: dts: ti: am62-verdin: Enable pullup for eMMC data pins
- xfs: fix a resource leak in xfs_alloc_buftarg()
- firmware: google: framebuffer: Do not unregister platform device
- crypto: talitos - fix SEC1 32k ahash request limitation
- crypto: talitos - rename first/last to first_desc/last_desc
- pwm: imx-tpm: Count the number of enabled channels in probe
- tpm: Fix auth session leak in tpm2_get_random() error path
- tpm: Use kfree_sensitive() to free auth session in tpm_dev_release()
- tpm: tpm_tis: add error logging for data transfer
- tpm: tpm_tis: stop transmit if retries are exhausted
- rtc: ntxec: fix OF node reference imbalance
- mm/damon/core: use time_in_range_open() for damos quota window start
- userfaultfd: allow registration of ranges below mmap_min_addr
- KVM: x86: Defer non-architectural deliver of exception payload to
userspace read
- KVM: nSVM: Mark all of vmcb02 dirty when restoring nested state
- KVM: nSVM: Sync NextRIP to cached vmcb12 after VMRUN of L2
- KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2
- KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0
- KVM: SVM: Explicitly mark vmcb01 dirty after modifying VMCB intercepts
- KVM: nSVM: Ensure AVIC is inhibited when restoring a vCPU to guest mode
- KVM: nSVM: Use vcpu->arch.cr2 when updating vmcb12 on nested #VMEXIT
- KVM: nSVM: Always inject a #GP if mapping VMCB12 fails on nested VMRUN
- KVM: nSVM: Clear GIF on nested #VMEXIT(INVALID)
- KVM: nSVM: Clear EVENTINJ fields in vmcb12 on nested #VMEXIT
- KVM: nSVM: Clear tracking of L1->L2 NMI and soft IRQ on nested #VMEXIT
- KVM: nSVM: Add missing consistency check for EFER, CR0, CR4, and CS
- KVM: nSVM: Add missing consistency check for nCR3 validity
- KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1
- KVM: nSVM: Always intercept VMMCALL when L2 is active
- io_uring/poll: fix multishot recv missing EOF on wakeup race
- perf annotate: Use jump__delete when freeing LoongArch jumps
- ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access
- ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all()
- mtd: spi-nor: sst: Fix write enable before AAI sequence
- amdgpu/jpeg: fix deepsleep register for jpeg 5_0_0 and 5_0_2
- md/raid5: fix soft lockup in retry_aligned_read()
- md/raid5: validate payload size before accessing journal metadata
- check-uapi: link into shared objects
- HID: apple: ensure the keyboard backlight is off if suspending
- inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails
- x86/cpu: Disable FRED when PTI is forced on
- wifi: rtl8xxxu: fix potential use of uninitialized value
- tcp: call sk_data_ready() after listener migration
- taskstats: set version in TGID exit notifications
- mfd: core: Preserve OF node when ACPI handle is present
- apparmor: use target task's context in apparmor_getprocattr()
- Bluetooth: hci_event: fix potential UAF in SSP passkey handlers
- bus: mhi: host: pci_generic: Switch to async power up to avoid boot delays
- can: ucan: fix devres lifetime
- crypto: arm64/aes - Fix 32-bit aes_mac_update() arg treated as 64-bit
- crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup
- crypto: atmel-ecc - Release client on allocation failure
- crypto: hisilicon - Fix dma_unmap_single() direction
- crypto: ccree - fix a memory leak in cc_mac_digest()
- crypto: atmel-tdes - fix DMA sync direction
- crypto: atmel-sha204a - Fix error codes in OTP reads
- crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path
- crypto: atmel-sha204a - Fix uninitialized data access on OTP read error
- crypto: nx - Fix packed layout in struct nx842_crypto_header
- dm mirror: fix integer overflow in create_dirty_log()
- ceph: only d_add() negative dentries when they are unhashed
- IB/core: Fix zero dmac race in neighbor resolution
- ktest: Fix the month in the name of the failure directory
- ntfs3: add buffer boundary checks to run_unpack()
- ntfs3: fix integer overflow in run_unpack() volume boundary check
- rtmutex: Use waiter::task instead of current in remove_waiter()
- scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails
- seg6: fix seg6 lwtunnel output redirect for L2 reduced encap mode
- smb: client: validate the whole DACL before rewriting it in cifsacl
(CVE-2026-31709)
- f2fs: fix UAF caused by decrementing sbi->nr_pages[] in
f2fs_write_end_io() (CVE-2026-31715)
- lib: test_hmm: evict device pages on file close to avoid use-after-free
- f2fs: fix to do sanity check on dcc->discard_cmd_cnt conditionally
- ksmbd: use msleep instaed of schedule_timeout_interruptible()
- ksmbd: replace connection list with hash table
- ksmbd: reset rcount per connection in ksmbd_conn_wait_idle_sess_id()
- thermal: core: Fix thermal zone governor cleanup issues
- wifi: mt76: mt792x: describe USB WFSYS reset with a descriptor
- wifi: mt76: mt792x: fix mt7925u USB WFSYS reset handling
- wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup()
- mm/migrate: factor out movable_ops page handling into
migrate_movable_ops_page()
- mm/migrate: move movable_ops page handling out of move_to_new_folio()
- mm: migrate: requeue destination folio on deferred split queue
- ALSA: aoa: Use guard() for mutex locks
- ALSA: aoa: i2sbus: clear stale prepared state
- mm/zsmalloc: copy KMSAN metadata in zs_page_migrate()
- media: rc: ttusbir: respect DMA coherency rules
- ALSA: aoa: Skip devices with no codecs in i2sbus_resume()
- media: rc: igorplugusb: heed coherency rules
- RDMA/mana_ib: Disable RX steering on RSS QP destroy
- block: relax pgmap check in bio_add_page for compatible zone device pages
- iio: frequency: admv1013: add dev variable
- iio: frequency: admv1013: fix NULL pointer dereference on str
- rxrpc: Fix potential UAF after skb_unshare() failure
- net: qrtr: ns: Limit the maximum server registration per node
- net: qrtr: ns: Limit the maximum number of lookups
- net: bridge: use a stable FDB dst snapshot in RCU readers
- net: mctp: fix don't require received header reserved bits to be zero
- net: qrtr: ns: Limit the total number of nodes
- spi: fix resource leaks on device setup failure
- mm: prevent droppable mappings from being locked
- crypto: authencesn - reject short ahash digests during instance creation
- net: bonding: fix use-after-free in bond_xmit_broadcast() (CVE-2026-31419)
- driver core: Add kernel-doc for DEV_FLAG_COUNT enum value
- ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path
- ALSA: caiaq: Don't abort when no input device is available
- rxrpc: Fix rxrpc_input_call_event() to only unshare DATA packets
- ipv6: rpl: reserve mac_len headroom when recompressed SRH grows
- drm/amdgpu: fix zero-size GDS range init on RDNA4
- ALSA: caiaq: fix usb_dev refcount leak on probe failure
- net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels
- netfilter: reject zero shift in nft_bitwise
.
[ Ben Hutchings ]
* Fix ordering of kernel version strings for multiple Debian revisions
(Closes: #1113728)
* rxrpc: Fix conn-level packet handling to unshare RESPONSE packets
.
[ Salvatore Bonaccorso ]
* xfrm: esp: avoid in-place decrypt on shared skb frags
* rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
Checksums-Sha1:
157e120b621e04284bac382add668ec773e8a8d1 10824 linux-signed-amd64_6.12.86+1.dsc
65b09f7112c487c270f1cc0cc198f8c483f615be 928572 linux-signed-amd64_6.12.86+1.tar.xz
Checksums-Sha256:
2a8c9a1fe79a4a97d1f983c0b649f47dcf89505fc07a5ac3e52312a5ef91dcdc 10824 linux-signed-amd64_6.12.86+1.dsc
2d8109a43f68ff27c7bf0e8fa42be4388f497bc127120be7650b1f271dd0d8eb 928572 linux-signed-amd64_6.12.86+1.tar.xz
Files:
d8ab896d9698ba54a90d633103e4409d 10824 kernel optional linux-signed-amd64_6.12.86+1.dsc
a11c8830f4bda03dc20667a6bdd9ee1a 928572 kernel optional linux-signed-amd64_6.12.86+1.tar.xz
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQSInBJdRTWyTRy0ztFCTVFtUgONCgUCaf3PUwAKCRBCTVFtUgON
Cjd6AQCZmELRi4vsD/siy++T/9T9w49eCl+TgnzbZeIvoIX+9QD/eiUbaHtMgYOr
62yXDBNShdCV6v7oGrltOi73FAdjygI=
=5RO/
-----END PGP SIGNATURE-----
Back to linux.debian.changes | Previous | Next | Find similar
Accepted linux-signed-amd64 6.12.86+1 (source) into proposed-updates Debian FTP Masters <ftpmaster@ftp-master.debian.org> - 2026-05-09 10:40 +0200
csiph-web