-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 04 Jul 2026 20:24:27 +0200 Source: linux Binary: bpftool bpftool-dbgsym hyperv-daemons hyperv-daemons-dbgsym libcpupower-dev libcpupower1 libcpupower1-dbgsym linux-cpupower linux-cpupower-dbgsym linux-kbuild-6.12.95+deb13 linux-kbuild-6.12.95+deb13-dbgsym linux-perf linux-perf-dbgsym rtla rtla-dbgsym usbip usbip-dbgsym Architecture: i386 Version: 6.12.95-1 Distribution: trixie-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Salvatore Bonaccorso Description: bpftool - Inspection and simple manipulation of BPF programs and maps hyperv-daemons - Support daemons for Linux running on Hyper-V libcpupower-dev - CPU frequency and voltage scaling tools for Linux (development fi libcpupower1 - CPU frequency and voltage scaling tools for Linux (libraries) linux-cpupower - CPU power management tools for Linux linux-kbuild-6.12.95+deb13 - Kbuild infrastructure for Linux 6.12.95+deb13 linux-perf - Performance analysis tools for Linux rtla - Real-Time Linux Analysis tools usbip - USB device sharing system over IP network Closes: 1136179 1139686 Changes: linux (6.12.95-1) trixie-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.95 - wifi: mt76: mt7921: avoid undesired changes of the preset regulatory domain - wifi: mt76: mt7921: fix a potential scan no APs - wifi: mt76: mt7921: fix potential deadlock in mt7921_roc_abort_sync (CVE-2026-53101) - fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios (CVE-2026-53167) - gpiolib: Extract gpiochip_choose_fwnode() for wider use - gpiolib: Remove redundant assignment of return variable - gpio: Fix resource leaks on errors in gpiochip_add_data_with_key() (CVE-2026-31732) - io_uring/net: Avoid msghdr on op_connect/op_bind async data - drm/xe/display: fix oops in suspend/shutdown without display (CVE-2026-53142) - [arm64] drm/v3d: Store the active job inside the queue's state - [arm64] drm/v3d: Skip CSD when it has zeroed workgroups (CVE-2026-53139) - eventpoll: use hlist_is_singular_node() in __ep_remove() - eventpoll: split __ep_remove() - eventpoll: kill __ep_remove() - eventpoll: drop vestigial __ prefix from ep_remove_{file,epi}() - eventpoll: rename ep_remove_safe() back to ep_remove() - eventpoll: move epi_fget() up - eventpoll: fix ep_remove struct eventpoll / struct file UAF (CVE-2026-46242) - iio: light: bh1780: fix PM runtime leak on error path (CVE-2026-43355) - net: Drop the lock in skb_may_tx_timestamp() (CVE-2026-43216) - Reapply "selftest/ptp: update ptp selftest to exercise the gettimex options" - debugobjects: Allow to refill the pool before SYSTEM_SCHEDULING - debugobjects: Use LD_WAIT_CONFIG instead of LD_WAIT_SLEEP - debugobjects: Do not fill_pool() if pi_blocked_on - debugobjects: Dont call fill_pool() in early boot hardirq context - RDMA/bnxt_re: zero shared page before exposing to userspace - i2c: stub: Reject I2C block transfers with invalid length - [amd64] agp/amd64: Fix broken error propagation in agp_amd64_probe() (CVE-2026-53325) - bpf: Reject sleepable kprobe_multi programs at attach time (CVE-2026-43010) - ACPI: scan: Use async schedule function in acpi_scan_clear_dep_fn() - regulator: core: fix locking in regulator_resolve_supply() error path - dlm: prevent NPD when writing a positive value to event_done (CVE-2025-23131) - xfs: remove the expr argument to XFS_TEST_ERROR - xfs: fix error returns in CoW fork repair - Revert "net: bonding: fix use-after-free in bond_xmit_broadcast()" - net: bonding: add broadcast_neighbor option for 802.3ad - bonding: add support for per-port LACP actor priority - bonding: print churn state via netlink - bonding: 3ad: implement proper RCU rules for port->aggregator (CVE-2026-52975) - net: bonding: fix use-after-free in bond_xmit_broadcast() (CVE-2026-31419) - bonding: fix NULL pointer dereference in actor_port_prio setting - staging: rtl8723bs: fix buffer over-read in rtw_update_protection (CVE-2026-53179) - fhandle: fix UAF due to unlocked ->mnt_ns read in may_decode_fh() (CVE-2026-53341) - Drivers: hv: vmbus: Improve the logic of reserving fb_mmio on Gen2 VMs - hv: utils: handle and propagate errors in kvp_register - locking/mutex: Remove wakeups from under mutex::wait_lock - locking/rtmutex: Skip remove_waiter() when waiter is not enqueued - phonet: Pass ifindex to fill_addr(). - phonet: Pass net and ifindex to phonet_address_notify(). - net: phonet: free phonet_device after RCU grace period (CVE-2026-53157) - rxrpc: Fix the ACK parser to extract the SACK table for parsing (CVE-2026-53151) - fuse: re-lock request before replacing page cache folio - ftrace: Update the mcount_loc check of skipped entries - ftrace: Have ftrace pages output reflect freed pages - ftrace: Do not over-allocate ftrace memory - ftrace: Test mcount_loc addr before calling ftrace_call_addr() - ftrace: Check against is_kernel_text() instead of kaslr_offset() - net: ipv6: Make udp_tunnel6_xmit_skb() void - sctp: disable BH before calling udp_tunnel_xmit_skb() (CVE-2026-53070) - iio: light: veml6075: add bounds check to veml6075_it_ms index - iio: adc: ti-ads1298: add bounds check to pga_settings index - vc_screen: fix null-ptr-deref in vcs_notifier() during concurrent vcs_write - [arm64] serial: qcom_geni: Fix RX DMA stall when SE_DMA_RX_LEN_IN is zero - ksmbd: reject non-VALID session in compound request branch - media: vidtv: fix NULL pointer dereference in vidtv_mux_push_si - virtiofs: fix UAF on submount umount - [amd64] KVM: x86: Fix shadow paging use-after-free due to unexpected role (CVE-2026-53359) - [amd64] KVM: x86/mmu: Ensure hugepage is in by slot before checking max mapping level - Revert "PCI: qcom: Advertise Hotplug Slot Capability with no Command Completion support" - [amd64] KVM: SEV: Ignore MMIO requests of length '0' - [amd64] KVM: SEV: Reject MMIO requests larger than 8 bytes with GHCB v2+ - [amd64] KVM: SEV: Ignore Port I/O requests of length '0' - batman-adv: tp_meter: keep unacked list in ascending ordered - batman-adv: tp_meter: initialize dup_acks explicitly - batman-adv: tp_meter: initialize dec_cwnd explicitly - batman-adv: tp_meter: avoid window underflow - batman-adv: tp_meter: avoid divide-by-zero for dec_cwnd - batman-adv: tp_meter: fix fast recovery precondition - batman-adv: tp_meter: handle seqno wrap-around for fast recovery detection - batman-adv: tp_meter: add only finished tp_vars to lists - batman-adv: bla: annotate lasttime access with READ/WRITE_ONCE - batman-adv: prevent ELP transmission interval underflow - batman-adv: tp_meter: initialize last_recv_time during init - batman-adv: ensure bcast is writable before modifying TTL - batman-adv: fix (m|b)cast csum after decrementing TTL - batman-adv: frag: ensure fragment is writable before modifying TTL - batman-adv: frag: avoid underflow of TTL - batman-adv: v: prevent OGM aggregation on disabled hardif - batman-adv: tp_meter: restrict number of unacked list entries - batman-adv: tp_meter: annotate last_recv_time access with READ/WRITE_ONCE - batman-adv: tp_meter: prevent parallel modifications of last_recv - batman-adv: tp_meter: handle overlapping packets - batman-adv: tt: don't merge change entries with different VIDs - batman-adv: tt: track roam count per VID - batman-adv: dat: prevent false sharing between VLANs - batman-adv: tvlv: enforce 2-byte alignment - batman-adv: tvlv: avoid race of cifsnotfound handler state - ipv6: account for fraggap on the paged allocation path (CVE-2026-53362) - fs: constify file ptr in backing_file accessor helpers - lsm: add backing_file LSM hooks - selinux: fix overlayfs mmap() and mprotect() access checks - inet: add indirect call wrapper for getfrag() calls - ipv4: account for fraggap on the paged allocation path - ntfs3: reject direct userspace writes to reserved $LX* xattrs - [amd64] KVM: SEV: Move sev_free_vcpu() down below sev_es_unmap_ghcb() - [amd64] KVM: SEV: Unmap and unpin the GHCB as needed on vCPU free - af_unix: Set gc_in_progress to true in unix_gc(). (CVE-2026-53361) - mtd: spi-nor: macronix: Add post_sfdp fixups for Quad Input Page Program - mtd: spi-nor: macronix: add support for mx66{l2, u1}g45g - mac802154: llsec: add skb_cow_data() before in-place crypto - net: skmsg: preserve sg.copy across SG transforms - net: ip_gre: require CAP_NET_ADMIN in the device netns for changelink - apparmor: mediate the implicit connect of TCP fast open sendmsg - apparmor: fix use-after-free in rawdata dedup loop - NTB: epf: Avoid pci_iounmap() with offset when PEER_SPAD and CONFIG share BAR - fbdev: fix use-after-free in store_modes() - kernel/fork: clear PF_BLOCK_TS in copy_process() - block: invalidate cached plug timestamp after task switch - err.h: use __always_inline on all error pointer helpers - KEYS: fix overflow in keyctl_pkey_params_get_2() - keys: Pin request_key_auth payload in instantiate paths - wifi: mt76: mt76x2u: Add support for ELECOM WDC-867SU3S - wifi: mt76: mt7925: don't disable AP BSS when removing TDLS peer - wifi: ath11k: fix warning when unbinding - wifi: rtlwifi: rtl8821ae: Fix C2H bit location in RX descriptor - wifi: rtw88: increase TX report timeout to fix race condition - wifi: rtw88: usb: fix memory leaks on USB write failures - wifi: iwlwifi: mvm: fix race condition in PTP removal - f2fs: validate compress cache inode only when enabled - f2fs: fix to round down start offset of fallocate for pin file - f2fs: validate ACL entry sizes in f2fs_acl_from_disk() - f2fs: fix incorrect FI_NO_EXTENT handling in __destroy_extent_node() - f2fs: keep atomic write retry from zeroing original data - block: Avoid mounting the bdev pseudo-filesystem in userspace - bpf: use kvfree() for replaced sysctl write buffer - exfat: fix potential use-after-free in exfat_find_dir_entry() - KVM: Replace guest-triggerable BUG_ON() in ioeventfd datamatch with get_unaligned() - gfs2: fix use-after-free in gfs2_qd_dealloc - [arm64] pwrseq: core: fix use-after-free in pwrseq_debugfs_seq_next() - hdlc_ppp: sync per-proto timers before freeing hdlc state - blk-cgroup: fix UAF in __blkcg_rstat_flush() - tipc: fix slab-use-after-free Read in tipc_aead_decrypt_done - pNFS: Fix use-after-free in pnfs_update_layout() - fpga: region: fix use-after-free in child_regions_with_firmware() - rpmsg: char: Fix use-after-free on probe error path - ocfs2: reject oversized group bitmap descriptors - 9p: avoid putting oldfid in p9_client_walk() error path - [amd64] KVM: x86: hyper-v: Bound the bank index when querying sparse banks - [amd64] KVM: SVM: Fix page overflow in sev_dbg_crypt() for ENCRYPT path - power: reset: linkstation-poweroff: fix use-after-free in the linkstation_poweroff_init() - [riscv64] mm: Extract helper mark_new_valid_map() - [riscv64] kfence: Call mark_new_valid_map() for kfence_unprotect() - fbdev: Fix fb_new_modelist to prevent null-ptr-deref in fb_videomode_to_var - fbdev: modedb: fix a possible UAF in fb_find_mode() - fbdev: modedb: Fix misaligned fields in the 1920x1080-60 mode - i2c: core: fix adapter registration race - NFSD: Fix SECINFO_NO_NAME decode error cleanup - nfsd: fix posix_acl leak on SETACL decode failure - nfsd: check get_user() return when reading princhashlen - nfsd: avoid leaking pre-allocated openowner on unconfirmed retry race - nfsd: reset write verifier on deferred writeback errors - NFSv4/pNFS: reject zero-length r_addr in nfs4_decode_mp_ds_addr - NFS: Prevent resource leak in nfs_alloc_server() - ksmbd: fix out-of-bounds read in smb_check_perm_dacl() - serial: 8250_dw: unregister 8250 port if clk_notifier_register() fails - drivers/base/memory: set mem->altmap after successful device registration - Documentation: ioctl-number: Fix linuxppc-dev mailto link - Documentation: ioctl-number: Extend "Include File" column width - [amd64] crypto: qat - Replace kzalloc() + copy_from_user() with memdup_user() - [amd64] crypto: qat - Return pointer directly in adf_ctl_alloc_resources - [amd64] crypto: qat - remove unused character device and IOCTLs - net/tcp-ao: fix use-after-free of key in del_async path - locking: rtmutex: Fix wake_q logic in task_blocks_on_rt_mutex - net: bonding: update the slave array for broadcast mode - bonding: annotate data-races arcound churn variables - bonding: do not set usable_slaves for broadcast mode . [ Salvatore Bonaccorso ] * net/netfilter: Enable NETFILTER_NETLINK_HOOK as module (Closes: #1139686) * [rt] Refresh "locking/rt: Annotate unlock followed by lock for sparse." . [ Uwe Kleine-König ] * [amd64] Enable CONFIG_PINCTRL_CS42L43 and CONFIG_SPI_CS42L43 explicitly (Closes: #1136179) Checksums-Sha1: ce36d2967c0c491262656a962786f2d3c55c409e 880728 bpftool-dbgsym_7.5.0+6.12.95-1_i386.deb d235d398ffa3ef1269559dbbfcdb65d7a1a2e8e3 1604312 bpftool_7.5.0+6.12.95-1_i386.deb 4d3103f2211ef11c5122d8c838b9bd6acd857513 42932 hyperv-daemons-dbgsym_6.12.95-1_i386.deb 8e8e0db504ad3b0b4fcd6dc20be2d27939fa5aab 1313992 hyperv-daemons_6.12.95-1_i386.deb 6e16c2e5a2777dd6323852fd252ebf4033b16f09 1297976 libcpupower-dev_6.12.95-1_i386.deb 2dc29cce594d022458a52b2dd732ea2ca78badcb 28260 libcpupower1-dbgsym_6.12.95-1_i386.deb d11b88f812b48a836a026079be5798848cca0394 1306424 libcpupower1_6.12.95-1_i386.deb 883f196146b2904d989a10121243563d0754a8af 355748 linux-cpupower-dbgsym_6.12.95-1_i386.deb bb35ab00df1419b62b7dda17074d33112cf06e88 1481124 linux-cpupower_6.12.95-1_i386.deb 7cbec26badff39caabcb774b453d9dd0de9d0d09 1801600 linux-kbuild-6.12.95+deb13-dbgsym_6.12.95-1_i386.deb d79f179ec0aff2f41993e72660c56795543f94af 1753208 linux-kbuild-6.12.95+deb13_6.12.95-1_i386.deb 974a327c2293885c76b98e4c2b67ebb209b0ab67 11499096 linux-perf-dbgsym_6.12.95-1_i386.deb a7cf51c864a0c21b69a7304fa50da9713979550b 4867304 linux-perf_6.12.95-1_i386.deb 177e99a0e2ab9fc29bf05eb0480ea8954f38c4f0 15555 linux_6.12.95-1_i386-buildd.buildinfo 7b76ed099f8b747848ffbabd528d91b8f4051de9 100472 rtla-dbgsym_6.12.95-1_i386.deb 9005b2f57926e1dc785c3ce3ae762fa5512cd669 1357048 rtla_6.12.95-1_i386.deb 88a69913987033572d1b1ceac1b5229a0b341d54 138044 usbip-dbgsym_2.0+6.12.95-1_i386.deb caaa4ca849cacb51ebd48ec79fc9b3bb08a4dba7 1334780 usbip_2.0+6.12.95-1_i386.deb Checksums-Sha256: a576a626996b13c29a5b7e2f1baed912ece4894f23e5873363ae4ea8c10351f5 880728 bpftool-dbgsym_7.5.0+6.12.95-1_i386.deb c3d15f2110ef76fc6969a84572594911530b55c56f9ab2651c0af3793b271b6c 1604312 bpftool_7.5.0+6.12.95-1_i386.deb 58b3c0cde3c466e6f236cc17b944134f018cd57a0f41181d6090d09e6a9a3d87 42932 hyperv-daemons-dbgsym_6.12.95-1_i386.deb 7f5c55e5f865a589e3df2e85f1197945dad303242c6af1138bc26a6e813eddb9 1313992 hyperv-daemons_6.12.95-1_i386.deb d165c956253c2abed2cbed86ffe5ea1b9542d3d86eb274903f4f835d0dc9cc87 1297976 libcpupower-dev_6.12.95-1_i386.deb 31d3d72cbc9aee7673135f11ff801832638eab42273acf3bf8bcc48750f28b63 28260 libcpupower1-dbgsym_6.12.95-1_i386.deb c96da64f8f8d0b74fa0e3d5e343b6fd7772cb0c667b51ed6f56c318f0828c75f 1306424 libcpupower1_6.12.95-1_i386.deb 5a57d9f65af91cb507f197e1282c1e83d89806e2c952a516b5413e89c5c776b9 355748 linux-cpupower-dbgsym_6.12.95-1_i386.deb a25f883ff2db5ccd6a9d31064407c88fd771a4dc8f3b7616af448ef863379354 1481124 linux-cpupower_6.12.95-1_i386.deb 22fec67114dd627e2cd5cddc858650d23d4ace502fc37a34db03ccd7dcd9abb0 1801600 linux-kbuild-6.12.95+deb13-dbgsym_6.12.95-1_i386.deb 18d706cebcabfe48e09cdacb16e252b8d28af66ac7f40371bb3da18cc27bd73c 1753208 linux-kbuild-6.12.95+deb13_6.12.95-1_i386.deb c5655b0f351039b7fa5fdfc9358b4af150f903f3dce272733eff8bc11bd140de 11499096 linux-perf-dbgsym_6.12.95-1_i386.deb 006b96ae1ffc2a8870bd9d403a45523c424432e1b6432fbcbf34b20b2c5fd1e6 4867304 linux-perf_6.12.95-1_i386.deb 85ae6eb4c3bc1d1d672ed1a4949a1d2fb908fcc8400cb9f96336a8ac1e0dcd37 15555 linux_6.12.95-1_i386-buildd.buildinfo 7391f36329424ba633b3a38ced74a6dd025e6be2b0194e7b5c3fcf0229cef250 100472 rtla-dbgsym_6.12.95-1_i386.deb 55165d8f28b9a0f1fdd75e1ea5fbd724a9b240837b1ad8b367300773579e716d 1357048 rtla_6.12.95-1_i386.deb 5d1eecafe7a9712e031b0ac7faf09c3b16ca7cad57de27d20f5bb843e3fe1d0c 138044 usbip-dbgsym_2.0+6.12.95-1_i386.deb 36d1caf0a6e15049efda79c20dfc2d10e63fee4276b1fa621d45d5e7a832c0d0 1334780 usbip_2.0+6.12.95-1_i386.deb Files: 03b1f0e60b36887ef13e535cda9220f0 880728 debug optional bpftool-dbgsym_7.5.0+6.12.95-1_i386.deb 3ebda96fbb73cc26f779bc92a912366f 1604312 devel optional bpftool_7.5.0+6.12.95-1_i386.deb 59844fed282b21d8a9f1575125297b5c 42932 debug optional hyperv-daemons-dbgsym_6.12.95-1_i386.deb 991515e1f764af852bf9494dca4b8706 1313992 admin optional hyperv-daemons_6.12.95-1_i386.deb b78f77400526184cc839727c5b15ea0b 1297976 libdevel optional libcpupower-dev_6.12.95-1_i386.deb ea572b62b0c20cb4098ff8eeaa63d6de 28260 debug optional libcpupower1-dbgsym_6.12.95-1_i386.deb 37a9d53e289e61ef1fe137a97a09ac3f 1306424 libs optional libcpupower1_6.12.95-1_i386.deb afe65b3aefd239149a972e0143c119c3 355748 debug optional linux-cpupower-dbgsym_6.12.95-1_i386.deb eb41e1652840e7cfedbcb552f710e453 1481124 admin optional linux-cpupower_6.12.95-1_i386.deb 359cfd11afa3d403aeed0bad60787cbb 1801600 debug optional linux-kbuild-6.12.95+deb13-dbgsym_6.12.95-1_i386.deb 02e7c699f0064bacd898d269e0f08012 1753208 kernel optional linux-kbuild-6.12.95+deb13_6.12.95-1_i386.deb 96e1c95a7b8a552d6dc59087aec179b6 11499096 debug optional linux-perf-dbgsym_6.12.95-1_i386.deb b31ccfde7e45f44a9f1135f941312bac 4867304 devel optional linux-perf_6.12.95-1_i386.deb 5b8c63554794d1ff1bf05199f89a4ae6 15555 kernel optional linux_6.12.95-1_i386-buildd.buildinfo 140bc0fcf06114f74e1e60c66a7a6833 100472 debug optional rtla-dbgsym_6.12.95-1_i386.deb 5cfdd2c0cdfc9707aebecb0c6b27e460 1357048 devel optional rtla_6.12.95-1_i386.deb 2c5eb94df7fcb163d614be938d7d563f 138044 debug optional usbip-dbgsym_2.0+6.12.95-1_i386.deb a1a4f1eb1bb49be654d9e65e55c3f153 1334780 admin optional usbip_2.0+6.12.95-1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7cQ9mRD4+dWjjrb6PkCWRKsh20cFAmpKFFIACgkQPkCWRKsh 20dPdA/6AjeSHIlSUWJwKQ2BAB7+8jMCJ+xhZQaEZS5T/FeXpVWaq0ywYYb3n/Oy 3Z/i7Ci3n6jFbb2bWnb/ECuj6XEAPPAhPo09lNC2NJ/jGjYyzIYN6d3Ifsqqq/q7 xwcGf//HrpBKsEFRshKPTHZ8C+vdrsDnVvleP8GImHcUhYnIg1n2NhDa9xN6yRgS ig4FrjLwdRWE1cUhGG/WAFJS9FSJjj6b5P39f3Cf6DXtUNFsFLvXCzlipLSmLblv IcH4F4mG7oXDs4bfcAZ06pJV541Q+DMUBv+8j/NjZRVRH9pltRhT8865XKbifwjq 1sTeywVg1hBSia4KV5aBpvDsfSKDB4ZDBd8yl4lPdc2Jxqf/BHvbskUzCDNhix4U RLKLLd5vXyzkTU27mgaFA/ioGrzOnW6yYfxye3FfOUPrtf2zxRRrBLPZmHf3fXTU +lAqn9lQ89AosnRuqkSrFwsC4WvXAe2XOmj2oeY3OR3A/5jMh3L7JOFUUU9rZyhN /XydRH7knNrBv7QuynIV3Ouy0/XvPOl6HC038HgGorR/x/Qxigcc+AGZEusHtSLa 6pzwEb60hrMpTIl0c/9fs5vgZ9kWHLh301oUFyj6vv7TLAhoD9J0vw4Ia6U5L+Ay 2il23BpTtRg4nBlIyD9EkLOl9olxQYv5UsQMx3EGW4l8RZXowIY= =UEL7 -----END PGP SIGNATURE-----