commit 258cf62a6dfde3c6a39d120a56a298f2ed6a8901 Author: Greg Kroah-Hartman Date: Thu Apr 30 11:17:22 2026 +0200 Linux 6.6.137 Signed-off-by: Greg Kroah-Hartman commit 4b4defd2fce3f966c25adabf46644a85558f1169 Author: Juergen Gross Date: Fri Mar 27 14:13:38 2026 +0100 Buffer overflow in drivers/xen/sys-hypervisor.c commit 27fdbab4221b375de54bf91919798d88520c6e28 upstream. The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is neither NUL terminated nor a string. The first causes a buffer overflow as sprintf in buildid_show will read and copy till it finds a NUL. 00000000 f4 91 51 f4 dd 38 9e 9d 65 47 52 eb 10 71 db 50 |..Q..8..eGR..q.P| 00000010 b9 a8 01 42 6f 2e 32 |...Bo.2| 00000017 So use a memcpy instead of sprintf to have the correct value: 00000000 f4 91 51 f4 dd 00 9e 9d 65 47 52 eb 10 71 db 50 |..Q.....eGR..q.P| 00000010 b9 a8 01 42 |...B| 00000014 (the above have a hack to embed a zero inside and check it's returned correctly). This is XSA-485 / CVE-2026-31786 Fixes: 84b7625728ea ("xen: add sysfs node for hypervisor build id") Signed-off-by: Frediano Ziglio Reviewed-by: Juergen Gross Signed-off-by: Juergen Gross Signed-off-by: Greg Kroah-Hartman commit 402d84ad9e89bd4cbfd07ca8598532b7021daf95 Author: Juergen Gross Date: Fri Apr 10 09:20:04 2026 +0200 xen/privcmd: fix double free via VMA splitting commit 24daca4fc07f3ff8cd0e3f629cd982187f48436a upstream. privcmd_vm_ops defines .close (privcmd_close), but neither .may_split nor .open. When userspace does a partial munmap() on a privcmd mapping, the kernel splits the VMA via __split_vma(). Since may_split is NULL, the split is allowed. vm_area_dup() copies vm_private_data (a pages array allocated in alloc_empty_pages()) into the new VMA without any fixup, because there is no .open callback. Both VMAs now point to the same pages array. When the unmapped portion is closed, privcmd_close() calls: - xen_unmap_domain_gfn_range() - xen_free_unpopulated_pages() - kvfree(pages) The surviving VMA still holds the dangling pointer. When it is later destroyed, the same sequence runs again, which leads to a double free. Fix this issue by adding a .may_split callback denying the VMA split. This is XSA-487 / CVE-2026-31787 Fixes: d71f513985c2 ("xen: privcmd: support autotranslated physmap guests.") Reported-by: Atharva Vartak Suggested-by: Atharva Vartak Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich Signed-off-by: Greg Kroah-Hartman commit 710a4ce5d7afd9fe082c75dec282ab4a11c0fe71 Author: Herbert Xu Date: Wed Apr 29 23:07:02 2026 -0700 crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl commit 31d00156e50ecad37f2cb6cbf04aaa9a260505ef upstream. When page reassignment was added to af_alg_pull_tsgl the original loop wasn't updated so it may try to reassign one more page than necessary. Add the check to the reassignment so that this does not happen. Also update the comment which still refers to the obsolete offset argument. Reported-by: syzbot+d23888375c2737c17ba5@syzkaller.appspotmail.com Fixes: e870456d8e7c ("crypto: algif_skcipher - overhaul memory management") Signed-off-by: Herbert Xu Signed-off-by: Eric Biggers Signed-off-by: Greg Kroah-Hartman commit 3ef530ef5585fc0ef03274269202efe34900db11 Author: Herbert Xu Date: Wed Apr 29 23:07:01 2026 -0700 crypto: authencesn - Fix src offset when decrypting in-place commit 1f48ad3b19a9dfc947868edda0bb8e48e5b5a8fa upstream. The src SG list offset wasn't set properly when decrypting in-place, fix it. Reported-by: Wolfgang Walter Fixes: e02494114ebf ("crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption") Signed-off-by: Herbert Xu Signed-off-by: Eric Biggers Signed-off-by: Greg Kroah-Hartman commit d0c4ff6812386880f30bc64c2921299cc4d7b47f Author: Herbert Xu Date: Wed Apr 29 23:07:00 2026 -0700 crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption commit e02494114ebf7c8b42777c6cd6982f113bfdbec7 upstream. When decrypting data that is not in-place (src != dst), there is no need to save the high-order sequence bits in dst as it could simply be re-copied from the source. However, the data to be hashed need to be rearranged accordingly. Reported-by: Taeyang Lee <0wn@theori.io> Fixes: 104880a6b470 ("crypto: authencesn - Convert to new AEAD interface") Signed-off-by: Herbert Xu Signed-off-by: Eric Biggers Signed-off-by: Greg Kroah-Hartman commit 60c798725c9668a53f1c6faaaac6296a0bac44f9 Author: Eric Biggers Date: Wed Apr 29 23:06:59 2026 -0700 crypto: authenc - use memcpy_sglist() instead of null skcipher commit dbc4b1458e931e47198c3165ff5853bc1ad6bd7a upstream. For copying data between two scatterlists, just use memcpy_sglist() instead of the so-called "null skcipher". This is much simpler. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu Signed-off-by: Eric Biggers Signed-off-by: Greg Kroah-Hartman commit c2138c9bd02af19e0b407376140cd5435b0d81da Author: Douya Le Date: Wed Apr 29 23:06:58 2026 -0700 crypto: algif_aead - snapshot IV for async AEAD requests commit 5aa58c3a572b3e3b6c786953339f7978b845cc52 upstream. AF_ALG AEAD AIO requests currently use the socket-wide IV buffer during request processing. For async requests, later socket activity can update that shared state before the original request has fully completed, which can lead to inconsistent IV handling. Snapshot the IV into per-request storage when preparing the AEAD request, so in-flight operations no longer depend on mutable socket state. Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management") Cc: stable@kernel.org Reported-by: Yuan Tan Reported-by: Yifan Wu Reported-by: Juefei Pu Reported-by: Xin Liu Co-developed-by: Luxing Yin Signed-off-by: Luxing Yin Tested-by: Yucheng Lu Signed-off-by: Douya Le Signed-off-by: Ren Wei Signed-off-by: Herbert Xu Signed-off-by: Eric Biggers Signed-off-by: Greg Kroah-Hartman commit 3115af9644c342b356f3f07a4dd1c8905cd9a6fc Author: Herbert Xu Date: Wed Apr 29 23:06:57 2026 -0700 crypto: algif_aead - Revert to operating out-of-place commit a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5 upstream. This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly. Fixes: 72548b093ee3 ("crypto: algif_aead - copy AAD from src to dst") Reported-by: Taeyang Lee <0wn@theori.io> Signed-off-by: Herbert Xu Signed-off-by: Eric Biggers Signed-off-by: Greg Kroah-Hartman commit dbea57c08acfc9f92d30d5a2d20d6d2c4efd3d2e Author: Eric Biggers Date: Wed Apr 29 23:06:56 2026 -0700 crypto: algif_aead - use memcpy_sglist() instead of null skcipher commit f2804d0eee8ddd57aa79d0b82872b74c21e1b69b upstream. For copying data between two scatterlists, just use memcpy_sglist() instead of the so-called "null skcipher". This is much simpler. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu Signed-off-by: Eric Biggers Signed-off-by: Greg Kroah-Hartman commit 9ec26b5d193c9550f547b83a81095a74003a1a30 Author: Eric Biggers Date: Wed Apr 29 23:06:55 2026 -0700 crypto: scatterwalk - Backport memcpy_sglist() This backports the current implementation of memcpy_sglist() from upstream commit 4dffc9bbffb9ccfcda730d899c97c553599e7ca8. This function was rewritten twice. The earlier implementations had many prerequisite commits, while the latest implementation is standalone. It's much easier to just backport the latest code directly. Signed-off-by: Eric Biggers Signed-off-by: Greg Kroah-Hartman