Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 343b3aa2 by Salvatore Bonaccorso at 2025-03-07T20:35:07+01:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,38 @@ +CVE-2025-21843 [drm/panthor: avoid garbage value in panthor_ioctl_dev_query()] + - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3b32b7f638fe61e9d29290960172f4e360e38233 (6.14-rc3) +CVE-2025-21842 [amdkfd: properly free gang_ctx_bo when failed to init user queue] + - linux 6.12.16-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/a33f7f9660705fb2ecf3467b2c48965564f392ce (6.14-rc3) +CVE-2025-21841 [cpufreq/amd-pstate: Fix cpufreq_policy ref counting] + - linux 6.12.16-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3ace20038e19f23fe73259513f1f08d4bf1a3c83 (6.14-rc2) +CVE-2025-21840 [thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header] + - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/c195b9c6ab9c383d7aa3f4a65879b3ca90cb378b (6.14-rc3) +CVE-2025-21839 [KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop] + - linux 6.12.16-1 + NOTE: https://git.kernel.org/linus/c2fee09fc167c74a64adb08656cb993ea475197e (6.14-rc3) +CVE-2025-21838 [usb: gadget: core: flush gadget workqueue after device removal] + - linux 6.12.16-1 + NOTE: https://git.kernel.org/linus/399a45e5237ca14037120b1b895bd38a3b4492ea (6.14-rc3) +CVE-2025-21837 [io_uring/uring_cmd: unconditionally copy SQEs at prep time] + - linux <unfixed> + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/d6211ebbdaa541af197b50b8dd8f22642ce0b87f (6.14-rc3) +CVE-2025-21836 [io_uring/kbuf: reallocate buf lists on upgrade] + - linux 6.12.16-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8802766324e1f5d414a81ac43365c20142e85603 (6.14-rc3) +CVE-2025-21835 [usb: gadget: f_midi: fix MIDI Streaming descriptor lengths] + - linux 6.12.16-1 + [bookworm] - linux 6.1.129-1 + NOTE: https://git.kernel.org/linus/da1668997052ed1cb00322e1f3b63702615c9429 (6.14-rc3) CVE-2025-26865 NOT-FOR-US: Apache OFBiz CVE-2025-XXXX [RUSTSEC-2025-0009] View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/343b3aa260f48a7dfb43234af165b92c166f8e57 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/343b3aa260f48a7dfb43234af165b92c166f8e57 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
