Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: a2785e0c by Salvatore Bonaccorso at 2025-05-20T21:52:26+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,80 @@ +CVE-2025-37964 [x86/mm: Eliminate window where TLB flushes may be inadvertently skipped] + - linux 6.12.29-1 + [bookworm] - linux 6.1.139-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/fea4e317f9e7e1f449ce90dedc27a2d2a95bee5a (6.15-rc6) +CVE-2025-37963 [arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users] + - linux 6.12.29-1 + [bookworm] - linux 6.1.139-1 + NOTE: https://git.kernel.org/linus/f300769ead032513a68e4a02e806393402e626f8 (6.15-rc7) +CVE-2025-37962 [ksmbd: fix memory leak in parse_lease_state()] + - linux 6.12.29-1 + [bookworm] - linux 6.1.139-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/eb4447bcce915b43b691123118893fca4f372a8f (6.15-rc6) +CVE-2025-37961 [ipvs: fix uninit-value for saddr in do_output_route4] + - linux 6.12.29-1 + [bookworm] - linux 6.1.139-1 + NOTE: https://git.kernel.org/linus/e34090d7214e0516eb8722aee295cb2507317c07 (6.15-rc6) +CVE-2025-37960 [memblock: Accept allocated memory before use in memblock_double_array()] + - linux 6.12.29-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/da8bf5daa5e55a6af2b285ecda460d6454712ff4 (6.15-rc6) +CVE-2025-37959 [bpf: Scrub packet on bpf_redirect_peer] + - linux 6.12.29-1 + [bookworm] - linux 6.1.139-1 + NOTE: https://git.kernel.org/linus/c4327229948879814229b46aa26a750718888503 (6.15-rc6) +CVE-2025-37958 [mm/huge_memory: fix dereferencing invalid pmd migration entry] + - linux 6.12.29-1 + NOTE: https://git.kernel.org/linus/be6e843fc51a584672dfd9c4a6a24c8cb81d5fb7 (6.15-rc6) +CVE-2025-37957 [KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception] + - linux 6.12.29-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/a2620f8932fa9fdabc3d78ed6efb004ca409019f (6.15-rc6) +CVE-2025-37956 [ksmbd: prevent rename with empty string] + - linux 6.12.29-1 + NOTE: https://git.kernel.org/linus/53e3e5babc0963a92d856a5ec0ce92c59f54bc12 (6.15-rc6) +CVE-2025-37955 [virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable()] + - linux 6.12.29-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/4397684a292a71fbc1e815c3e283f7490ddce5ae (6.15-rc6) +CVE-2025-37954 [smb: client: Avoid race in open_cached_dir with lease breaks] + - linux 6.12.29-1 + NOTE: https://git.kernel.org/linus/3ca02e63edccb78ef3659bebc68579c7224a6ca2 (6.15-rc6) +CVE-2025-37953 [sch_htb: make htb_deactivate() idempotent] + - linux 6.12.29-1 + [bookworm] - linux 6.1.139-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3769478610135e82b262640252d90f6efb05be71 (6.15-rc6) +CVE-2025-37952 [ksmbd: Fix UAF in __close_file_table_ids] + - linux 6.12.29-1 + NOTE: https://git.kernel.org/linus/36991c1ccde2d5a521577c448ffe07fcccfe104d (6.15-rc6) +CVE-2025-37951 [drm/v3d: Add job to pending list if the reset was skipped] + - linux 6.12.29-1 + [bookworm] - linux 6.1.139-1 + NOTE: https://git.kernel.org/linus/35e4079bf1a2570abffce6ababa631afcf8ea0e5 (6.15-rc6) +CVE-2025-37950 [ocfs2: fix panic in failed foilio allocation] + - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/31d4cd4eb2f8d9b87ebfa6a5e443a59e3b3d7b8c (6.15-rc6) +CVE-2025-37949 [xenbus: Use kref to track req lifetime] + - linux 6.12.29-1 + [bookworm] - linux 6.1.139-1 + NOTE: https://git.kernel.org/linus/1f0304dfd9d217c2f8b04a9ef4b3258a66eedd27 (6.15-rc6) +CVE-2025-37948 [arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs] + - linux 6.12.29-1 + [bookworm] - linux 6.1.139-1 + NOTE: https://git.kernel.org/linus/0dfefc2ea2f29ced2416017d7e5b1253a54c2735 (6.15-rc7) +CVE-2025-37947 [ksmbd: prevent out-of-bounds stream writes by validating *pos] + - linux 6.12.29-1 + [bookworm] - linux 6.1.139-1 + NOTE: https://git.kernel.org/linus/0ca6df4f40cf4c32487944aaf48319cb6c25accc (6.15-rc6) +CVE-2025-37946 [s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs] + - linux 6.12.29-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/05a2538f2b48500cf4e8a0a0ce76623cc5bafcf1 (6.15-rc6) CVE-2025-37945 [net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY] - linux 6.12.25-1 [bullseye] - linux <not-affected> (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2785e0c381d3b944d7f6e4c3b464b9c6d5a68bf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2785e0c381d3b944d7f6e4c3b464b9c6d5a68bf You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
