Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: df8f06ef by Salvatore Bonaccorso at 2025-07-25T22:08:35+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,59 @@ +CVE-2025-38430 [nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request] + - linux 6.12.35-1 + NOTE: https://git.kernel.org/linus/1244f0b2c3cecd3f349a877006e67c9492b41807 (6.16-rc1) +CVE-2025-38429 [bus: mhi: ep: Update read pointer only after buffer is written] + - linux 6.12.35-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6f18d174b73d0ceeaa341f46c0986436b3aefc9a (6.16-rc1) +CVE-2025-38428 [Input: ims-pcu - check record size in ims_pcu_flash_firmware()] + - linux 6.12.35-1 + NOTE: https://git.kernel.org/linus/a95ef0199e80f3384eb992889322957d26c00102 (6.16-rc1) +CVE-2025-38427 [video: screen_info: Relocate framebuffers behind PCI bridges] + - linux 6.12.35-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/2f29b5c231011b94007d2c8a6d793992f2275db1 (6.16-rc1) +CVE-2025-38426 [drm/amdgpu: Add basic validation for RAS header] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/5df0d6addb7e9b6f71f7162d1253762a5be9138e (6.16-rc1) +CVE-2025-38425 [i2c: tegra: check msg length in SMBUS block read] + - linux 6.12.35-1 + NOTE: https://git.kernel.org/linus/a6e04f05ce0b070ab39d5775580e65c7d943da0b (6.16-rc1) +CVE-2025-38424 [perf: Fix sample vs do_exit()] + - linux 6.12.35-1 + NOTE: https://git.kernel.org/linus/4f6fc782128355931527cefe3eb45338abd8ab39 (6.16-rc3) +CVE-2025-38423 [ASoC: codecs: wcd9375: Fix double free of regulator supplies] + - linux 6.12.35-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/63fe298652d4eda07d738bfcbbc59d1343a675ef (6.16-rc1) +CVE-2025-38422 [net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices] + - linux 6.12.35-1 + NOTE: https://git.kernel.org/linus/3b9935586a9b54d2da27901b830d3cf46ad66a1e (6.16-rc1) +CVE-2025-38421 [platform/x86/amd: pmf: Use device managed allocations] + - linux <unfixed> + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/d9db3a941270d92bbd1a6a6b54a10324484f2f2d (6.16-rc3) +CVE-2025-38420 [wifi: carl9170: do not ping device which has failed to load firmware] + - linux 6.12.35-1 + NOTE: https://git.kernel.org/linus/15d25307692312cec4b57052da73387f91a2e870 (6.16-rc3) +CVE-2025-38419 [remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach()] + - linux 6.12.35-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7692c9fbedd9087dc9050903f58095915458d9b1 (6.16-rc1) +CVE-2025-38418 [remoteproc: core: Release rproc->clean_table after rproc_attach() fails] + - linux 6.12.35-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/bcd241230fdbc6005230f80a4f8646ff5a84f15b (6.16-rc1) +CVE-2025-38417 [ice: fix eswitch code memory leak in reset scenario] + - linux 6.12.35-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/48c8b214974dc55283bd5f12e3a483b27c403bbc (6.16-rc3) +CVE-2025-38416 [NFC: nci: uart: Set tty->disc_data only in success path] + - linux 6.12.35-1 + NOTE: https://git.kernel.org/linus/fc27ab48904ceb7e4792f0c400f1ef175edf16fe (6.16-rc3) CVE-2025-38415 [Squashfs: check return result of sb_min_blocksize] - linux 6.12.35-1 NOTE: https://git.kernel.org/linus/734aa85390ea693bb7eaf2240623d41b03705c84 (6.16-rc1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df8f06efc6f4019b60c4d08a8671b34ba46d5604 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df8f06efc6f4019b60c4d08a8671b34ba46d5604 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
