Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1caeea21 by Salvatore Bonaccorso at 2025-08-16T14:20:11+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,88 @@ +CVE-2025-38539 [tracing: Add down_write(trace_event_sem) when adding trace event] + - linux <unfixed> + [trixie] - linux 6.12.41-1 + [bookworm] - linux 6.1.147-1 + NOTE: https://git.kernel.org/linus/b5e8acc14dcb314a9b61ff19dcd9fdd0d88f70df (6.16-rc7) +CVE-2025-38538 [dmaengine: nbpfaxi: Fix memory corruption in probe()] + - linux <unfixed> + [trixie] - linux 6.12.41-1 + [bookworm] - linux 6.1.147-1 + NOTE: https://git.kernel.org/linus/188c6ba1dd925849c5d94885c8bbdeb0b3dcf510 (6.16-rc7) +CVE-2025-38537 [net: phy: Don't register LEDs for genphy] + - linux <unfixed> + [trixie] - linux 6.12.41-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f0f2b992d8185a0366be951685e08643aae17d6d (6.16-rc7) +CVE-2025-38536 [net: airoha: fix potential use-after-free in airoha_npu_get()] + - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3cd582e7d0787506990ef0180405eb6224fa90a6 (6.16-rc7) +CVE-2025-38535 [phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode] + - linux <unfixed> + [trixie] - linux 6.12.41-1 + [bookworm] - linux 6.1.147-1 + NOTE: https://git.kernel.org/linus/cefc1caee9dd06c69e2d807edc5949b329f52b22 (6.16-rc7) +CVE-2025-38534 [netfs: Fix copy-to-cache so that it performs collection with ceph+fscache] + - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/4c238e30774e3022a505fa54311273add7570f13 (6.16-rc7) +CVE-2025-38533 [net: libwx: fix the using of Rx buffer DMA] + - linux <unfixed> + [trixie] - linux 6.12.41-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/5fd77cc6bd9b368431a815a780e407b7781bcca0 (6.16-rc7) +CVE-2025-38532 [net: libwx: properly reset Rx ring descriptor] + - linux <unfixed> + [trixie] - linux 6.12.41-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/d992ed7e1b687ad7df0763d3e015a5358646210b (6.16-rc7) +CVE-2025-38531 [iio: common: st_sensors: Fix use of uninitialize device structs] + - linux <unfixed> + [trixie] - linux 6.12.41-1 + NOTE: https://git.kernel.org/linus/9f92e93e257b33e73622640a9205f8642ec16ddd (6.16-rc7) +CVE-2025-38530 [comedi: pcl812: Fix bit shift out of bounds] + - linux <unfixed> + [trixie] - linux 6.12.41-1 + [bookworm] - linux 6.1.147-1 + NOTE: https://git.kernel.org/linus/b14b076ce593f72585412fc7fd3747e03a5e3632 (6.16-rc7) +CVE-2025-38529 [comedi: aio_iiro_16: Fix bit shift out of bounds] + - linux <unfixed> + [trixie] - linux 6.12.41-1 + [bookworm] - linux 6.1.147-1 + NOTE: https://git.kernel.org/linus/66acb1586737a22dd7b78abc63213b1bcaa100e4 (6.16-rc7) +CVE-2025-38528 [bpf: Reject %p% format string in bprintf-like helpers] + - linux <unfixed> + [trixie] - linux 6.12.41-1 + [bookworm] - linux 6.1.147-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f8242745871f81a3ac37f9f51853d12854fd0b58 (6.16-rc7) +CVE-2025-38527 [smb: client: fix use-after-free in cifs_oplock_break] + - linux <unfixed> + [trixie] - linux 6.12.41-1 + [bookworm] - linux 6.1.147-1 + NOTE: https://git.kernel.org/linus/705c79101ccf9edea5a00d761491a03ced314210 (6.16-rc7) +CVE-2025-38526 [ice: add NULL check in eswitch lag check] + - linux <unfixed> + [trixie] - linux 6.12.41-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3ce58b01ada408b372f15b7c992ed0519840e3cf (6.16-rc7) +CVE-2025-38525 [rxrpc: Fix irq-disabled in local_bh_enable()] + - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e4d2878369d590bf8455e3678a644e503172eafa (6.16-rc7) +CVE-2025-38524 [rxrpc: Fix recv-recv race of completed call] + - linux <unfixed> + [trixie] - linux 6.12.41-1 + NOTE: https://git.kernel.org/linus/962fb1f651c2cf2083e0c3ef53ba69e3b96d3fbc (6.16-rc7) +CVE-2025-38523 [cifs: Fix the smbd_response slab to allow usercopy] + - linux 6.12.37-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/43e7e284fc77b710d899569360ea46fa3374ae22 (6.16-rc4) +CVE-2025-38522 [sched/ext: Prevent update_locked_rq() calls with NULL rq] + - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e14fd98c6d66cb76694b12c05768e4f9e8c95664 (6.16-rc7) CVE-2025-38521 [drm/imagination: Fix kernel crash when hard resetting the GPU] - linux <unfixed> [trixie] - linux 6.12.41-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1caeea2116476c238f25ff2b3a95c00d2ba8ed38 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1caeea2116476c238f25ff2b3a95c00d2ba8ed38 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
