Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 23d76465 by Salvatore Bonaccorso at 2025-08-22T19:26:09+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,62 @@ +CVE-2025-38675 [xfrm: state: initialize state_ptrs earlier in xfrm_state_find] + - linux <unfixed> + [trixie] - linux 6.12.41-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/94d077c331730510d5611b438640a292097341f0 (6.16) +CVE-2025-38674 [Revert "drm/prime: Use dma_buf from GEM object instance"] + - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/fb4ef4a52b79a22ad382bfe77332642d02aef773 (6.16) +CVE-2025-38673 [Revert "drm/gem-framebuffer: Use dma_buf from GEM object instance"] + - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/2712ca878b688682ac2ce02aefc413fc76019cd9 (6.16) +CVE-2025-38672 [Revert "drm/gem-dma: Use dma_buf from GEM object instance"] + - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/1918e79be908b8a2c8757640289bc196c14d928a (6.16) +CVE-2025-38671 [i2c: qup: jump out of the loop in case of timeout] + - linux <unfixed> + [trixie] - linux 6.12.41-1 + NOTE: https://git.kernel.org/linus/a7982a14b3012527a9583d12525cd0dc9f8d8934 (6.16) +CVE-2025-38670 [arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack()] + - linux <unfixed> + [trixie] - linux 6.12.41-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/d42e6c20de6192f8e4ab4cf10be8c694ef27e8cb (6.16) +CVE-2025-38669 [Revert "drm/gem-shmem: Use dma_buf from GEM object instance"] + - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6d496e9569983a0d7a05be6661126d0702cf94f7 (6.16) +CVE-2025-38668 [regulator: core: fix NULL dereference on unbind due to stale coupling data] + - linux <unfixed> + [trixie] - linux 6.12.41-1 + NOTE: https://git.kernel.org/linus/ca46946a482238b0cdea459fb82fc837fb36260e (6.16-rc5) +CVE-2025-38667 [iio: fix potential out-of-bound write] + - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/16285a0931869baa618b1f5d304e1e9d090470a8 (6.16-rc7) +CVE-2025-38666 [net: appletalk: Fix use-after-free in AARP proxy probe] + - linux <unfixed> + [trixie] - linux 6.12.41-1 + NOTE: https://git.kernel.org/linus/6c4a92d07b0850342d3becf2e608f805e972467c (6.16) +CVE-2025-38665 [can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode] + - linux <unfixed> + [trixie] - linux 6.12.41-1 + NOTE: https://git.kernel.org/linus/c1f3f9797c1f44a762e6f5f72520b2e520537b52 (6.16) +CVE-2025-38664 [ice: Fix a null pointer dereference in ice_copy_and_init_pkg()] + - linux <unfixed> + [trixie] - linux 6.12.41-1 + NOTE: https://git.kernel.org/linus/4ff12d82dac119b4b99b5a78b5af3bf2474c0a36 (6.16) +CVE-2025-38663 [nilfs2: reject invalid file types when reading inodes] + - linux <unfixed> + [trixie] - linux 6.12.41-1 + NOTE: https://git.kernel.org/linus/4aead50caf67e01020c8be1945c3201e8a972a27 (6.16) +CVE-2025-38662 [ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv] + - linux <unfixed> + [trixie] - linux 6.12.41-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6bea85979d05470e6416a2bb504a9bcd9178304c (6.16) +CVE-2025-38661 [platform/x86: alienware-wmi-wmax: Fix `dmi_system_id` array] + - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8346c6af27f1c1410eb314f4be5875fdf1579a10 (6.16) CVE-2025-38660 [[ceph] parse_longname(): strrchr() expects NUL-terminated string] - linux <unfixed> [bookworm] - linux <not-affected> (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23d76465b207aee1bc765e447ff95609fae54ede -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23d76465b207aee1bc765e447ff95609fae54ede You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
