Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 547e6520 by Salvatore Bonaccorso at 2025-09-11T20:44:40+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,116 @@ +CVE-2025-39791 [dm: dm-crypt: Do not partially accept write BIOs with zoned targets] + - linux 6.16.5-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e549663849e5bb3b985dc2d293069f0d9747ae72 (6.17-rc1) +CVE-2025-39790 [bus: mhi: host: Detect events pointing to unexpected TREs] + - linux 6.16.5-1 + NOTE: https://git.kernel.org/linus/5bd398e20f0833ae8a1267d4f343591a2dd20185 (6.17-rc1) +CVE-2025-39789 [crypto: x86/aegis - Add missing error checks] + - linux 6.16.5-1 + NOTE: https://git.kernel.org/linus/3d9eb180fbe8828cce43bce4c370124685b205c3 (6.17-rc1) +CVE-2025-39788 [scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE] + - linux 6.16.5-1 + NOTE: https://git.kernel.org/linus/01aad16c2257ab8ff33b152b972c9f2e1af47912 (6.17-rc1) +CVE-2025-39787 [soc: qcom: mdt_loader: Ensure we don't read past the ELF header] + - linux 6.16.5-1 + NOTE: https://git.kernel.org/linus/9f9967fed9d066ed3dae9372b45ffa4f6fccfeef (6.17-rc1) +CVE-2025-39786 [iio: adc: ad7173: fix channels index for syscalib_mode] + - linux 6.16.5-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/0eb8d7b25397330beab8ee62c681975b79f37223 (6.17-rc1) +CVE-2025-39785 [drm/hisilicon/hibmc: fix irq_request()'s irq name variable is local] + - linux 6.16.5-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8bed4ec42a4e0dc8113172696ff076d1eb6d8bcb (6.17-rc3) +CVE-2025-39784 [PCI: Fix link speed calculation on retrain failure] + - linux 6.16.5-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/9989e0ca7462c62f93dbc62f684448aa2efb9226 (6.17-rc1) +CVE-2025-39783 [PCI: endpoint: Fix configfs group list head handling] + - linux 6.16.5-1 + NOTE: https://git.kernel.org/linus/d79123d79a8154b4318529b7b2ff7e15806f480b (6.17-rc1) +CVE-2025-39782 [jbd2: prevent softlockup in jbd2_log_do_checkpoint()] + - linux 6.16.5-1 + NOTE: https://git.kernel.org/linus/9d98cf4632258720f18265a058e62fde120c0151 (6.17-rc3) +CVE-2025-39781 [parisc: Drop WARN_ON_ONCE() from flush_cache_vmap] + - linux 6.16.5-1 + NOTE: https://git.kernel.org/linus/4eab1c27ce1f0e89ab67b01bf1e4e4c75215708a (6.17-rc1) +CVE-2025-39780 [sched/ext: Fix invalid task state transitions on class switch] + - linux 6.16.5-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/ddf7233fcab6c247379d0928d46cc316ee122229 (6.17-rc3) +CVE-2025-39779 [btrfs: subpage: keep TOWRITE tag until folio is cleaned] + - linux 6.16.5-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b1511360c8ac882b0c52caa263620538e8d73220 (6.17-rc3) +CVE-2025-39777 [crypto: acomp - Fix CFI failure due to type punning] + - linux 6.16.5-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/962ddc5a7a4b04c007bba0f3e7298cda13c62efd (6.17-rc1) +CVE-2025-39776 [mm/debug_vm_pgtable: clear page table entries at destroy_args()] + - linux 6.16.5-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/dde30854bddfb5d69f30022b53c5955a41088b33 (6.17-rc3) +CVE-2025-39775 [mm/mremap: fix WARN with uffd that has remap events disabled] + - linux 6.16.5-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/772e5b4a5e8360743645b9a466842d16092c4f94 (6.17-rc3) +CVE-2025-39774 [iio: adc: rzg2l_adc: Set driver data before enabling runtime PM] + - linux 6.16.5-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/c69e13965f26b8058f538ea8bdbd2d7718cf1fbe (6.17-rc3) +CVE-2025-39773 [net: bridge: fix soft lockup in br_multicast_query_expired()] + - linux 6.16.5-1 + NOTE: https://git.kernel.org/linus/d1547bf460baec718b3398365f8de33d25c5f36f (6.17-rc3) +CVE-2025-39772 [drm/hisilicon/hibmc: fix the hibmc loaded failed bug] + - linux 6.16.5-1 + NOTE: https://git.kernel.org/linus/93a08f856fcc5aaeeecad01f71bef3088588216a (6.17-rc3) +CVE-2025-39771 [regulator: pca9450: Use devm_register_sys_off_handler] + - linux 6.16.5-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/447be50598c05499f7ccc2b1f6ddb3da30f8099a (6.17-rc3) +CVE-2025-39770 [net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM] + - linux 6.16.5-1 + NOTE: https://git.kernel.org/linus/864e3396976ef41de6cc7bc366276bf4e084fff2 (6.17-rc3) +CVE-2025-39769 [bnxt_en: Fix lockdep warning during rmmod] + - linux 6.16.5-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/4611d88a37cfc18cbabc6978aaf7325d1ae3f53a (6.17-rc3) +CVE-2025-39768 [net/mlx5: HWS, fix complex rules rehash error flow] + - linux 6.16.5-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/4a842b1bf18a32ee0c25dd6dd98728b786a76fe4 (6.17-rc3) +CVE-2025-39767 [LoongArch: Optimize module load time by optimizing PLT/GOT counting] + - linux 6.16.5-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/63dbd8fb2af3a89466538599a9acb2d11ef65c06 (6.17-rc3) +CVE-2025-39766 [net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit] + - linux 6.16.5-1 + NOTE: https://git.kernel.org/linus/15de71d06a400f7fdc15bf377a2552b0ec437cf5 (6.17-rc3) +CVE-2025-39765 [ALSA: timer: fix ida_free call while not allocated] + - linux 6.16.5-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/5003a65790ed66be882d1987cc2ca86af0de3db1 (6.17-rc3) CVE-2025-39764 [netfilter: ctnetlink: remove refcounting in expectation dumpers] - linux 6.16.3-1 NOTE: https://git.kernel.org/linus/1492e3dcb2be3aa46d1963da96aa9593e4e4db5a (6.17-rc2) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/547e6520b92c01f42f9c16fef3e0fe3658dbd430 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/547e6520b92c01f42f9c16fef3e0fe3658dbd430 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
