Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: e18b8047 by Salvatore Bonaccorso at 2025-11-13T09:42:42+01:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,168 @@ +CVE-2025-40208 [media: iris: fix module removal if firmware download failed] + - linux 6.17.6-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/fde38008fc4f43db8c17869491870df24b501543 (6.18-rc1) +CVE-2025-40207 [media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try()] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + [bookworm] - linux 6.1.158-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f37df9a0eb5e43fcfe02cbaef076123dc0d79c7e (6.18-rc1) +CVE-2025-40206 [netfilter: nft_objref: validate objref and objrefmap expressions] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + NOTE: https://git.kernel.org/linus/f359b809d54c6e3dd1d039b97e0b68390b0e53e4 (6.18-rc1) +CVE-2025-40205 [btrfs: avoid potential out-of-bounds in btrfs_encode_fh()] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + [bookworm] - linux 6.1.158-1 + NOTE: https://git.kernel.org/linus/dff4f9ff5d7f289e4545cc936362e01ed3252742 (6.18-rc1) +CVE-2025-40204 [sctp: Fix MAC comparison to be constant-time] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + [bookworm] - linux 6.1.158-1 + NOTE: https://git.kernel.org/linus/dd91c79e4f58fbe2898dac84858033700e0e99fb (6.18-rc1) +CVE-2025-40203 [listmount: don't call path_put() under namespace semaphore] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/c1f86d0ac322c7e77f6f8dbd216c65d39358ffc0 (6.18-rc1) +CVE-2025-40202 [ipmi: Rework user message limit handling] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + [bookworm] - linux 6.1.158-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b52da4054ee0bf9ecb44996f2c83236ff50b3812 (6.18-rc1) +CVE-2025-40201 [kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + [bookworm] - linux 6.1.158-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/a15f37a40145c986cdf289a4b88390f35efdecc4 (6.18-rc1) +CVE-2025-40200 [Squashfs: reject negative file sizes in squashfs_read_inode()] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + [bookworm] - linux 6.1.158-1 + NOTE: https://git.kernel.org/linus/9f1c14c1de1bdde395f6cc893efa4f80a2ae3b2b (6.18-rc1) +CVE-2025-40199 [page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/95920c2ed02bde551ab654e9749c2ca7bc3100e0 (6.18-rc1) +CVE-2025-40198 [ext4: avoid potential buffer over-read in parse_apply_sb_mount_options()] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + [bookworm] - linux 6.1.158-1 + NOTE: https://git.kernel.org/linus/8ecb790ea8c3fc69e77bace57f14cf0d7c177bd8 (6.18-rc1) +CVE-2025-40197 [media: mc: Clear minor number before put device] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + [bookworm] - linux 6.1.158-1 + NOTE: https://git.kernel.org/linus/8cfc8cec1b4da88a47c243a11f384baefd092a50 (6.18-rc1) +CVE-2025-40196 [fs: quota: create dedicated workqueue for quota_release_work] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + NOTE: https://git.kernel.org/linus/72b7ceca857f38a8ca7c5629feffc63769638974 (6.18-rc1) +CVE-2025-40195 [mount: handle NULL values in mnt_ns_release()] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + NOTE: https://git.kernel.org/linus/6c7ca6a02f8f9549a438a08a23c6327580ecf3d6 (6.18-rc1) +CVE-2025-40194 [cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + [bookworm] - linux 6.1.158-1 + NOTE: https://git.kernel.org/linus/69e5d50fcf4093fb3f9f41c4f931f12c2ca8c467 (6.18-rc1) +CVE-2025-40193 [xtensa: simdisk: add input size check in proc_write_simdisk] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + [bookworm] - linux 6.1.158-1 + NOTE: https://git.kernel.org/linus/5d5f08fd0cd970184376bee07d59f635c8403f63 (6.18-rc1) +CVE-2025-40192 [Revert "ipmi: fix msg stack when IPMI is disconnected"] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/5d09ee1bec870263f4ace439402ea840503b503b (6.18-rc1) +CVE-2025-40191 [drm/amdkfd: Fix kfd process ref leaking when userptr unmapping] + - linux 6.17.6-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/58e6fc2fb94f0f409447e5d46cf6a417b6397fbc (6.18-rc1) +CVE-2025-40190 [ext4: guard against EA inode refcount underflow in xattr update] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + [bookworm] - linux 6.1.158-1 + NOTE: https://git.kernel.org/linus/57295e835408d8d425bef58da5253465db3d6888 (6.18-rc1) +CVE-2025-40189 [net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom] + - linux 6.17.6-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/49bdb63ff64469a6de8ea901aef123c75be9bbe7 (6.18-rc1) +CVE-2025-40188 [pwm: berlin: Fix wrong register in suspend/resume] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + [bookworm] - linux 6.1.158-1 + NOTE: https://git.kernel.org/linus/3a4b9d027e4061766f618292df91760ea64a1fcc (6.18-rc1) +CVE-2025-40187 [net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + [bookworm] - linux 6.1.158-1 + NOTE: https://git.kernel.org/linus/2f3119686ef50319490ccaec81a575973da98815 (6.18-rc1) +CVE-2025-40186 [tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request().] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + [bookworm] - linux 6.1.158-1 + NOTE: https://git.kernel.org/linus/2e7cbbbe3d61c63606994b7ff73c72537afe2e1c (6.18-rc1) +CVE-2025-40185 [ice: ice_adapter: release xa entry on adapter allocation failure] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/2db687f3469dbc5c59bc53d55acafd75d530b497 (6.18-rc1) +CVE-2025-40184 [KVM: arm64: Fix debug checking for np-guests using huge mappings] + - linux 6.17.6-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/2ba972bf71cb71d2127ec6c3db1ceb6dd0c73173 (6.18-rc1) +CVE-2025-40183 [bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6}] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + [bookworm] - linux 6.1.158-1 + NOTE: https://git.kernel.org/linus/23f3770e1a53e6c7a553135011f547209e141e72 (6.18-rc1) +CVE-2025-40182 [crypto: skcipher - Fix reqsize handling] + - linux 6.17.6-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/229c586b5e86979badb7cb0d38717b88a9e95ddd (6.18-rc1) +CVE-2025-40181 [x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/0dccbc75e18df85399a71933d60b97494110f559 (6.18-rc1) +CVE-2025-40180 [mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + NOTE: https://git.kernel.org/linus/0aead8197fc1a85b0a89646e418feb49a564b029 (6.18-rc1) +CVE-2025-40179 [ext4: verify orphan file size is not too big] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + [bookworm] - linux 6.1.158-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/0a6ce20c156442a4ce2a404747bb0fb05d54eeb3 (6.18-rc1) +CVE-2025-40178 [pid: Add a judgment for ns null in pid_nr_ns] + - linux 6.17.6-1 + [trixie] - linux 6.12.57-1 + [bookworm] - linux 6.1.158-1 + NOTE: https://git.kernel.org/linus/006568ab4c5ca2309ceb36fa553e390b4aa9c0c7 (6.18-rc1) CVE-2025-9316 (N-central < 2025.4 can generate sessionIDs for unauthenticated users ...) NOT-FOR-US: N-central CVE-2025-8485 (An improper permissions vulnerability was reported in Lenovo App Store ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e18b80474e3b042790c2e9479370eecce704625c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e18b80474e3b042790c2e9479370eecce704625c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
