Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 83c2ab22 by Salvatore Bonaccorso at 2025-12-09T08:47:06+01:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,68 @@ +CVE-2025-40344 [ASoC: Intel: avs: Disable periods-elapsed work when closing PCM] + - linux 6.17.8-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/845f716dc5f354c719f6fda35048b6c2eca99331 (6.18-rc4) +CVE-2025-40343 [nvmet-fc: avoid scheduling association deletion twice] + - linux 6.17.8-1 + NOTE: https://git.kernel.org/linus/f2537be4f8421f6495edfa0bc284d722f253841d (6.18-rc1) +CVE-2025-40342 [nvme-fc: use lock accessing port_state and rport state] + - linux 6.17.8-1 + NOTE: https://git.kernel.org/linus/891cdbb162ccdb079cd5228ae43bdeebce8597ad (6.18-rc1) +CVE-2025-40341 [futex: Don't leak robust_list pointer on exec race] + - linux 6.17.8-1 + NOTE: https://git.kernel.org/linus/6b54082c3ed4dc9821cdf0edb17302355cc5bb45 (6.18-rc1) +CVE-2025-40340 [drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test.] + - linux 6.17.8-1 + NOTE: https://git.kernel.org/linus/1cda3c755bb7770be07d75949bb0f45fb88651f6 (6.18-rc1) +CVE-2025-40339 [drm/amdgpu: fix nullptr err of vm_handle_moved] + - linux 6.17.8-1 + NOTE: https://git.kernel.org/linus/859958a7faefe5b7742b7b8cdbc170713d4bf158 (6.18-rc1) +CVE-2025-40338 [ASoC: Intel: avs: Do not share the name pointer between components] + - linux 6.17.8-1 + NOTE: https://git.kernel.org/linus/4dee5c1cc439b0d5ef87f741518268ad6a95b23d (6.18-rc1) +CVE-2025-40337 [net: stmmac: Correctly handle Rx checksum offload errors] + - linux 6.17.8-1 + NOTE: https://git.kernel.org/linus/ee0aace5f844ef59335148875d05bec8764e71e8 (6.18-rc1) +CVE-2025-40336 [drm/gpusvm: fix hmm_pfn_to_map_order() usage] + - linux 6.17.8-1 + NOTE: https://git.kernel.org/linus/c50729c68aaf93611c855752b00e49ce1fdd1558 (6.18-rc1) +CVE-2025-40335 [drm/amdgpu: validate userq input args] + - linux 6.17.8-1 + NOTE: https://git.kernel.org/linus/219be4711a1ba788bc2a9fafc117139d133e5fea (6.18-rc1) +CVE-2025-40334 [drm/amdgpu: validate userq buffer virtual address and size] + - linux 6.17.8-1 + NOTE: https://git.kernel.org/linus/9e46b8bb0539d7bc9a9e7b3072fa4f6082490392 (6.18-rc1) +CVE-2025-40333 [f2fs: fix infinite loop in __insert_extent_tree()] + - linux 6.17.8-1 + NOTE: https://git.kernel.org/linus/23361bd54966b437e1ed3eb1a704572f4b279e58 (6.18-rc1) +CVE-2025-40332 [drm/amdkfd: Fix mmap write lock not release] + - linux 6.17.8-1 + NOTE: https://git.kernel.org/linus/7574f30337e19045f03126b4c51f525b84e5049e (6.18-rc1) +CVE-2025-40331 [sctp: Prevent TOCTOU out-of-bounds write] + - linux 6.17.8-1 + NOTE: https://git.kernel.org/linus/95aef86ab231f047bb8085c70666059b58f53c09 (6.18-rc5) +CVE-2025-40330 [bnxt_en: Shutdown FW DMA in bnxt_shutdown()] + - linux 6.17.8-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/bc7208ca805ae6062f353a4753467d913d963bc6 (6.18-rc5) +CVE-2025-40329 [drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb] + - linux 6.17.8-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/487df8b698345dd5a91346335f05170ed5f29d4e (6.18-rc5) +CVE-2025-40328 [smb: client: fix potential UAF in smb2_close_cached_fid()] + - linux 6.17.8-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/734e99623c5b65bf2c03e35978a0b980ebc3c2f8 (6.18-rc5) +CVE-2025-40327 [perf/core: Fix system hang caused by cpu-clock usage] + - linux 6.17.8-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/eb3182ef0405ff2f6668fd3e5ff9883f60ce8801 (6.18-rc5) CVE-2013-10031 - libplack-middleware-session-perl 0.21-1 NOTE: https://lists.security.metacpan.org/cve-announce/msg/35012183/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83c2ab22c2621727753e08334fceedd9198bd185 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83c2ab22c2621727753e08334fceedd9198bd185 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
