Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: abf28e82 by Salvatore Bonaccorso at 2026-01-05T16:33:56+01:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,80 @@ +CVE-2025-68762 [net: netpoll: initialize work queue before error checks] + - linux 6.17.13-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e5235eb6cfe02a51256013a78f7b28779a7740d5 (6.19-rc1) +CVE-2025-68761 [hfs: fix potential use after free in hfs_correct_next_unused_CNID()] + - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/c105e76bb17cf4b55fe89c6ad4f6a0e3972b5b08 (6.19-rc1) +CVE-2025-68760 [iommu/amd: Fix potential out-of-bounds read in iommu_mmio_show] + - linux 6.17.13-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/a0c7005333f9a968abb058b1d77bbcd7fb7fd1e7 (6.19-rc1) +CVE-2025-68754 [rtc: amlogic-a4: fix double free caused by devm] + - linux 6.17.13-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/384150d7a5b60c1086790a8ee07b0629f906cca2 (6.19-rc1) +CVE-2025-68752 [iavf: Implement settime64 with -EOPNOTSUPP] + - linux 6.17.13-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/1e43ebcd5152b3e681a334cc6542fb21770c3a2e (6.19-rc1) +CVE-2025-68766 [irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()] + - linux 6.17.13-1 + [trixie] - linux 6.12.63-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7dbc0d40d8347bd9de55c904f59ea44bcc8dedb7 (6.19-rc1) +CVE-2025-68765 [mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()] + - linux 6.17.13-1 + [trixie] - linux 6.12.63-1 + NOTE: https://git.kernel.org/linus/53d1548612670aa8b5d89745116cc33d9d172863 (6.19-rc1) +CVE-2025-68764 [NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags] + - linux 6.17.13-1 + [trixie] - linux 6.12.63-1 + NOTE: https://git.kernel.org/linus/8675c69816e4276b979ff475ee5fac4688f80125 (6.19-rc1) +CVE-2025-68763 [crypto: starfive - Correctly handle return of sg_nents_for_len] + - linux 6.17.13-1 + [trixie] - linux 6.12.63-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e9eb52037a529fbb307c290e9951a62dd728b03d (6.19-rc1) +CVE-2025-68759 [wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()] + - linux 6.17.13-1 + [trixie] - linux 6.12.63-1 + NOTE: https://git.kernel.org/linus/9b5b9c042b30befc5b37e4539ace95af70843473 (6.19-rc1) +CVE-2025-68758 [backlight: led-bl: Add devlink to supplier LEDs] + - linux 6.17.13-1 + [trixie] - linux 6.12.63-1 + NOTE: https://git.kernel.org/linus/9341d6698f4cfdfc374fb6944158d111ebe16a9d (6.19-rc1) +CVE-2025-68757 [drm/vgem-fence: Fix potential deadlock on release] + - linux 6.17.13-1 + [trixie] - linux 6.12.63-1 + NOTE: https://git.kernel.org/linus/78b4d6463e9e69e5103f98b367f8984ad12cdc6f (6.19-rc1) +CVE-2025-68756 [block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock] + - linux 6.17.13-1 + [trixie] - linux 6.12.63-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/59e25ef2b413c72da6686d431e7759302cfccafa (6.19-rc1) +CVE-2025-68755 [staging: most: remove broken i2c driver] + - linux 6.17.13-1 + NOTE: https://git.kernel.org/linus/495df2da6944477d282d5cc0c13174d06e25b310 (6.19-rc1) +CVE-2025-68753 [ALSA: firewire-motu: add bounds check in put_user loop for DSP events] + - linux 6.17.13-1 + [trixie] - linux 6.12.63-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/298e753880b6ea99ac30df34959a7a03b0878eed (6.19-rc1) +CVE-2025-68751 [s390/fpu: Fix false-positive kmsan report in fpu_vstl()] + - linux 6.17.13-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/14e4e4175b64dd9216b522f6ece8af6997d063b2 (6.19-rc1) CVE-2025-XXXX [RUSTSEC-2025-0140] - rust-gix-date <unfixed> NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0140.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abf28e8288c4b9393df61cfaab947a8ef53d129b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abf28e8288c4b9393df61cfaab947a8ef53d129b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
