Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6aab9a26 by Salvatore Bonaccorso at 2026-01-13T20:45:56+01:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,92 @@ +CVE-2025-71101 [platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing] + - linux <unfixed> + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e44c42c830b7ab36e3a3a86321c619f24def5206 (6.19-rc4) +CVE-2025-71100 [wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc()] + - linux <unfixed> + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/dd39edb445f07400e748da967a07d5dca5c5f96e (6.19-rc4) +CVE-2025-71099 [drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl()] + - linux <unfixed> + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/dcb171931954c51a1a7250d558f02b8f36570783 (6.19-rc1) +CVE-2025-71098 [ip6_gre: make ip6gre_header() robust] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/db5b4e39c4e63700c68a7e65fc4e1f1375273476 (6.19-rc4) +CVE-2025-71097 [ipv4: Fix reference count leak when using error routes with nexthop objects] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/ac782f4e3bfcde145b8a7f8af31d9422d94d172a (6.19-rc4) +CVE-2025-71096 [RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/a7b8e876e0ef0232b8076972c57ce9a7286b47ca (6.19-rc4) +CVE-2025-71095 [net: stmmac: fix the crash issue for zero copy XDP_TX action] + - linux <unfixed> + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/a48e232210009be50591fdea8ba7c07b0f566a13 (6.19-rc4) +CVE-2025-71094 [net: usb: asix: validate PHY address before use] + - linux <unfixed> + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/a1e077a3f76eea0dc671ed6792e7d543946227e8 (6.19-rc4) +CVE-2025-71093 [e1000: fix OOB in e1000_tbi_should_accept()] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/9c72a5182ed92904d01057f208c390a303f00a0f (6.19-rc4) +CVE-2025-71092 [RDMA/bnxt_re: Fix OOB write in bnxt_re_copy_err_stats()] + - linux <unfixed> + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/9b68a1cc966bc947d00e4c0df7722d118125aa37 (6.19-rc4) +CVE-2025-71091 [team: fix check for port enabled in team_queue_override_port_prio_changed()] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/932ac51d9953eaf77a1252f79b656d4ca86163c6 (6.19-rc4) +CVE-2025-71090 [nfsd: fix nfsd_file reference leak in nfsd4_add_rdaccess_to_wrdeleg()] + - linux <unfixed> + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8072e34e1387d03102b788677d491e2bcceef6f5 (6.19-rc4) +CVE-2025-71089 [iommu: disable SVA when CONFIG_X86 is set] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/72f98ef9a4be30d2a60136dd6faee376f780d06c (6.19-rc1) +CVE-2025-71088 [mptcp: fallback earlier on simult connection] + - linux <unfixed> + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/71154bbe49423128c1c8577b6576de1ed6836830 (6.19-rc4) +CVE-2025-71087 [iavf: fix off-by-one issues in iavf_config_rss_reg()] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/6daa2893f323981c7894c68440823326e93a7d61 (6.19-rc4) +CVE-2025-71086 [net: rose: fix invalid array index in rose_kill_by_device()] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/6595beb40fb0ec47223d3f6058ee40354694c8e4 (6.19-rc4) +CVE-2025-71085 [ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/58fc7342b529803d3c221101102fe913df7adb83 (6.19-rc4) +CVE-2025-71084 [RDMA/cm: Fix leaking the multicast GID table reference] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/57f3cb6c84159d12ba343574df2115fb18dd83ca (6.19-rc4) +CVE-2025-71083 [drm/ttm: Avoid NULL pointer deref for evicted BOs] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/491adc6a0f9903c32b05f284df1148de39e8e644 (6.19-rc1) +CVE-2025-71082 [Bluetooth: btusb: revert use of devm_kzalloc in btusb] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/252714f1e8bdd542025b16321c790458014d6880 (6.19-rc4) +CVE-2025-71081 [ASoC: stm32: sai: fix OF node leak on probe] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/23261f0de09427367e99f39f588e31e2856a690e (6.19-rc1) +CVE-2025-71080 [ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT] + - linux <unfixed> + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/1adaea51c61b52e24e7ab38f7d3eba023b2d050d (6.19-rc4) +CVE-2025-71079 [net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/1ab526d97a57e44d26fadcc0e9adeb9c0c0182f5 (6.19-rc4) +CVE-2025-71078 [powerpc/64s/slb: Fix SLB multihit issue during SLB preload] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/00312419f0863964625d6dcda8183f96849412c6 (6.19-rc1) CVE-2025-71070 [ublk: clean up user copy references on ublk server exit] - linux 6.18.3-1 [trixie] - linux <not-affected> (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6aab9a269d75e3025d8f169e9012587ac4c06867 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6aab9a269d75e3025d8f169e9012587ac4c06867 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
