Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5cc8a2f7 by Salvatore Bonaccorso at 2026-01-31T14:17:28+01:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,71 @@ +CVE-2026-23024 [idpf: fix memory leak of flow steer list on rmmod] + - linux 6.18.8-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f9841bd28b600526ca4f6713b0ca49bf7bb98452 (6.19-rc5) +CVE-2026-23022 [idpf: fix memory leak in idpf_vc_core_deinit()] + - linux 6.18.8-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e111cbc4adf9f9974eed040aeece7e17460f6bff (6.19-rc5) +CVE-2026-23018 [btrfs: release path before initializing extent tree in btrfs_read_locked_inode()] + - linux 6.18.8-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8731f2c50b0b1d2b58ed5b9671ef2c4bdc2f8347 (6.19-rc5) +CVE-2026-23016 [inet: frags: drop fraglist conntrack references] + - linux 6.18.8-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/2ef02ac38d3c17f34a00c4b267d961a8d4b45d1a (6.19-rc5) +CVE-2026-23015 [gpio: mpsse: fix reference leak in gpio_mpsse_probe() error paths] + - linux 6.18.8-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/1e876e5a0875e71e34148c9feb2eedd3bf6b2b43 (6.19-rc5) +CVE-2025-71181 [rust_binder: remove spin_lock() in rust_shrink_free_page()] + - linux 6.18.8-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/361e0ff456a8daf9753c18030533256e4133ce7a (6.19-rc5) +CVE-2026-23023 [idpf: fix memory leak in idpf_vport_rel()] + - linux 6.18.8-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f6242b354605faff263ca45882b148200915a3f6 (6.19-rc5) +CVE-2026-23021 [net: usb: pegasus: fix memory leak in update_eth_regs_async()] + - linux 6.18.8-1 + NOTE: https://git.kernel.org/linus/afa27621a28af317523e0836dad430bec551eb54 (6.19-rc5) +CVE-2026-23020 [net: 3com: 3c59x: fix possible null dereference in vortex_probe1()] + - linux 6.18.8-1 + NOTE: https://git.kernel.org/linus/a4e305ed60f7c41bbf9aabc16dd75267194e0de3 (6.19-rc5) +CVE-2026-23019 [net: marvell: prestera: fix NULL dereference on devlink_alloc() failure] + - linux 6.18.8-1 + NOTE: https://git.kernel.org/linus/a428e0da1248c353557970848994f35fd3f005e2 (6.19-rc5) +CVE-2026-23017 [idpf: fix error handling in the init_task on load] + - linux 6.18.8-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/4d792219fe6f891b5b557a607ac8a0a14eda6e38 (6.19-rc5) +CVE-2025-71184 [btrfs: fix NULL dereference on root when tracing inode eviction] + - linux 6.18.8-1 + NOTE: https://git.kernel.org/linus/f157dd661339fc6f5f2b574fe2429c43bd309534 (6.19-rc5) +CVE-2025-71183 [btrfs: always detect conflicting inodes when logging inode refs] + - linux 6.18.8-1 + NOTE: https://git.kernel.org/linus/7ba0b6461bc4edb3005ea6e00cdae189bcf908a5 (6.19-rc5) +CVE-2025-71182 [can: j1939: make j1939_session_activate() fail if device is no longer registered] + - linux 6.18.8-1 + NOTE: https://git.kernel.org/linus/5d5602236f5db19e8b337a2cd87a90ace5ea776d (6.19-rc2) +CVE-2025-71180 [counter: interrupt-cnt: Drop IRQF_NO_THREAD flag] + - linux 6.18.8-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/23f9485510c338476b9735d516c1d4aacb810d46 (6.19-rc5) CVE-2026-25156 (HotCRP is conference review software. HotCRP versions from October 202 ...) NOT-FOR-US: HotCRP CVE-2026-25154 (LocalSend is a free, open-source app that allows users to share files ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cc8a2f7cdc0b78858dbc5bed099bf100c2b50f3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cc8a2f7cdc0b78858dbc5bed099bf100c2b50f3 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
