Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: c0b36f27 by Salvatore Bonaccorso at 2026-01-31T14:21:16+01:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,89 @@ +CVE-2026-23039 [drm/gud: fix NULL fb and crtc dereferences on USB disconnect] + - linux 6.18.8-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/dc2d5ddb193e363187bae2ad358245642d2721fb (6.19-rc6) +CVE-2026-23036 [btrfs: release path before iget_failed() in btrfs_read_locked_inode()] + - linux 6.18.8-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/1e1f2055ad5a7a5d548789b334a4473a7665c418 (6.19-rc6) +CVE-2026-23034 [drm/amdgpu/userq: Fix fence reference leak on queue teardown v2] + - linux 6.18.8-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b2426a211dba6432e32a2e70e9183c6e134475c6 (6.19-rc6) +CVE-2025-71187 [dmaengine: sh: rz-dmac: fix device leak on probe failure] + - linux 6.18.8-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/9fb490323997dcb6f749cd2660a17a39854600cd (6.19-rc6) +CVE-2026-23038 [pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node()] + - linux 6.18.8-1 + NOTE: https://git.kernel.org/linus/0c728083654f0066f5e10a1d2b0bd0907af19a58 (6.19-rc6) +CVE-2026-23037 [can: etas_es58x: allow partial RX URB allocation to succeed] + - linux 6.18.8-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b1979778e98569c1e78c2c7f16bb24d76541ab00 (6.19-rc6) +CVE-2026-23035 [net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv] + - linux 6.18.8-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/4ef8512e1427111f7ba92b4a847d181ff0aeec42 (6.19-rc6) +CVE-2026-23033 [dmaengine: omap-dma: fix dma_pool resource leak in error paths] + - linux 6.18.8-1 + NOTE: https://git.kernel.org/linus/2e1136acf8a8887c29f52e35a77b537309af321f (6.19-rc6) +CVE-2026-23032 [null_blk: fix kmemleak by releasing references to fault configfs items] + - linux 6.18.8-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/40b94ec7edbbb867c4e26a1a43d2b898f04b93c5 (6.19-rc6) +CVE-2026-23031 [can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak] + - linux 6.18.8-1 + NOTE: https://git.kernel.org/linus/7352e1d5932a0e777e39fa4b619801191f57e603 (6.19-rc6) +CVE-2026-23030 [phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe()] + - linux 6.18.8-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e07dea3de508cd6950c937cec42de7603190e1ca (6.19-rc6) +CVE-2026-23029 [LoongArch: KVM: Fix kvm_device leak in kvm_eiointc_destroy()] + - linux 6.18.8-1 + NOTE: https://git.kernel.org/linus/7d8553fc75aefa7ec936af0cf8443ff90b51732e (6.19-rc6) +CVE-2026-23028 [LoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy()] + - linux 6.18.8-1 + NOTE: https://git.kernel.org/linus/0bf58cb7288a4d3de6d8ecbb3a65928a9362bf21 (6.19-rc6) +CVE-2026-23027 [LoongArch: KVM: Fix kvm_device leak in kvm_pch_pic_destroy()] + - linux 6.18.8-1 + NOTE: https://git.kernel.org/linus/1cf342a7c3adc5877837b53bbceb5cc9eff60bbf (6.19-rc6) +CVE-2026-23026 [dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config()] + - linux 6.18.8-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3f747004bbd641131d9396d87b5d2d3d1e182728 (6.19-rc6) +CVE-2026-23025 [mm/page_alloc: prevent pcp corruption with SMP=n] + - linux 6.18.8-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/038a102535eb49e10e93eafac54352fcc5d78847 (6.19-rc6) +CVE-2025-71191 [dmaengine: at_hdmac: fix device leak on of_dma_xlate()] + - linux 6.18.8-1 + NOTE: https://git.kernel.org/linus/b9074b2d7a230b6e28caa23165e9d8bc0677d333 (6.19-rc6) +CVE-2025-71190 [dmaengine: bcm-sba-raid: fix device leak on probe] + - linux 6.18.8-1 + NOTE: https://git.kernel.org/linus/7c3a46ebf15a9796b763a54272407fdbf945bed8 (6.19-rc6) +CVE-2025-71189 [dmaengine: dw: dmamux: fix OF node leak on route allocation failure] + - linux 6.18.8-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/ec25e60f9f95464aa11411db31d0906b3fb7b9f2 (6.19-rc6) +CVE-2025-71188 [dmaengine: lpc18xx-dmamux: fix device leak on route allocation] + - linux 6.18.8-1 + NOTE: https://git.kernel.org/linus/d4d63059dee7e7cae0c4d9a532ed558bc90efb55 (6.19-rc6) +CVE-2025-71186 [dmaengine: stm32: dmamux: fix device leak on route allocation] + - linux 6.18.8-1 + NOTE: https://git.kernel.org/linus/dd6e4943889fb354efa3f700e42739da9bddb6ef (6.19-rc6) +CVE-2025-71185 [dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation] + - linux 6.18.8-1 + NOTE: https://git.kernel.org/linus/4fc17b1c6d2e04ad13fd6c21cfbac68043ec03f9 (6.19-rc6) CVE-2026-23024 [idpf: fix memory leak of flow steer list on rmmod] - linux 6.18.8-1 [trixie] - linux <not-affected> (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0b36f272fcb74e89e1aceed3d550717f0080134 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0b36f272fcb74e89e1aceed3d550717f0080134 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
