Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: e7bf8454 by Salvatore Bonaccorso at 2026-02-14T16:39:36+01:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,117 @@ +CVE-2026-23131 [platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names] + - linux 6.18.8-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/fdee1b09721605f532352628d0a24623e7062efb (6.19-rc7) +CVE-2026-23130 [wifi: ath12k: fix dead lock while flushing management frames] + - linux 6.18.8-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f88e9fc30a261d63946ddc6cc6a33405e6aa27c3 (6.19-rc7) +CVE-2026-23129 [dpll: Prevent duplicate registrations] + - linux 6.18.8-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f3ddbaaaaf4d0633b40482f471753f9c71294a4a (6.19-rc7) +CVE-2026-23127 [perf: Fix refcount warning on event->mmap_count increment] + - linux 6.18.8-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/d06bf78e55d5159c1b00072e606ab924ffbbad35 (6.19-rc7) +CVE-2026-23125 [sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT] + - linux 6.18.8-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux 6.1.162-1 + [bullseye] - linux 5.10.249-1 + NOTE: https://git.kernel.org/linus/a80c9d945aef55b23b54838334345f20251dad83 (6.19-rc7) +CVE-2026-23124 [ipv6: annotate data-race in ndisc_router_discovery()] + - linux 6.18.8-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux 6.1.162-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/9a063f96d87efc3a6cc667f8de096a3d38d74bb5 (6.19-rc7) +CVE-2026-23123 [interconnect: debugfs: initialize src_node and dst_node to empty strings] + - linux 6.18.8-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8cc27f5c6dd17dd090f3a696683f04336c162ff5 (6.19-rc7) +CVE-2026-23122 [igc: Reduce TSN TX packet buffer from 7KB to 5KB per queue] + - linux 6.18.8-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8ad1b6c1e63d25f5465b7a8aa403bdcee84b86f9 (6.19-rc7) +CVE-2026-23121 [mISDN: annotate data-race around dev->work] + - linux 6.18.8-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux 6.1.162-1 + [bullseye] - linux 5.10.249-1 + NOTE: https://git.kernel.org/linus/8175dbf174d487afab81e936a862a8d9b8a1ccb6 (6.19-rc7) +CVE-2026-23120 [l2tp: avoid one data-race in l2tp_tunnel_del_work()] + - linux 6.18.8-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux 6.1.162-1 + [bullseye] - linux 5.10.249-1 + NOTE: https://git.kernel.org/linus/7a29f6bf60f2590fe5e9c4decb451e19afad2bcf (6.19-rc7) +CVE-2026-23119 [bonding: provide a net pointer to __skb_flow_dissect()] + - linux 6.18.8-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux 6.1.162-1 + [bullseye] - linux 5.10.249-1 + NOTE: https://git.kernel.org/linus/5f9b329096596b7e53e07d041d7fca4cbe1be752 (6.19-rc7) +CVE-2026-23117 [ice: add missing ice_deinit_hw() in devlink reinit path] + - linux 6.18.8-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/42fb5f3deb582cb96440e4683745017dbabb83d6 (6.19-rc7) +CVE-2026-23116 [pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu] + - linux 6.18.8-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux 6.1.162-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3de49966499634454fd59e0e6fecd50baab7febd (6.19-rc7) +CVE-2026-23115 [serial: Fix not set tty->port race condition] + - linux 6.18.8-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/32f37e57583f869140cff445feedeea8a5fea986 (6.19-rc7) +CVE-2026-23114 [arm64/fpsimd: ptrace: Fix SVE writes on !SME systems] + - linux 6.18.8-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/128a7494a9f15aad60cc6b7e3546bf481ac54a13 (6.19-rc7) +CVE-2025-71200 [mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode] + - linux 6.18.8-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux 6.1.162-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3009738a855cf938bbfc9078bec725031ae623a4 (6.19-rc7) +CVE-2026-23128 [arm64: Set __nocfi on swsusp_arch_resume()] + - linux 6.18.8-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux 6.1.162-1 + NOTE: https://git.kernel.org/linus/e2f8216ca2d8e61a23cb6ec355616339667e0ba6 (6.19-rc7) +CVE-2026-23126 [netdevsim: fix a race issue related to the operation on bpf_bound_progs list] + - linux 6.18.8-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux 6.1.162-1 + NOTE: https://git.kernel.org/linus/b97d5eedf4976cc94321243be83b39efe81a0e15 (6.19-rc7) +CVE-2026-23118 [rxrpc: Fix data-race warning and potential load/store tearing] + - linux 6.18.8-1 + [trixie] - linux 6.12.69-1 + NOTE: https://git.kernel.org/linus/5d5fe8bcd331f1e34e0943ec7c18432edfcf0e8b (6.19-rc7) +CVE-2026-23113 [io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop] + - linux 6.18.8-1 + [trixie] - linux 6.12.69-1 + NOTE: https://git.kernel.org/linus/10dc959398175736e495f71c771f8641e1ca1907 (6.19-rc7) CVE-2026-2469 (Versions of the package directorytree/imapengine before 1.22.3 are vul ...) TODO: check CVE-2026-2144 (The Magic Login Mail or QR Code plugin for WordPress is vulnerable to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7bf84546858acc581220f42939113e8acf5f450 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7bf84546858acc581220f42939113e8acf5f450 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
