Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: b11385cc by Salvatore Bonaccorso at 2026-02-14T17:17:20+01:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,161 @@ +CVE-2026-23173 [net/mlx5e: TC, delete flows only for existing peers] + - linux 6.18.9-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f67666938ae626cbda63fbf5176b3583c07e7124 (6.19-rc8) +CVE-2026-23172 [net: wwan: t7xx: fix potential skb->frags overflow in RX path] + - linux 6.18.9-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux 6.1.162-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f0813bcd2d9d97fdbdf2efb9532ab03ae92e99e6 (6.19-rc8) +CVE-2026-23170 [drm/imx/tve: fix probe device leak] + - linux 6.18.9-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux 6.1.162-1 + [bullseye] - linux 5.10.249-1 + NOTE: https://git.kernel.org/linus/e535c23513c63f02f67e3e09e0787907029efeaf (6.19-rc8) +CVE-2026-23168 [flex_proportions: make fprop_new_period() hardirq safe] + - linux 6.18.9-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux 6.1.162-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/dd9e2f5b38f1fdd49b1ab6d3a85f81c14369eacc (6.19-rc8) +CVE-2026-23167 [nfc: nci: Fix race between rfkill and nci_unregister_device().] + - linux 6.18.9-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux 6.1.162-1 + [bullseye] - linux 5.10.249-1 + NOTE: https://git.kernel.org/linus/d2492688bb9fed6ab6e313682c387ae71a66ebae (6.19-rc8) +CVE-2026-23166 [ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues] + - linux 6.18.9-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/9bb30be4d89ff9a8d7ab1aa0eb2edaca83431f85 (6.19-rc8) +CVE-2026-23165 [sfc: fix deadlock in RSS config read] + - linux 6.18.9-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/944c614b0a7afa5b87612c3fb557b95a50ad654c (6.19-rc8) +CVE-2026-23164 [rocker: fix memory leak in rocker_world_port_post_fini()] + - linux 6.18.9-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux 6.1.162-1 + [bullseye] - linux 5.10.249-1 + NOTE: https://git.kernel.org/linus/8d7ba71e46216b8657a82ca2ec118bc93812a4d0 (6.19-rc8) +CVE-2026-23163 [drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove] + - linux 6.18.9-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8b1ecc9377bc641533cd9e76dfa3aee3cd04a007 (6.19-rc8) +CVE-2026-23162 [drm/xe/nvm: Fix double-free on aux add failure] + - linux 6.18.9-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8a44241b0b83a6047c5448da1fff03fcc29496b5 (6.19-rc8) +CVE-2026-23161 [mm/shmem, swap: fix race of truncate and swap entry split] + - linux 6.18.9-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8a1968bd997f45a9b11aefeabdd1232e1b6c7184 (6.19-rc8) +CVE-2026-23160 [octeon_ep: Fix memory leak in octep_device_setup()] + - linux 6.18.9-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8016dc5ee19a77678c264f8ba368b1e873fa705b (6.19-rc8) +CVE-2026-23159 [perf: sched: Fix perf crash with new is_user_task() helper] + - linux 6.18.9-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/76ed27608f7dd235b727ebbb12163438c2fbb617 (6.19-rc8) +CVE-2026-23158 [gpio: virtuser: fix UAF in configfs release path] + - linux 6.18.9-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/53ad4a948a4586359b841d607c08fb16c5503230 (6.19-rc8) +CVE-2026-23156 [efivarfs: fix error propagation in efivar_entry_get()] + - linux 6.18.9-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux 6.1.162-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/4b22ec1685ce1fc0d862dcda3225d852fb107995 (6.19-rc8) +CVE-2026-23155 [can: gs_usb: gs_usb_receive_bulk_callback(): fix error message] + - linux 6.18.9-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/494fc029f662c331e06b7c2031deff3c64200eed (6.19-rc8) +CVE-2026-23153 [firewire: core: fix race condition against transaction list] + - linux 6.18.9-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/20e01bba2ae4898ce65cdcacd1bd6bec5111abd9 (6.19-rc8) +CVE-2026-23151 [Bluetooth: MGMT: Fix memory leak in set_ssp_complete] + - linux 6.18.9-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/1b9c17fd0a7fdcbe69ec5d6fe8e50bc5ed7f01f2 (6.19-rc8) +CVE-2026-23150 [nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame().] + - linux 6.18.9-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux 6.1.162-1 + [bullseye] - linux 5.10.249-1 + NOTE: https://git.kernel.org/linus/165c34fb6068ff153e3fc99a932a80a9d5755709 (6.19-rc8) +CVE-2026-23149 [drm: Do not allow userspace to trigger kernel warnings in drm_gem_change_handle_ioctl()] + - linux 6.18.9-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/12f15d52d38ac53f7c70ea3d4b3d76afed04e064 (6.19-rc8) +CVE-2026-23148 [nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference] + - linux 6.18.9-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/0fcee2cfc4b2e16e62ff8e0cc2cd8dd24efad65e (6.19-rc8) +CVE-2026-23147 [btrfs: zlib: fix the folio leak on S390 hardware acceleration] + - linux 6.18.9-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/0d0f1314e8f86f5205f71f9e31e272a1d008e40b (6.19-rc8) +CVE-2026-23146 [Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work] + - linux 6.18.9-1 + [trixie] - linux 6.12.69-1 + [bookworm] - linux 6.1.162-1 + [bullseye] - linux 5.10.249-1 + NOTE: https://git.kernel.org/linus/0c3cd7a0b862c37acbee6d9502107146cc944398 (6.19-rc8) +CVE-2026-23171 [bonding: fix use-after-free due to enslave fail after slave array update] + - linux 6.18.9-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e9acda52fd2ee0cdca332f996da7a95c5fd25294 (6.19-rc8) +CVE-2026-23169 [mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()] + - linux 6.18.9-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e2a9eeb69f7d4ca4cf4c70463af77664fdb6ab1d (6.19-rc8) +CVE-2026-23157 [btrfs: do not strictly require dirty metadata threshold for metadata writepages] + - linux 6.18.9-1 + NOTE: https://git.kernel.org/linus/4e159150a9a56d66d247f4b5510bed46fe58aa1c (6.19-rc8) +CVE-2026-23154 [net: fix segmentation of forwarding fraglist GRO] + - linux 6.18.9-1 + [trixie] - linux 6.12.69-1 + NOTE: https://git.kernel.org/linus/426ca15c7f6cb6562a081341ca88893a50c59fa2 (6.19-rc8) +CVE-2026-23152 [wifi: mac80211: correctly decode TTLM with default link map] + - linux 6.18.9-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/1eab33aa63c993685dd341e03bd5b267dd7403fa (6.19-rc8) CVE-2026-23145 [ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref] - linux 6.18.8-1 [trixie] - linux 6.12.69-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b11385cc09f5d4cb4080153fad1af0268fd9cc98 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b11385cc09f5d4cb4080153fad1af0268fd9cc98 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
