Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: ce32e75b by Salvatore Bonaccorso at 2026-02-14T20:21:11+01:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,189 @@ +CVE-2026-23203 [net: cpsw_new: Execute ndo_set_rx_mode callback in a work queue] + - linux 6.18.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/c0b5dc73a38f954e780f93a549b8fe225235c07a (6.19) +CVE-2026-23197 [i2c: imx: preserve error state in block data length handler] + - linux 6.18.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b126097b0327437048bd045a0e4d273dea2910dd (6.19) +CVE-2026-23195 [cgroup/dmem: avoid pool UAF] + - linux 6.18.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/99a2ef500906138ba58093b9893972a5c303c734 (6.19) +CVE-2026-23194 [rust_binder: correctly handle FDA objects of length zero] + - linux 6.18.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8f589c9c3be539d6c2b393c82940c3783831082f (6.19) +CVE-2026-23192 [linkwatch: use __dev_put() in callers to prevent UAF] + - linux 6.18.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/83b67cc9be9223183caf91826d9c194d7fb128fa (6.19) +CVE-2026-23186 [hwmon: (acpi_power_meter) Fix deadlocks related to acpi_power_meter_notify()] + - linux 6.18.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/615901b57b7ef8eb655f71358f7e956e42bcd16b (6.19) +CVE-2026-23185 [wifi: iwlwifi: mld: cancel mlo_scan_start_wk] + - linux 6.18.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/5ff641011ab7fb63ea101251087745d9826e8ef5 (6.19) +CVE-2026-23184 [binder: fix UAF in binder_netlink_report()] + - linux 6.18.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/5e8a3d01544282e50d887d76f30d1496a0a53562 (6.19) +CVE-2026-23183 [cgroup/dmem: fix NULL pointer dereference when setting max] + - linux 6.18.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/43151f812886be1855d2cba059f9c93e4729460b (6.19) +CVE-2026-23175 [net: cpsw: Execute ndo_set_rx_mode callback in a work queue] + - linux 6.18.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/0b8c878d117319f2be34c8391a77e0f4d5c94d79 (6.19) +CVE-2026-23174 [nvme-pci: handle changing device dma map requirements] + - linux 6.18.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/071be3b0b6575d45be9df9c5b612f5882bfc5e88 (6.19) +CVE-2026-23210 [ice: Fix PTP NULL pointer dereference during VSI rebuild] + - linux 6.18.10-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/fc6f36eaaedcf4b81af6fe1a568f018ffd530660 (6.19) +CVE-2026-23209 [macvlan: fix error recovery in macvlan_common_newlink()] + - linux 6.18.10-1 + NOTE: https://git.kernel.org/linus/f8db6475a83649689c087a8f52486fcc53e627e9 (6.19) +CVE-2026-23208 [ALSA: usb-audio: Prevent excessive number of frames] + - linux 6.18.10-1 + NOTE: https://git.kernel.org/linus/ef5749ef8b307bf8717945701b1b79d036af0a15 (6.19-rc6) +CVE-2026-23207 [spi: tegra210-quad: Protect curr_xfer check in IRQ handler] + - linux 6.18.10-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/edf9088b6e1d6d88982db7eb5e736a0e4fbcc09e (6.19) +CVE-2026-23206 [dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero] + - linux 6.18.10-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/ed48a84a72fefb20a82dd90a7caa7807e90c6f66 (6.19) +CVE-2026-23205 [smb/client: fix memory leak in smb2_open_file()] + - linux 6.18.10-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e3a43633023e3cacaca60d4b8972d084a2b06236 (6.19) +CVE-2026-23204 [net/sched: cls_u32: use skb_header_pointer_careful()] + - linux 6.18.10-1 + NOTE: https://git.kernel.org/linus/cabd1a976375780dabab888784e356f574bbaed8 (6.19) +CVE-2026-23202 [spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer] + - linux 6.18.10-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/bf4528ab28e2bf112c3a2cdef44fd13f007781cd (6.19) +CVE-2026-23201 [ceph: fix oops due to invalid pointer for kfree() in parse_longname()] + - linux 6.18.10-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/bc8dedae022ce3058659c3addef3ec4b41d15e00 (6.19) +CVE-2026-23200 [ipv6: Fix ECMP sibling count mismatch when clearing RTF_ADDRCONF] + - linux 6.18.10-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/bbf4a17ad9ffc4e3d7ec13d73ecd59dea149ed25 (6.19) +CVE-2026-23199 [procfs: avoid fetching build ID while holding VMA lock] + - linux 6.18.10-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b5cbacd7f86f4f62b8813688c8e73be94e8e1951 (6.19) +CVE-2026-23198 [KVM: Don't clobber irqfd routing type when deassigning irqfd] + - linux 6.18.10-1 + NOTE: https://git.kernel.org/linus/b4d37cdb77a0015f51fee083598fa227cc07aaf1 (6.19) +CVE-2026-23196 [HID: Intel-thc-hid: Intel-thc: Add safety check for reading DMA buffer] + - linux 6.18.10-1 + NOTE: https://git.kernel.org/linus/a9a917998d172ec117f9e9de1919174153c0ace4 (6.19-rc5) +CVE-2026-23193 [scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()] + - linux 6.18.10-1 + NOTE: https://git.kernel.org/linus/84dc6037390b8607c5551047d3970336cb51ba9a (6.19-rc7) +CVE-2026-23191 [ALSA: aloop: Fix racy access at PCM trigger] + - linux 6.18.10-1 + NOTE: https://git.kernel.org/linus/826af7fa62e347464b1b4e0ba2fe19a92438084f (6.19) +CVE-2026-23190 [ASoC: amd: fix memory leak in acp3x pdm dma ops] + - linux 6.18.10-1 + NOTE: https://git.kernel.org/linus/7f67ba5413f98d93116a756e7f17cd2c1d6c2bd6 (6.19) +CVE-2026-23189 [ceph: fix NULL pointer dereference in ceph_mds_auth_match()] + - linux 6.18.10-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7987cce375ac8ce98e170a77aa2399f2cf6eb99f (6.19) +CVE-2026-23188 [net: usb: r8152: fix resume reset deadlock] + - linux 6.18.10-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6d06bc83a5ae8777a5f7a81c32dd75b8d9b2fe04 (6.19) +CVE-2026-23187 [pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains] + - linux 6.18.10-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6bd8b4a92a901fae1a422e6f914801063c345e8d (6.19) +CVE-2026-23182 [spi: tegra: Fix a memory leak in tegra_slink_probe()] + - linux 6.18.10-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/41d9a6795b95d6ea28439ac1e9ce8c95bbca20fc (6.19) +CVE-2026-23181 [btrfs: sync read disk super and set block size] + - linux 6.18.10-1 + NOTE: https://git.kernel.org/linus/3f29d661e5686f3aa14e6f11537ff5c49846f2e2 (6.19-rc7) +CVE-2026-23180 [dpaa2-switch: add bounds check for if_id in IRQ handler] + - linux 6.18.10-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/31a7a0bbeb006bac2d9c81a2874825025214b6d8 (6.19) +CVE-2026-23179 [nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()] + - linux 6.18.10-1 + NOTE: https://git.kernel.org/linus/2fa8961d3a6a1c2395d8d560ffed2c782681bade (6.19-rc6) +CVE-2026-23178 [HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report()] + - linux 6.18.10-1 + NOTE: https://git.kernel.org/linus/2497ff38c530b1af0df5130ca9f5ab22c5e92f29 (6.19-rc5) +CVE-2026-23177 [mm, shmem: prevent infinite loop on truncate race] + - linux 6.18.10-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/2030dddf95451b4e7a389f052091e7c4b7b274c6 (6.19) +CVE-2026-23176 [platform/x86: toshiba_haps: Fix memory leaks in add/remove routines] + - linux 6.18.10-1 + NOTE: https://git.kernel.org/linus/128497456756e1b952bd5a912cd073836465109d (6.19) +CVE-2025-71224 [wifi: mac80211: ocb: skip rx_no_sta when interface is not joined] + - linux 6.18.10-1 + NOTE: https://git.kernel.org/linus/ff4071c60018a668249dc6a2df7d16330543540e (6.19-rc4) +CVE-2025-71223 [smb/server: fix refcount leak in smb2_open()] + - linux 6.18.10-1 + NOTE: https://git.kernel.org/linus/f416c556997aa56ec4384c6b6efd6a0e6ac70aa7 (6.19-rc4) +CVE-2025-71222 [wifi: wlcore: ensure skb headroom before skb_push] + - linux 6.18.10-1 + NOTE: https://git.kernel.org/linus/e75665dd096819b1184087ba5718bd93beafff51 (6.19-rc4) +CVE-2025-71221 [dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue()] + - linux 6.18.10-1 + NOTE: https://git.kernel.org/linus/a143545855bc2c6e1330f6f57ae375ac44af00a7 (6.19-rc6) +CVE-2025-71220 [smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe()] + - linux 6.18.10-1 + NOTE: https://git.kernel.org/linus/7c28f8eef5ac5312794d8a52918076dcd787e53b (6.19-rc4) +CVE-2025-71204 [smb/server: fix refcount leak in parse_durable_handle_context()] + - linux 6.18.10-1 + NOTE: https://git.kernel.org/linus/3296c3012a9d9a27e81e34910384e55a6ff3cff0 (6.19-rc4) +CVE-2025-71203 [riscv: Sanitize syscall table indexing under speculation] + - linux 6.18.10-1 + NOTE: https://git.kernel.org/linus/25fd7ee7bf58ac3ec7be3c9f82ceff153451946c (6.19-rc5) CVE-2026-23173 [net/mlx5e: TC, delete flows only for existing peers] - linux 6.18.9-1 [trixie] - linux 6.12.69-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce32e75bdbb603ad7e394f9af01f89a384001dab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce32e75bdbb603ad7e394f9af01f89a384001dab You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
