Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9229bf27 by Salvatore Bonaccorso at 2026-03-18T12:40:10+01:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,37 @@ +CVE-2026-23248 [perf/core: Fix refcount bug and potential UAF in perf_mmap] + - linux 6.19.8-1 + NOTE: https://git.kernel.org/linus/77de62ad3de3967818c3dbe656b7336ebee461d2 (7.0-rc2) +CVE-2026-23247 [tcp: secure_seq: add back ports to TS offset] + - linux 6.19.8-1 + NOTE: https://git.kernel.org/linus/165573e41f2f66ef98940cf65f838b2cb575d9d1 (7.0-rc3) +CVE-2026-23246 [wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration] + - linux 6.19.8-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/162d331d833dc73a3e905a24c44dd33732af1fc5 (7.0-rc2) +CVE-2026-23245 [net/sched: act_gate: snapshot parameters with RCU on replace] + - linux 6.19.8-1 + NOTE: https://git.kernel.org/linus/62413a9c3cb183afb9bb6e94dd68caf4e4145f4c (7.0-rc3) +CVE-2026-23244 [nvme: fix memory allocation in nvme_pr_read_keys()] + - linux 6.19.8-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/c3320153769f05fd7fe9d840cb555dd3080ae424 (7.0-rc3) +CVE-2026-23243 [RDMA/umad: Reject negative data_len in ib_umad_write] + - linux 6.18.14-1 + NOTE: https://git.kernel.org/linus/5551b02fdbfd85a325bb857f3a8f9c9f33397ed2 (7.0-rc1) +CVE-2026-23242 [RDMA/siw: Fix potential NULL pointer dereference in header processing] + - linux 6.18.14-1 + NOTE: https://git.kernel.org/linus/14ab3da122bd18920ad57428f6cf4fade8385142 (7.0-rc1) +CVE-2025-71267 [fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST] + - linux 6.19.6-1 + NOTE: https://git.kernel.org/linus/06909b2549d631a47fcda249d34be26f7ca1711d (7.0-rc1) +CVE-2025-71266 [fs: ntfs3: check return value of indx_find to avoid infinite loop] + - linux 6.19.6-1 + NOTE: https://git.kernel.org/linus/1732053c8a6b360e2d5afb1b34fe9779398b072c (7.0-rc1) +CVE-2025-71265 [fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata] + - linux 6.19.6-1 + NOTE: https://git.kernel.org/linus/4b90f16e4bb5607fb35e7802eb67874038da4640 (7.0-rc1) CVE-2026-4366 (A flaw was identified in Keycloak, an identity and access management s ...) - keycloak <itp> (bug #1088287) CVE-2026-4356 (A flaw has been found in itsourcecode University Management System 1.0 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9229bf27c826271b896bafc0a04bda17b1fdc4f6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9229bf27c826271b896bafc0a04bda17b1fdc4f6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
