Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 707bfc4a by Salvatore Bonaccorso at 2026-04-02T14:02:41+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,34 @@ +CVE-2026-23417 [bpf: Fix constant blinding for PROBE_MEM32 stores] + - linux <unfixed> + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/2321a9596d2260310267622e0ad8fbfa6f95378f (7.0-rc5) +CVE-2026-23416 [mm/mseal: update VMA end correctly on merge] + - linux <unfixed> + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/2697dd8ae721db4f6a53d4f4cbd438212a80f8dc (7.0-rc6) +CVE-2026-23415 [futex: Fix UaF between futex_key_to_node_opt() and vma_replace_policy()] + - linux <unfixed> + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/190a8c48ff623c3d67cb295b4536a660db2012aa (7.0-rc6) +CVE-2026-23414 [tls: Purge async_hold in tls_decrypt_async_wait()] + - linux <unfixed> + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/84a8335d8300576f1b377ae24abca1d9f197807f (7.0-rc6) +CVE-2026-23413 [clsact: Fix use-after-free in init/destroy rollback asymmetry] + - linux 6.19.10-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/a0671125d4f55e1e98d9bde8a0b671941987e208 (7.0-rc5) +CVE-2026-23412 [netfilter: bpf: defer hook memory release until rcu readers are done] + - linux 6.19.10-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/24f90fa3994b992d1a09003a3db2599330a5232a (7.0-rc5) CVE-2026-5325 (A vulnerability was determined in SourceCodester Simple Customer Relat ...) NOT-FOR-US: SourceCodester CVE-2026-5323 (A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vul ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/707bfc4abdffb1ed20d4b79434a01bd1567b90b5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/707bfc4abdffb1ed20d4b79434a01bd1567b90b5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
