Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2a4dc429 by Salvatore Bonaccorso at 2026-04-03T20:49:09+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,48 @@ +CVE-2026-23425 [KVM: arm64: Fix ID register initialization for non-protected pKVM guests] + - linux 6.19.8-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7e7c2cf0024d89443a7af52e09e47b1fe634ab17 (7.0-rc2) +CVE-2026-23424 [accel/amdxdna: Validate command buffer payload count] + - linux 6.19.8-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/901ec3470994006bc8dd02399e16b675566c3416 (7.0-rc2) +CVE-2026-23423 [btrfs: free pages on error in btrfs_uring_read_extent()] + - linux 6.19.8-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3f501412f2079ca14bf68a18d80a2b7a823f1f64 (7.0-rc3) +CVE-2026-23421 [drm/xe/configfs: Free ctx_restore_mid_bb in release] + - linux 6.19.8-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e377182f0266f46f02d01838e6bde67b9dac0d66 (7.0-rc3) +CVE-2026-23418 [drm/xe/reg_sr: Fix leak on xa_store failure] + - linux 6.19.8-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3091723785def05ebfe6a50866f87a044ae314ba (7.0-rc3) +CVE-2026-23426 [drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()] + - linux 6.19.8-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207 (7.0-rc2) +CVE-2026-23422 [dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler] + - linux 6.19.8-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/74badb9c20b1a9c02a95c735c6d3cd6121679c93 (7.0-rc3) +CVE-2026-23420 [wifi: wlcore: Fix a locking bug] + - linux 6.19.8-1 + NOTE: https://git.kernel.org/linus/72c6df8f284b3a49812ce2ac136727ace70acc7c (7.0-rc3) +CVE-2026-23419 [net/rds: Fix circular locking dependency in rds_tcp_tune] + - linux 6.19.8-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6a877ececd6daa002a9a0002cd0fbca6592a9244 (7.0-rc3) CVE-2026-5463 (Command injection vulnerability in console.run_module_with_output() in ...) NOT-FOR-US: pymetasploit3 CVE-2026-5457 (A security flaw has been discovered in PropertyGuru AgentNet Singapore ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a4dc429d152500ad810bca3b59510b44fc3a20d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a4dc429d152500ad810bca3b59510b44fc3a20d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
