Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: d4bcb719 by Salvatore Bonaccorso at 2026-05-13T18:32:28+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,81 @@ +CVE-2026-43489 [liveupdate: luo_file: remember retrieve() status] + - linux 6.19.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f85b1c6af5bc3872f994df0a5688c1162de07a62 (7.0-rc2) +CVE-2026-43487 [ata: libata-core: Disable LPM on ST1000DM010-2EP102] + - linux 6.19.10-1 + [trixie] - linux 6.12.85-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b3b1d3ae1d87bc9398fb715c945968bf4c75a09a (7.0-rc3) +CVE-2026-43486 [arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults] + - linux 6.19.10-1 + [trixie] - linux 6.12.85-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/97c5550b763171dbef61e6239cab372b9f9cd4a2 (7.0-rc3) +CVE-2026-43482 [sched_ext: Disable preemption between scx_claim_exit() and kicking helper work] + - linux 6.19.10-1 + [trixie] - linux 6.12.85-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/83236b2e43dba00bee5b82eb5758816b1a674f6a (7.0-rc3) +CVE-2026-43481 [net-shapers: don't free reply skb after genlmsg_reply()] + - linux 6.19.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/57885276cc16a2e2b76282c808a4e84cbecb3aae (7.0-rc4) +CVE-2026-43479 [net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect] + - linux 6.19.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/312c816c6bc30342bc30dca0d6db617ab4d3ae4e (7.0-rc4) +CVE-2026-43478 [ASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put] + - linux 6.19.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/30e4b2290cc2a8d1b9ddb9dcb9c981df1f2a7399 (7.0-rc4) +CVE-2026-43477 [drm/i915/vrr: Configure VRR timings after enabling TRANS_DDI_FUNC_CTL] + - linux 6.19.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/237aab549676288d9255bb8dcc284738e56eaa31 (7.0-rc4) +CVE-2026-43476 [iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas()] + - linux 6.19.10-1 + [trixie] - linux 6.12.85-1 + [bookworm] - linux 6.1.170-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/216345f98cae7fcc84f49728c67478ac00321c87 (7.0-rc4) +CVE-2026-43488 [usb: xhci: Prevent interrupt storm on host controller error (HCE)] + - linux 6.19.10-1 + [trixie] - linux 6.12.85-1 + NOTE: https://git.kernel.org/linus/d6d5febd12452b7fd951fdd15c3ec262f01901a4 (7.0-rc4) +CVE-2026-43485 [nouveau/gsp: drop WARN_ON in ACPI probes] + - linux 6.19.10-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/9478c166c46934160135e197b049b5a05753f2ad (7.0-rc2) +CVE-2026-43484 [mmc: core: Avoid bitfield RMW for claim/retune flags] + - linux 6.19.10-1 + [trixie] - linux 6.12.85-1 + [bookworm] - linux 6.1.170-1 + NOTE: https://git.kernel.org/linus/901084c51a0a8fb42a3f37d2e9c62083c495f824 (7.0-rc2) +CVE-2026-43483 [KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated] + - linux 6.19.10-1 + [trixie] - linux 6.12.85-1 + [bookworm] - linux 6.1.170-1 + NOTE: https://git.kernel.org/linus/87d0f901a9bd8ae6be57249c737f20ac0cace93d (7.0-rc4) +CVE-2026-43480 [ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition] + - linux 6.19.10-1 + [trixie] - linux 6.12.85-1 + [bookworm] - linux 6.1.170-1 + NOTE: https://git.kernel.org/linus/53f3a900e9a383d47af7253076e19f510c5708d0 (7.0-rc4) CVE-2026-XXXX [NULL pointer dereference in DIGEST-MD5] - gsasl 2.2.3-1 NOTE: https://lists.gnu.org/archive/html/help-gsasl/2026-05/msg00002.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4bcb719fdc690a9e1b79e5ba72533f06f5b07df -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4bcb719fdc690a9e1b79e5ba72533f06f5b07df You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
