Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: d3cd0cc5 by Salvatore Bonaccorso at 2026-05-27T12:33:36+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,38 @@ +CVE-2026-45837 [bpf: Fix use-after-free in arena_vm_close on fork] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/4fddde2a732de60bb97e3307d4eb69ac5f1d2b74 (7.1-rc1) +CVE-2026-45846 [bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/aa6c6d9ee064aabfede4402fd1283424e649ca19 (7.1-rc2) +CVE-2026-45845 [net/sched: taprio: fix NULL pointer dereference in class dump] + - linux <unfixed> + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3d07ca5c0fae311226f737963984bd94bb159a87 (7.1-rc2) +CVE-2026-45844 [netfilter: arp_tables: fix IEEE1394 ARP payload parsing] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/1e8e3f449b1e73b73a843257635b9c50f0cc0f0a (7.1-rc2) +CVE-2026-45843 [slip: bound decode() reads against the compressed packet length] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/4c1367a2d7aad643a6f87c6931b13cc1a25e8ca7 (7.1-rc1) +CVE-2026-45842 [slip: reject VJ receive packets on instances with no rstate array] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/e76607442d5b73e1ba6768f501ef815bb58c2c0e (7.1-rc1) +CVE-2026-45841 [netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/2195574dc6d9017d32ac346987e12659f931d932 (7.1-rc1) +CVE-2026-45840 [openvswitch: cap upcall PID array size and pre-size vport replies] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/2091c6aa0df6aba47deb5c8ab232b1cb60af3519 (7.1-rc1) +CVE-2026-45839 [bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec()] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/1c22483a2c4bbf747787f328392ca3e68619c4dc (7.1-rc1) +CVE-2026-45838 [bpf: fix end-of-list detection in cgroup_storage_get_next_key()] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/5828b9e5b272ecff7cf5d345128d3de7324117f7 (7.1-rc1) CVE-2026-9642 (There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Un ...) NOT-FOR-US: Delta Electronics CVE-2026-9632 (A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. A ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3cd0cc54b572c50aa8b750707004ce7eabdd292 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3cd0cc54b572c50aa8b750707004ce7eabdd292 You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
