Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f36ecfd7 by Salvatore Bonaccorso at 2026-05-28T12:16:51+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,442 @@ +CVE-2026-46194 [f2fs: fix node_cnt race between extent node destroy and writeback] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/ed78aeebef05212ef7dca93bd931e4eff67c113f (7.1-rc1) +CVE-2026-46192 [spi: microchip-core-qspi: don't attempt to transmit during emulated read-only dual/quad operations] + - linux 7.0.7-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/eb56deaabf127e8985fc91fa6c97bf8a3b062844 (7.1-rc3) +CVE-2026-46188 [octeon_ep_vf: add NULL check for napi_build_skb()] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/dd66b42854705e4e4ee7f14d260f86c578bed3e3 (7.1-rc1) +CVE-2026-46183 [mm/damon/sysfs-schemes: protect path kfree() with damon_sysfs_lock] + - linux 7.0.7-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/cf3b71421ca00807328c6d9cd242f9de3b77a4bf (7.1-rc2) +CVE-2026-46182 [pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace] + - linux 7.0.7-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/cefeed44296261173a806bef988b26bc565da4be (7.1-rc3) +CVE-2026-46176 [RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init()] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/c488df06bd552bb8b6e14fa0cfd5ad986c6e9525 (7.1-rc3) +CVE-2026-46174 [x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/c21b90f77687075115d989e53a8ec5e2bb427ab1 (7.1-rc4) +CVE-2026-46166 [wifi: mac80211: use safe list iteration in radar detect work] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/ac8eb3e18f41e2cc8492cc1d358bcb786c850270 (7.1-rc3) +CVE-2026-46162 [ice: fix double free in ice_sf_eth_activate() error path] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/9aab1c3d7299285e2569cbc0ed5892d631a241b2 (7.1-rc1) +CVE-2026-46155 [smb/client: fix out-of-bounds read in smb2_compound_op()] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8d09328dfda089675e4c049f3f256064a1d1996b (7.1-rc3) +CVE-2026-46154 [sched_ext: Read scx_root under scx_cgroup_ops_rwsem in cgroup setters] + - linux 7.0.7-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/80afd4c84bc8f5e80145ce35279f5ce53f6043db (7.1-rc2) +CVE-2026-46152 [wifi: mac80211: drop stray 'static' from fast-RX rx_result] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7a5b81e0c87a075afd572f659d8eb68c9c4cd2ba (7.1-rc3) +CVE-2026-46145 [RDMA/mana: Validate rx_hash_key_len] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6dd2d4ad9c8429523b1c220c5132bd551c006425 (7.1-rc3) +CVE-2026-46144 [RDMA/mana: Fix error unwind in mana_ib_create_qp_rss()] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6aaa978c6b6218cfac15fe1dab17c76fe229ce3f (7.1-rc3) +CVE-2026-46142 [net: libwx: fix VF illegal register access] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/694de316f607fe2473d52ca0707e3918e72c1562 (7.1-rc3) +CVE-2026-46141 [powerpc/xive: fix kmemleak caused by incorrect chip_data lookup] + - linux 7.0.7-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6771c54728c278bf1e4bfdab4fddbbb186e33498 (7.1-rc1) +CVE-2026-46140 [Bluetooth: btmtk: validate WMT event SKB length before struct access] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/634a4408c0615c523cf7531790f4f14a422b9206 (7.1-rc3) +CVE-2026-46139 [smb: client: use kzalloc to zero-initialize security descriptor buffer] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/5e489c6c47a2ac15edbaca153b9348e42c1eacab (7.1-rc3) +CVE-2026-46138 [Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/5ddb8014261137cadaf83ab5617a588d80a22586 (7.1-rc3) +CVE-2026-46134 [platform/chrome: cros_ec_typec: Init mutex in Thunderbolt registration] + - linux 7.0.7-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/525cb7ba6661074c1c5cc3772bccc6afab6791ef (7.1-rc3) +CVE-2026-46131 [KVM: x86: check for nEPT/nNPT in slow flush hypercalls] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/464af6fc2b1dcc74005b7f58ee3812b17777efee (7.1-rc3) +CVE-2026-46126 [RDMA/mana: Fix mana_destroy_wq_obj() cleanup in mana_ib_create_qp_rss()] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/34ecf795692ee57c393109f4a24ccc313091e137 (7.1-rc3) +CVE-2026-46121 [mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/1e68eb96e8beb1abefd12dd22c5637795d8a877e (7.1-rc2) +CVE-2026-46118 [pseries/papr-hvpipe: Fix null ptr deref in papr_hvpipe_dev_create_handle()] + - linux 7.0.7-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/1b9f7aafa44f5ce852c00509104d10fd9eb0f402 (7.1-rc3) +CVE-2026-46115 [block: add pgmap check to biovec_phys_mergeable] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/13920e4b7b784b40cf4519ff1f0f3e513476a499 (7.1-rc1) +CVE-2026-46114 [RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/1114c87aa6f195cf07da55a27b2122ae26557b26 (7.1-rc3) +CVE-2026-46106 [eventfs: Hold eventfs_mutex and SRCU when remount walks events] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/07004a8c4b572171934390148ee48c4175c77eed (7.1-rc1) +CVE-2026-46105 [scsi: mpt3sas: Limit NVMe request size to 2 MiB] + - linux 7.0.7-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/04631f55afc543d5431a2bdee7f6cc0f2c0debe7 (7.1-rc3) +CVE-2026-46104 [selinux: use sk blob accessor in socket permission helpers] + - linux 7.0.7-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/032e70aff025d7c519af9ab791cd084380619263 (7.1-rc2) +CVE-2026-46196 [tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func()] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/fad217e16fded7f3c09f8637b0f6a224d58b5f2e (7.1-rc1) +CVE-2026-46195 [smb: client: validate dacloffset before building DACL pointers] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f98b48151cc502ada59d9778f0112d21f2586ca3 (7.1-rc3) +CVE-2026-46193 [xfrm: ah: account for ESN high bits in async callbacks] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/ec54093e6a8f87e800bb6aa15eb7fc1e33faa524 (7.1-rc3) +CVE-2026-46191 [fbcon: Avoid OOB font access if console rotation fails] + - linux 7.0.7-1 + [trixie] - linux 6.12.90-1 + NOTE: https://git.kernel.org/linus/e4ef723d8975a2694cc90733a6b888a5e2841842 (7.1-rc1) +CVE-2026-46190 [mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e47029b977e747cb3a9174308fd55762cce70147 (7.1-rc2) +CVE-2026-46189 [RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/e38e86995df27f1f854063dab1f0c6a513db3faf (7.1-rc3) +CVE-2026-46187 [wifi: rsi: fix kthread lifetime race between self-exit and external-stop] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/db57a1aa54ff68669781976e4edb045e09e2b65b (7.1-rc3) +CVE-2026-46186 [Bluetooth: virtio_bt: validate rx pkt_type header length] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/daf23014e5d975e72ea9c02b5160d3fcf070ea47 (7.1-rc3) +CVE-2026-46185 [smb/client: fix out-of-bounds read in symlink_data()] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/d62b8d236fab503c6fec1d3e9a38bea71feaca20 (7.1-rc3) +CVE-2026-46184 [sound: ua101: fix division by zero at probe] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/d1f73f169c1014463b5060e3f60813e13ddc7b87 (7.1-rc2) +CVE-2026-46181 [RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()] + - linux 7.0.7-1 + NOTE: https://git.kernel.org/linus/c9341307ea16b9395c2e4c9c94d8499d91fe31d0 (7.1-rc3) +CVE-2026-46180 [wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/c623b63580880cc742255eaed3d79804c1b91143 (7.1-rc3) +CVE-2026-46179 [ASoC: SOF: Don't allow pointer operations on unconfigured streams] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/c5b6285aae050ff1c3ea824ca3d88ac4be1e69c8 (7.1-rc1) +CVE-2026-46178 [RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq()] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/c54c7e4cb679c0aaa1cb489b9c3f2cd98e63a44c (7.1-rc3) +CVE-2026-46177 [ipmi: Add limits to event and receive message requests] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/c4cca236968683eb0d59abfb12d5c7e4d8514227 (7.1-rc3) +CVE-2026-46175 [f2fs: fix fsck inconsistency caused by FGGC of node block] + - linux 7.0.7-1 + NOTE: https://git.kernel.org/linus/c3e238bd1f56993f205ef83889d406dfeaf717a8 (7.1-rc1) +CVE-2026-46173 [exit: prevent preemption of oopsing TASK_DEAD task] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/c1fa0bb633e4a6b11e83ffc57fa5abe8ebb87891 (7.1-rc4) +CVE-2026-46172 [ipv6: xfrm6: release dst on error in xfrm6_rcv_encap()] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/bc0fcb9823cd0894934cf968b525c575833d7078 (7.1-rc3) +CVE-2026-46171 [riscv: kvm: fix vector context allocation leak] + - linux 7.0.7-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b7c958d7c1eb1cb9b2be7b5ee4129fcd66cec978 (7.1-rc1) +CVE-2026-46170 [mptcp: pm: ADD_ADDR rtx: free sk if last] + - linux 7.0.7-1 + NOTE: https://git.kernel.org/linus/b7b9a461569734d33d3259d58d2507adfac107ed (7.1-rc3) +CVE-2026-46169 [hfsplus: fix uninit-value by validating catalog record size] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/b6b592275aeff184aa82fcf6abccd833fb71b393 (7.1-rc1) +CVE-2026-46168 [mptcp: fix scheduling with atomic in timestamp sockopt] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b5c52908d52c6c8eb8933264aa6087a0600fd892 (7.1-rc2) +CVE-2026-46167 [usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/b38e53cbfb9d84732e5984fbd73e128d592415c5 (7.1-rc3) +CVE-2026-46165 [openvswitch: vport: fix self-deadlock on release of tunnel ports] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/aa69918bd418e700309fdd08509dba324fb24296 (7.1-rc3) +CVE-2026-46164 [btrfs: fix double free in create_space_info_sub_group() error path] + - linux 7.0.7-1 + [trixie] - linux 6.12.90-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/a7449edf96143f192606ec8647e3167e1ecbd728 (7.1-rc1) +CVE-2026-46163 [wifi: b43legacy: enforce bounds check on firmware key index in RX path] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/a035766f970bde2d4298346a31a80685be5c0205 (7.1-rc3) +CVE-2026-46161 [md/raid10: fix divide-by-zero in setup_geo() with zero far_copies] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/9aa6d860b0930e2f72795665c42c44252a558a0c (7.1-rc2) +CVE-2026-46160 [btrfs: fix missing last_unlink_trans update when removing a directory] + - linux 7.0.7-1 + NOTE: https://git.kernel.org/linus/999757231c49376cd1a37308d2c8c4c9932571e1 (7.1-rc2) +CVE-2026-46159 [btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak] + - linux 7.0.7-1 + [trixie] - linux 6.12.90-1 + NOTE: https://git.kernel.org/linus/973e57c726c1f8e77259d1c8e519519f1e9aea77 (7.1-rc1) +CVE-2026-46158 [mptcp: pm: ADD_ADDR rtx: always decrease sk refcount] + - linux 7.0.7-1 + NOTE: https://git.kernel.org/linus/9634cb35af17019baec21ca648516ce376fa10e6 (7.1-rc3) +CVE-2026-46157 [ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/901ac0ff15edf9503162e2cf6579bd11a30f1ed4 (7.1-rc2) +CVE-2026-46156 [LoongArch: Fix potential ADE in loongson_gpu_fixup_dma_hang()] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8dfa2f8780e486d05b9a0ffce70b8f5fbd62053e (7.1-rc3) +CVE-2026-46153 [8021q: delete cleared egress QoS mappings] + - linux 7.0.7-1 + NOTE: https://git.kernel.org/linus/7dddc74af369478ba7f9bc136d0fc1dc4570cb66 (7.1-rc1) +CVE-2026-46151 [usb: usblp: fix heap leak in IEEE 1284 device ID via short response] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/7a400c6fe3617e31e690e3f7ca37bb335e0498f3 (7.1-rc3) +CVE-2026-46150 [fanotify: fix false positive on permission events] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/7746e3bd4cc19b5092e00d32d676e329bfcb6900 (7.1-rc2) +CVE-2026-46149 [scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/772a896a56e0e3ef9424a025cec9176f9d8f4552 (7.1-rc3) +CVE-2026-46148 [spi: microchip-core-qspi: control built-in cs manually] + - linux 7.0.7-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7672749e1496215e8683ce57cf323119033954cf (7.1-rc3) +CVE-2026-46147 [KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()] + - linux 7.0.7-1 + NOTE: https://git.kernel.org/linus/73b9c1e5da84cd69b1a86e374e450817cd051371 (7.1-rc2) +CVE-2026-46146 [ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/6e7247d8f5fefeceb0bb9cc80a5388a636b219cd (7.1-rc2) +CVE-2026-46143 [ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/69acc488aaf39d0ddf6c3cf0e47c1873d39919a2 (7.1-rc1) +CVE-2026-46137 [mptcp: pm: ADD_ADDR rtx: fix potential data-race] + - linux 7.0.7-1 + NOTE: https://git.kernel.org/linus/5cd6e0ad79d2615264f63929f8b457ad97ae550d (7.1-rc3) +CVE-2026-46136 [wifi: mt76: mt7921: fix a potential clc buffer length underflow] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/5373f8b19e568b5c217832b9bbef165bd2b2df14 (7.1-rc1) +CVE-2026-46135 [nvmet-tcp: fix race between ICReq handling and queue teardown] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/5293a8882c549fab4a878bc76b0b6c951f980a61 (7.1-rc2) +CVE-2026-46133 [RDMA/rxe: Reject unknown opcodes before ICRC processing] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/4c6f86d85d03cdb33addce86aa69aa795ca6c47a (7.1-rc3) +CVE-2026-46132 [net: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/4b9e327991815e128ad3af75c3a04630a63ce3e0 (7.1-rc3) +CVE-2026-46130 [dm-verity-fec: fix reading parity bytes split across blocks (take 3)] + - linux 7.0.7-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/430a05cb926f6bdf53e81460a2c3a553257f3f61 (7.1-rc1) +CVE-2026-46129 [btrfs: fix double free in create_space_info() error path] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3f487be81292702a59ea9dbc4088b3360a50e837 (7.1-rc1) +CVE-2026-46128 [ipmi: Check event message buffer response for bad data] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/36920f30e78e69df01f9691c470b6f3ba8aebf98 (7.1-rc3) +CVE-2026-46127 [RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdma_copy_pd_uresp()] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/34fbf48cf3b410d2a6e8c586fa952a36331ca5ba (7.1-rc3) +CVE-2026-46125 [wifi: mac80211: remove station if connection prep fails] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/283fc9e44ff5b5ac967439b4951b80bd4299f4e4 (7.1-rc3) +CVE-2026-46124 [isofs: validate block number from NFS file handle in isofs_export_iget] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/24376458138387fb251e782e624c7776e9826796 (7.1-rc2) +CVE-2026-46123 [Bluetooth: virtio_bt: clamp rx length before skb_put] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/21bd244b6de5d2fe1063c23acc93fbdd2b20d112 (7.1-rc3) +CVE-2026-46122 [wifi: b43: enforce bounds check on firmware key index in b43_rx()] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/1f4f78bf8549e6ac4f04fba4176854f3a6e0c332 (7.1-rc3) +CVE-2026-46120 [ip6_gre: Use cached t->net in ip6erspan_changelink().] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/1d324c2f43f70c965f25c58cc3611c779adbe47e (7.1-rc3) +CVE-2026-46119 [libceph: Fix slab-out-of-bounds access in auth message processing] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/1c439de70b1c3eb3c6bffa8245c16b9fc318f114 (7.1-rc1) +CVE-2026-46117 [RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss()] + - linux 7.0.7-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/159f2efabc89d3f931d38f2d35876535d4abf0a3 (7.1-rc3) +CVE-2026-46116 [xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/14acf9652e5690de3c7486c6db5fb8dafd0a32a3 (7.1-rc3) +CVE-2026-46113 [KVM: x86: Fix shadow paging use-after-free due to unexpected GFN] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/0cb2af2ea66ad8ff195c156ea690f11216285bdf (7.1-rc3) +CVE-2026-46112 [RDMA/hns: Fix unlocked call to hns_roce_qp_remove()] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/0c99acbc8b6c6dd526ae475a48ee1897b61072fb (7.1-rc3) +CVE-2026-46111 [Bluetooth: hci_conn: fix potential UAF in create_big_sync] + - linux 7.0.7-1 + [trixie] - linux 6.12.90-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/0beddb0c380bed5f5b8e61ddbe14635bb73d0b41 (7.1-rc3) +CVE-2026-46110 [net: stmmac: Prevent NULL deref when RX memory exhausted] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/0bb05e6adfa99a2ea1fee1125cc0953409f83ed8 (7.1-rc2) +CVE-2026-46109 [usb: ulpi: fix memory leak on ulpi_register() error paths] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/0b9fcab1b8608d429e5f239afb197de928d4de7d (7.1-rc3) +CVE-2026-46108 [ipmi:si: Return state to normal if message allocation fails] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/09dd798270ff582d7309f285d4aaf5dbebae01cb (7.1-rc3) +CVE-2026-46107 [dm-thin: fix metadata refcount underflow] + - linux 7.0.7-1 + [trixie] - linux 6.12.88-1 + NOTE: https://git.kernel.org/linus/09a65adc7d8bbfce06392cb6d375468e2728ead5 (7.1-rc2) CVE-2026-8643 - python-pip <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2460927 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f36ecfd74d25f77a47ad857cfdeda18dab802311 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f36ecfd74d25f77a47ad857cfdeda18dab802311 You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
