Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5dfa925f by Salvatore Bonaccorso at 2026-06-03T20:33:35+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,157 @@ +CVE-2026-46271 [wifi: ath12k: do WoW offloads only on primary link] + - linux 6.18.14-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e62102ac9b773bdb08475aa9ca24dea61ae98708 (7.0-rc1) +CVE-2026-46270 [power: supply: rt9455: Fix use-after-free in power_supply_changed()] + - linux 6.18.14-1 + [trixie] - linux 6.12.85-1 + [bookworm] - linux 6.1.170-1 + [bullseye] - linux 5.10.257-1 + NOTE: https://git.kernel.org/linus/e2febe375e5ea5afed92f4cd9711bde8f24ee6d2 (7.0-rc1) +CVE-2026-46269 [pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree] + - linux 6.18.14-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/d8c128fb6c2277d95f3f6a4ce28b82c8370031f6 (7.0-rc1) +CVE-2026-46268 [PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition] + - linux 6.18.14-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/cb500023a75246f60b79af9f7321d6e75330c5b5 (7.0-rc1) +CVE-2026-46264 [drm/xe/pf: Fix sysfs initialization] + - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/bf7172cd25ed182f30af2cbb9f80c730dc717d8e (7.0-rc1) +CVE-2026-46263 [drm/amd/display: Fix out-of-bounds stream encoder index v3] + - linux 6.18.14-1 + [trixie] - linux 6.12.85-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/abde491143e4e12eecc41337910aace4e8d59603 (7.0-rc1) +CVE-2026-46262 [ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put()] + - linux 6.18.14-1 + [trixie] - linux 6.12.85-1 + [bookworm] - linux 6.1.170-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/9f16d96e1222391a6b996a1b676bec14fb91e3b2 (7.0-rc1) +CVE-2026-46261 [spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe()] + - linux 6.18.14-1 + [trixie] - linux 6.12.85-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/888a0a802c467bbe34a42167bdf9d7331333440a (7.0-rc1) +CVE-2026-46260 [ipv6: Fix out-of-bound access in fib6_add_rt2node().] + - linux 6.18.14-1 + [trixie] - linux 6.12.85-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8244f959e2c125c849e569f5b23ed49804cce695 (7.0-rc1) +CVE-2026-46259 [procfs: fix missing RCU protection when reading real_parent in do_task_stat()] + - linux 6.18.14-1 + [trixie] - linux 6.12.85-1 + [bookworm] - linux 6.1.170-1 + [bullseye] - linux 5.10.257-1 + NOTE: https://git.kernel.org/linus/76149d53502cf17ef3ae454ff384551236fba867 (7.0-rc1) +CVE-2026-46258 [gpio: cdev: Avoid NULL dereference in linehandle_create()] + - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6af6be278e3ba2ffb6af5b796c89dfb3f5d9063e (7.0-rc1) +CVE-2026-46257 [clocksource/drivers/timer-sp804: Fix an Oops when read_current_timer is called on ARM32 platforms where the SP804 is not registered as the sched_clock.] + - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/694921a93f3e3621e067afc545cedf6fe3b234a9 (7.0-rc1) +CVE-2026-46255 [dmaengine: fsl-edma: don't explicitly disable clocks in .remove()] + - linux 6.18.14-1 + [trixie] - linux 6.12.85-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/666c53e94c1d0bf0bdf14c49505ece9ddbe725bc (7.0-rc1) +CVE-2026-46253 [pstore/ram: fix buffer overflow in persistent_ram_save_old()] + - linux 6.18.14-1 + [trixie] - linux 6.12.85-1 + [bookworm] - linux 6.1.170-1 + [bullseye] - linux 5.10.257-1 + NOTE: https://git.kernel.org/linus/5669645c052f235726a85f443769b6fc02f66762 (7.0-rc1) +CVE-2026-46251 [btrfs: fix block_group_tree dirty_list corruption] + - linux 6.18.14-1 + [trixie] - linux 6.12.85-1 + [bookworm] - linux 6.1.170-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3a1f4264daed4b419c325a7fe35e756cada3cf82 (7.0-rc1) +CVE-2026-46250 [MIPS: Work around LLVM bug when gp is used as global register variable] + - linux 6.18.14-1 + [trixie] - linux 6.12.85-1 + [bookworm] - linux 6.1.170-1 + [bullseye] - linux 5.10.257-1 + NOTE: https://git.kernel.org/linus/30bfc2d6a1132a89a5f1c3b96c59cf3e4d076ea3 (7.0-rc1) +CVE-2026-46249 [octeontx2-af: Fix PF driver crash with kexec kernel booting] + - linux 6.18.14-1 + [trixie] - linux 6.12.85-1 + [bookworm] - linux 6.1.170-1 + [bullseye] - linux 5.10.257-1 + NOTE: https://git.kernel.org/linus/2d2d574309e3ae84ee794869a5da8b4c38753a94 (7.0-rc1) +CVE-2026-46248 [wifi: ath12k: clear stale link mapping of ahvif->links_map] + - linux 6.18.14-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/2c1ba9c2adf0fda96eaaebd8799268a7506a8fc9 (7.0-rc1) +CVE-2026-46246 [power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler] + - linux 6.18.14-1 + [trixie] - linux 6.12.85-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/23067259919663580c6f81801847cfc7bd54fd1f (7.0-rc1) +CVE-2025-71314 [drm/panthor: Recover from panthor_gpu_flush_caches() failures] + - linux 6.18.14-1 + [trixie] - linux 6.12.85-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3c0a60195b37af83bbbaf223cd3a78945bace49e (7.0-rc1) +CVE-2026-46272 [coresight: tmc-etr: Fix race condition between sysfs and perf mode] + - linux 6.18.14-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e6e43e82c79c97917cbe356c07e8a6f3f982ab53 (7.0-rc1) +CVE-2026-46267 [nfc: hci: shdlc: Stop timers and work before freeing context] + - linux 6.18.14-1 + [trixie] - linux 6.12.85-1 + [bookworm] - linux 6.1.170-1 + NOTE: https://git.kernel.org/linus/c9efde1e537baed7648a94022b43836a348a074f (7.0-rc1) +CVE-2026-46266 [inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP] + - linux 6.18.14-1 + [trixie] - linux 6.12.85-1 + NOTE: https://git.kernel.org/linus/c89477ad79446867394360b29bb801010fc3ff22 (7.0-rc1) +CVE-2026-46265 [RDMA/hns: Fix WQ_MEM_RECLAIM warning] + - linux 6.18.14-1 + [trixie] - linux 6.12.85-1 + [bookworm] - linux 6.1.170-1 + NOTE: https://git.kernel.org/linus/c0a26bbd3f99b7b03f072e3409aff4e6ec8af6f6 (7.0-rc1) +CVE-2026-46256 [NFS/localio: prevent direct reclaim recursion into NFS via nfs_writepages] + - linux 6.18.14-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/67435d2d8a33a75f9647724952cb1b18279d2e95 (7.0-rc1) +CVE-2026-46254 [AppArmor: Allow apparmor to handle unaligned dfa tables] + - linux 6.18.14-1 + [trixie] - linux 6.12.85-1 + NOTE: https://git.kernel.org/linus/64802f731214a51dfe3c6c27636b3ddafd003eb0 (7.0-rc1) +CVE-2026-46252 [regulator: core: fix locking in regulator_resolve_supply() error path] + - linux 6.19.6-1 + NOTE: https://git.kernel.org/linus/497330b203d2c59c5ff3fa4c34d14494d7203bc3 (7.0-rc1) +CVE-2026-46247 [clk: qcom: gfx3d: add parent to parent request map] + - linux 6.18.14-1 + [trixie] - linux 6.12.85-1 + [bookworm] - linux 6.1.170-1 + NOTE: https://git.kernel.org/linus/2583cb925ca1ce450aa5d74a05a67448db970193 (7.0-rc1) +CVE-2026-46245 [drm/amd/display: Fix dc_link NULL handling in HPD init] + - linux 6.19.6-1 + NOTE: https://git.kernel.org/linus/226a40c06a183abaeb7529a4f54d6c203bd14407 (7.0-rc1) +CVE-2025-71313 [PCI: endpoint: Add missing NULL check for alloc_workqueue()] + - linux 6.19.6-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/03f336a869b3a3f119d3ae52ac9723739c7fb7b6 (7.0-rc1) CVE-2026-46244 [netfilter: nft_inner: Fix IPv6 inner_thoff desync] - linux <unfixed> [bookworm] - linux <not-affected> (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dfa925f34f4f96ac952c10384a33020836211dc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dfa925f34f4f96ac952c10384a33020836211dc You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
