Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 14f6791d by Salvatore Bonaccorso at 2026-06-08T19:29:18+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,71 @@ +CVE-2026-46288 [of: unittest: fix use-after-free in of_unittest_changeset()] + - linux 7.0.4-1 + [trixie] - linux 6.12.86-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/faecdd423c27f0d6090156a435ba9dbbac0eaddb (7.1-rc1) +CVE-2026-46287 [net: txgbe: fix RTNL assertion warning when remove module] + - linux 7.0.4-1 + [trixie] - linux 6.12.88-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e159f05e12cc1111a3103b99375ddf0dfd0e7d63 (7.1-rc1) +CVE-2026-46284 [mm/hugetlb: fix early boot crash on parameters without '=' separator] + - linux 7.0.4-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/c45b354911d01565156e38d7f6bc07edb51fc34c (7.1-rc1) +CVE-2026-46283 [tpm: Use kfree_sensitive() to free auth session in tpm_dev_release()] + - linux 7.0.4-1 + [trixie] - linux 6.12.86-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/c424d2664f08c77f08b4580b5f0cbaabf7c229b2 (7.1-rc1) +CVE-2026-46281 [vmalloc: fix buffer overflow in vrealloc_node_align()] + - linux 7.0.4-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/82d1f01292d3f09bf063f829f8ab8de12b4280a1 (7.1-rc2) +CVE-2026-46278 [drm/imagination: Fix segfault when updating ftrace mask] + - linux 7.0.4-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/5dfd429591f8d7185bf63a08b5c30863fb605611 (7.1-rc2) +CVE-2026-46277 [mm/zone_device: do not touch device folio after calling ->folio_free()] + - linux 7.0.4-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/39928984956037cabd304321cb8f342e47421db5 (7.1-rc1) +CVE-2026-46286 [leds: qcom-lpg: Check for array overflow when selecting the high resolution] + - linux 7.0.4-1 + [trixie] - linux 6.12.86-1 + NOTE: https://git.kernel.org/linus/d45963a93c1495e9f1338fde91d0ebba8fd22474 (7.1-rc1) +CVE-2026-46285 [mtd: docg3: fix use-after-free in docg3_release()] + - linux 7.0.4-1 + [trixie] - linux 6.12.86-1 + NOTE: https://git.kernel.org/linus/ca19808bc6fac7e29420d8508df569b346b3e339 (7.1-rc1) +CVE-2026-46282 [iio: frequency: admv1013: fix NULL pointer dereference on str] + - linux 7.0.4-1 + [trixie] - linux 6.12.86-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/aac0a51b16700b403a55b67ba495de021db78763 (7.1-rc1) +CVE-2026-46280 [lib: test_hmm: evict device pages on file close to avoid use-after-free] + - linux 7.0.4-1 + [trixie] - linux 6.12.86-1 + NOTE: https://git.kernel.org/linus/744dd97752ef1076a8d8672bb0d8aa2c7abc1144 (7.1-rc1) +CVE-2026-46279 [mm/alloc_tag: clear codetag for pages allocated before page_ext initialization] + - linux 7.0.4-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6b1842775a460245e97d36d3a67d0cfba7c4ff79 (7.1-rc1) +CVE-2026-46276 [drm/amdgpu: fix zero-size GDS range init on RDNA4] + - linux 7.0.4-1 + [trixie] - linux 6.12.86-1 + NOTE: https://git.kernel.org/linus/095a8b0ad3c3b5cdc3850d961adb8a8f735220bb (7.1-rc2) CVE-2020-37248 - offlineimap3 <unfixed> NOTE: https://github.com/OfflineIMAP/offlineimap3/issues/222 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14f6791d31d2966ad39c652a202c279b714ec54b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14f6791d31d2966ad39c652a202c279b714ec54b You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
