Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: af5d671e by Salvatore Bonaccorso at 2026-06-09T14:46:47+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,38 @@ +CVE-2026-46324 [netfilter: nf_tables: use list_del_rcu for netlink hooks] + - linux 7.0.10-1 + NOTE: https://git.kernel.org/linus/f3224ee463f8f6f6ced7dcdf6081add4f8128527 (7.1-rc2) +CVE-2026-46323 [net: gro: don't merge zcopy skbs] + - linux <unfixed> + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/4db79a322db8c97f7b73b8a347395ef4d685eb40 (7.1-rc5) +CVE-2026-46322 [tun: free page on build_skb failure in tun_xdp_one()] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/aa8963fdce667a42fb7f0bdd2909fadcab02f9a8 (7.1-rc6) +CVE-2026-46321 [tun: free page on short-frame rejection in tun_xdp_one()] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/f4feb1e20058e407cb00f45aff47f5b7e19a6bbf (7.1-rc6) +CVE-2026-46320 [tap: free page on error paths in tap_get_user_xdp()] + - linux <unfixed> + NOTE: https://git.kernel.org/linus/3bcf7aec6a9d16438f2cec29f5d7c8d5b8edf9b2 (7.1-rc6) +CVE-2026-46319 [net/sched: act_ct: Only release RCU read lock after ct_ft] + - linux 7.0.10-1 + NOTE: https://git.kernel.org/linus/f462dca0c8415bf0058d0ffa476354c4476d0f09 (7.1-rc1) +CVE-2026-46318 [Revert "mm/hugetlbfs: update hugetlbfs to use mmap_prepare"] + - linux <unfixed> + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/83f9efcce93f8574be2279090ee2aec58b86cda7 (7.1-rc6) +CVE-2026-46317 [KVM: arm64: Reassign nested_mmus array behind mmu_lock] + - linux <unfixed> + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/70543358fa08e0f7cebc3447c3b70fe97ad7aaa8 (7.1-rc7) +CVE-2026-46316 [KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry] + - linux <unfixed> + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/13031fb6b8357fbbcded2a7f4cba73e4781ee594 (7.1-rc7) CVE-2026-46315 [io_uring/waitid: clear waitid info before copying it to userspace] - linux <unfixed> [bookworm] - linux <not-affected> (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af5d671e5189393d510df1066345e2695e0b8838 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af5d671e5189393d510df1066345e2695e0b8838 You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
