Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: a544d145 by Salvatore Bonaccorso at 2026-06-27T09:06:22+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,246 @@ +CVE-2026-53324 [net: mana: Use pci_name() for debugfs directory naming] + - linux 7.0.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/c116f07ab9d22bb6f355f3cf9e44c1e6a47fe559 (7.1-rc1) +CVE-2026-53323 [net: dsa: remove redundant netdev_lock_ops() from conduit ethtool ops] + - linux 7.0.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/0f99e0c3e19badaf3fdced0d3feba623e59eed41 (7.1-rc1) +CVE-2026-53322 [vfio/pci: Clean up DMABUFs before disabling function] + - linux 7.0.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/d97708701434ce72968e771976aaf9d3438fcafd (7.1-rc1) +CVE-2026-53319 [blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_default()] + - linux 7.0.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e9b004ff83067cdf96774b45aea4b239ace99a2f (7.1-rc1) +CVE-2026-53318 [wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_tx_check_aggr()] + - linux 7.0.10-1 + [trixie] - linux 6.12.94-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/83ae3a18ba957257b4c406273d2da2caeea2b439 (7.1-rc1) +CVE-2026-53316 [drm/amd/ras: Fix NULL deref in ras_core_ras_interrupt_detected()] + - linux 7.0.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6b606216e03fa2b53cc179d8383b683a140fe6e1 (7.1-rc1) +CVE-2026-53315 [drm/amd/ras: Fix NULL deref in ras_core_get_utc_second_timestamp()] + - linux 7.0.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/2b8101cc3b34d4d80d799360d2744829d5964479 (7.1-rc1) +CVE-2026-53312 [iommu/riscv: Remove overflows on the invalidation path] + - linux 7.0.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/40a13b49957937427bc23e78eb50679df4396a47 (7.1-rc1) +CVE-2026-53311 [fuse: fix uninit-value in fuse_dentry_revalidate()] + - linux 7.0.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/5a6baf204610589f8a5b5a1cd69d1fe661d9d3cd (7.1-rc1) +CVE-2026-53310 [soc/tegra: cbb: Fix cross-fabric target timeout lookup] + - linux 7.0.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/a5f51b04cbb3ae0f9cb2c4488952b775ebb0ccbf (7.1-rc1) +CVE-2026-53307 [pinctrl: pinconf-generic: Fully validate 'pinmux' property] + - linux 7.0.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/c98324ea7849b6e5baa1774f71709b375a2c2f9e (7.1-rc1) +CVE-2026-53305 [usb: typec: ps883x: Fix Oops at unbind] + - linux 7.0.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/381133848a033c2086cf9cafb226f425bd0414ff (7.1-rc1) +CVE-2026-53302 [crypto: eip93 - fix hmac setkey algo selection] + - linux 7.0.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3ba3b02f897b14e34977e1886d95ffe64d907204 (7.1-rc1) +CVE-2026-53301 [reset: amlogic: t7: Fix null reset ops] + - linux 7.0.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/9797524ef2b69c6b187b55bd844eb72a8c1cbd99 (7.1-rc1) +CVE-2026-53300 [net: enetc: fix NTMP DMA use-after-free issue] + - linux 7.0.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3cade698881eb238f88cbbfec82acc2110440a3f (7.1-rc1) +CVE-2026-53299 [net: airoha: Move ndesc initialization at end of airoha_qdma_init_tx()] + - linux 7.0.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f329924bb49458c65297f1361f545816a5b90998 (7.1-rc1) +CVE-2026-53298 [net: airoha: Move ndesc initialization at end of airoha_qdma_init_rx_queue()] + - linux 7.0.10-1 + [trixie] - linux 6.12.94-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/379050947a1828826ad7ea50c95245a56929b35a (7.1-rc1) +CVE-2026-53293 [drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG] + - linux 7.0.10-1 + [trixie] - linux 6.12.94-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/0ef196a208385b7d7da79f411c161b04e97283e2 (7.1-rc2) +CVE-2026-53290 [drm/xe/eustall: Fix drm_dev_put called before stream disable in close] + - linux 7.0.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/dc2d9842c67d883d3200ae33b9c3859dd9492408 (7.1-rc2) +CVE-2026-53288 [arm64: Reserve an extra page for early kernel mapping] + - linux 7.0.10-1 + [trixie] - linux 6.12.94-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/4d8e74ad4585672489da6145b3328d415f50db82 (7.1-rc2) +CVE-2026-53286 [idpf: fix double free and use-after-free in aux device error paths] + - linux 7.0.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6c77b9510829a424d1b74409b7db9456e3522871 (7.1-rc4) +CVE-2026-53283 [iommu/amd: Bounds-check devid in __rlookup_amd_iommu()] + - linux 7.0.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/07d0f496fe7ec5abe3bee7e38be709521567bb33 (7.1-rc4) +CVE-2026-53282 [x86/kexec: Push kjump return address even for non-kjump kexec] + - linux 7.0.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/786a45757dcdf8f2beb9d4a6db605db16c18b2b4 (7.1-rc4) +CVE-2026-53280 [iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done()] + - linux 7.0.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/d769711fcddd005f1e654b3bde547140917fe696 (7.1-rc4) +CVE-2026-53278 [arm_mpam: Check whether the config array is allocated before destroying it] + - linux 7.0.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6ccbb613b42a1f1ba7bfd547a148f644a902a25c (7.1-rc4) +CVE-2026-53321 [io_uring/napi: cap busy_poll_to 10 msec] + - linux 7.0.10-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/df8599ee18c0e5fe343ffe0b4c379636b8bb839a (7.1-rc2) +CVE-2026-53320 [nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty()] + - linux 7.0.10-1 + [trixie] - linux 6.12.94-1 + NOTE: https://git.kernel.org/linus/be3e5d10643d3be1cbac9d9939f220a99253f980 (7.1-rc1) +CVE-2026-53317 [wifi: mt76: mt7921: Place upper limit on station AID] + - linux 7.0.10-1 + [trixie] - linux 6.12.94-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/4d0bf21e3e20619d51d06c0c36207aabab8b712c (7.1-rc1) +CVE-2026-53314 [padata: Put CPU offline callback in ONLINE section to allow failure] + - linux 7.0.10-1 + [trixie] - linux 6.12.94-1 + NOTE: https://git.kernel.org/linus/c8c4a2972f83c8b68ff03b43cecdb898939ff851 (7.1-rc1) +CVE-2026-53313 [drm/amd/display: Avoid NULL dereference in dc_dmub_srv error paths] + - linux 7.0.10-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/4ae3e16f4b3bf64140f773629b765d605ee079a9 (7.1-rc1) +CVE-2026-53309 [ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison] + - linux 7.0.10-1 + [trixie] - linux 6.12.94-1 + NOTE: https://git.kernel.org/linus/01b61e8dda9b0fdb0d4cda43de25f4e390554d7b (7.1-rc1) +CVE-2026-53308 [power: supply: max77705: Free allocated workqueue and fix removal order] + - linux 7.0.10-1 + [trixie] - linux <not-affected> (Vulnerable code not present) + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/1e668baadefb16e81269dbfebf3ffc2672e3a3bb (7.1-rc1) +CVE-2026-53306 [tty: hvc_iucv: fix off-by-one in number of supported devices] + - linux 7.0.10-1 + [trixie] - linux 6.12.94-1 + NOTE: https://git.kernel.org/linus/f2a880e802ad12d1e38039d1334fb1475d0f5241 (7.1-rc1) +CVE-2026-53304 [scsi: sg: Resolve soft lockup issue when opening /dev/sgX] + - linux 7.0.10-1 + [trixie] - linux 6.12.94-1 + NOTE: https://git.kernel.org/linus/d06a310b45e153872033dd0cf19d5a2279121099 (7.1-rc1) +CVE-2026-53303 [f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()] + - linux 7.0.10-1 + [trixie] - linux 6.12.94-1 + NOTE: https://git.kernel.org/linus/5909bedbed38c558bee7cb6758ceedf9bc3a9194 (7.1-rc1) +CVE-2026-53297 [net: mana: Guard mana_remove against double invocation] + - linux 7.0.10-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/50271d7ec95144d26808025b508f463780517d3c (7.1-rc1) +CVE-2026-53296 [mailbox: mailbox-test: free channels on probe error] + - linux 7.0.10-1 + [trixie] - linux 6.12.94-1 + NOTE: https://git.kernel.org/linus/c02053a9055d5fdfd32432287cca8958db1d5bc5 (7.1-rc2) +CVE-2026-53295 [mailbox: add sanity check for channel array] + - linux 7.0.10-1 + [trixie] - linux 6.12.94-1 + NOTE: https://git.kernel.org/linus/c1aad75595fb67edc7fda8af249d3b886efa1be9 (7.1-rc2) +CVE-2026-53294 [mailbox: mailbox-test: don't free the reused channel] + - linux 7.0.10-1 + [trixie] - linux 6.12.94-1 + NOTE: https://git.kernel.org/linus/88ebadbf0deefdaccdab868b44ff70a0a257f473 (7.1-rc2) +CVE-2026-53292 [net: phonet: do not BUG_ON() in pn_socket_autobind() on failed bind] + - linux 7.0.10-1 + NOTE: https://git.kernel.org/linus/5b0c911bcdbd982f7748d11c0b39ec5808eae2de (7.1-rc2) +CVE-2026-53291 [ALSA: hda/conexant: Fix missing error check for jack detection] + - linux 7.0.10-1 + [trixie] - linux 6.12.94-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b0e2333a231107adedd38c6fcfe1adc6162716fc (7.1-rc2) +CVE-2026-53289 [ice: fix NULL pointer dereference in ice_reset_all_vfs()] + - linux 7.0.10-1 + [trixie] - linux 6.12.94-1 + NOTE: https://git.kernel.org/linus/54ef02487914c24170c7e1c061e45212dc55365e (7.1-rc2) +CVE-2026-53287 [audit: fix incorrect inheritable capability in CAPSET records] + - linux 7.0.10-1 + [trixie] - linux 6.12.94-1 + NOTE: https://git.kernel.org/linus/e4a640475e43f406fdfd56d370b1f34b0cbbc18d (7.1-rc4) +CVE-2026-53285 [drm/amd/display: Wrap DCN32 phantom-plane allocation in DC_RUN_WITH_PREEMPTION_ENABLED] + - linux 7.0.10-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/183182235f6d53bac62c6c39014738a54a68dfa6 (7.1-rc4) +CVE-2026-53284 [btrfs: only release the dirty pages io tree after successful writes] + - linux 7.0.10-1 + NOTE: https://git.kernel.org/linus/4066c55e109475a06d18a1f127c939d551211956 (7.1-rc4) +CVE-2026-53281 [iommu/vt-d: Avoid NULL pointer dereference or refcount corruption] + - linux 7.0.10-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/79ea2feb917b05366b49d85573c9c5331f043b2c (7.1-rc4) +CVE-2026-53279 [drm/gma500/oaktrail_lvds: fix hang on init failure] + - linux 7.0.10-1 + [trixie] - linux 6.12.94-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/657a091ab6d01d0091b77660c75cfed573c9a53e (7.1-rc4) CVE-2026-9699 (Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sa ...) NOT-FOR-US: Mattermost Plugins CVE-2026-9640 (A privilege escalation vulnerability exists in LXD from 6.0 before 6.9 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a544d145924272aff97b997bee69dc46808592fc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a544d145924272aff97b997bee69dc46808592fc You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
