Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a544d145 by Salvatore Bonaccorso at 2026-06-27T09:06:22+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,246 @@
+CVE-2026-53324 [net: mana: Use pci_name() for debugfs directory naming]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/c116f07ab9d22bb6f355f3cf9e44c1e6a47fe559 (7.1-rc1)
+CVE-2026-53323 [net: dsa: remove redundant netdev_lock_ops() from conduit 
ethtool ops]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/0f99e0c3e19badaf3fdced0d3feba623e59eed41 (7.1-rc1)
+CVE-2026-53322 [vfio/pci: Clean up DMABUFs before disabling function]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/d97708701434ce72968e771976aaf9d3438fcafd (7.1-rc1)
+CVE-2026-53319 [blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_default()]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/e9b004ff83067cdf96774b45aea4b239ace99a2f (7.1-rc1)
+CVE-2026-53318 [wifi: mt76: mt7925: prevent NULL pointer dereference in 
mt7925_tx_check_aggr()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/83ae3a18ba957257b4c406273d2da2caeea2b439 (7.1-rc1)
+CVE-2026-53316 [drm/amd/ras: Fix NULL deref in 
ras_core_ras_interrupt_detected()]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/6b606216e03fa2b53cc179d8383b683a140fe6e1 (7.1-rc1)
+CVE-2026-53315 [drm/amd/ras: Fix NULL deref in 
ras_core_get_utc_second_timestamp()]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/2b8101cc3b34d4d80d799360d2744829d5964479 (7.1-rc1)
+CVE-2026-53312 [iommu/riscv: Remove overflows on the invalidation path]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/40a13b49957937427bc23e78eb50679df4396a47 (7.1-rc1)
+CVE-2026-53311 [fuse: fix uninit-value in fuse_dentry_revalidate()]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/5a6baf204610589f8a5b5a1cd69d1fe661d9d3cd (7.1-rc1)
+CVE-2026-53310 [soc/tegra: cbb: Fix cross-fabric target timeout lookup]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/a5f51b04cbb3ae0f9cb2c4488952b775ebb0ccbf (7.1-rc1)
+CVE-2026-53307 [pinctrl: pinconf-generic: Fully validate 'pinmux' property]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/c98324ea7849b6e5baa1774f71709b375a2c2f9e (7.1-rc1)
+CVE-2026-53305 [usb: typec: ps883x: Fix Oops at unbind]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/381133848a033c2086cf9cafb226f425bd0414ff (7.1-rc1)
+CVE-2026-53302 [crypto: eip93 - fix hmac setkey algo selection]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/3ba3b02f897b14e34977e1886d95ffe64d907204 (7.1-rc1)
+CVE-2026-53301 [reset: amlogic: t7: Fix null reset ops]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/9797524ef2b69c6b187b55bd844eb72a8c1cbd99 (7.1-rc1)
+CVE-2026-53300 [net: enetc: fix NTMP DMA use-after-free issue]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/3cade698881eb238f88cbbfec82acc2110440a3f (7.1-rc1)
+CVE-2026-53299 [net: airoha: Move ndesc initialization at end of 
airoha_qdma_init_tx()]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/f329924bb49458c65297f1361f545816a5b90998 (7.1-rc1)
+CVE-2026-53298 [net: airoha: Move ndesc initialization at end of 
airoha_qdma_init_rx_queue()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/379050947a1828826ad7ea50c95245a56929b35a (7.1-rc1)
+CVE-2026-53293 [drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/0ef196a208385b7d7da79f411c161b04e97283e2 (7.1-rc2)
+CVE-2026-53290 [drm/xe/eustall: Fix drm_dev_put called before stream disable 
in close]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/dc2d9842c67d883d3200ae33b9c3859dd9492408 (7.1-rc2)
+CVE-2026-53288 [arm64: Reserve an extra page for early kernel mapping]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/4d8e74ad4585672489da6145b3328d415f50db82 (7.1-rc2)
+CVE-2026-53286 [idpf: fix double free and use-after-free in aux device error 
paths]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/6c77b9510829a424d1b74409b7db9456e3522871 (7.1-rc4)
+CVE-2026-53283 [iommu/amd: Bounds-check devid in __rlookup_amd_iommu()]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/07d0f496fe7ec5abe3bee7e38be709521567bb33 (7.1-rc4)
+CVE-2026-53282 [x86/kexec: Push kjump return address even for non-kjump kexec]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/786a45757dcdf8f2beb9d4a6db605db16c18b2b4 (7.1-rc4)
+CVE-2026-53280 [iommu: Fix NULL group->domain dereference in 
pci_dev_reset_iommu_done()]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/d769711fcddd005f1e654b3bde547140917fe696 (7.1-rc4)
+CVE-2026-53278 [arm_mpam: Check whether the config array is allocated before 
destroying it]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/6ccbb613b42a1f1ba7bfd547a148f644a902a25c (7.1-rc4)
+CVE-2026-53321 [io_uring/napi: cap busy_poll_to 10 msec]
+       - linux 7.0.10-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/df8599ee18c0e5fe343ffe0b4c379636b8bb839a (7.1-rc2)
+CVE-2026-53320 [nilfs2: reject zero bd_oblocknr in 
nilfs_ioctl_mark_blocks_dirty()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/be3e5d10643d3be1cbac9d9939f220a99253f980 (7.1-rc1)
+CVE-2026-53317 [wifi: mt76: mt7921: Place upper limit on station AID]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/4d0bf21e3e20619d51d06c0c36207aabab8b712c (7.1-rc1)
+CVE-2026-53314 [padata: Put CPU offline callback in ONLINE section to allow 
failure]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/c8c4a2972f83c8b68ff03b43cecdb898939ff851 (7.1-rc1)
+CVE-2026-53313 [drm/amd/display: Avoid NULL dereference in dc_dmub_srv error 
paths]
+       - linux 7.0.10-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/4ae3e16f4b3bf64140f773629b765d605ee079a9 (7.1-rc1)
+CVE-2026-53309 [ocfs2/dlm: fix off-by-one in dlm_match_regions() region 
comparison]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/01b61e8dda9b0fdb0d4cda43de25f4e390554d7b (7.1-rc1)
+CVE-2026-53308 [power: supply: max77705: Free allocated workqueue and fix 
removal order]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/1e668baadefb16e81269dbfebf3ffc2672e3a3bb (7.1-rc1)
+CVE-2026-53306 [tty: hvc_iucv: fix off-by-one in number of supported devices]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/f2a880e802ad12d1e38039d1334fb1475d0f5241 (7.1-rc1)
+CVE-2026-53304 [scsi: sg: Resolve soft lockup issue when opening /dev/sgX]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/d06a310b45e153872033dd0cf19d5a2279121099 (7.1-rc1)
+CVE-2026-53303 [f2fs: protect extension_list reading with sb_lock in 
f2fs_sbi_show()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/5909bedbed38c558bee7cb6758ceedf9bc3a9194 (7.1-rc1)
+CVE-2026-53297 [net: mana: Guard mana_remove against double invocation]
+       - linux 7.0.10-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/50271d7ec95144d26808025b508f463780517d3c (7.1-rc1)
+CVE-2026-53296 [mailbox: mailbox-test: free channels on probe error]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/c02053a9055d5fdfd32432287cca8958db1d5bc5 (7.1-rc2)
+CVE-2026-53295 [mailbox: add sanity check for channel array]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/c1aad75595fb67edc7fda8af249d3b886efa1be9 (7.1-rc2)
+CVE-2026-53294 [mailbox: mailbox-test: don't free the reused channel]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/88ebadbf0deefdaccdab868b44ff70a0a257f473 (7.1-rc2)
+CVE-2026-53292 [net: phonet: do not BUG_ON() in pn_socket_autobind() on failed 
bind]
+       - linux 7.0.10-1
+       NOTE: 
https://git.kernel.org/linus/5b0c911bcdbd982f7748d11c0b39ec5808eae2de (7.1-rc2)
+CVE-2026-53291 [ALSA: hda/conexant: Fix missing error check for jack detection]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/b0e2333a231107adedd38c6fcfe1adc6162716fc (7.1-rc2)
+CVE-2026-53289 [ice: fix NULL pointer dereference in ice_reset_all_vfs()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/54ef02487914c24170c7e1c061e45212dc55365e (7.1-rc2)
+CVE-2026-53287 [audit: fix incorrect inheritable capability in CAPSET records]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/e4a640475e43f406fdfd56d370b1f34b0cbbc18d (7.1-rc4)
+CVE-2026-53285 [drm/amd/display: Wrap DCN32 phantom-plane allocation in 
DC_RUN_WITH_PREEMPTION_ENABLED]
+       - linux 7.0.10-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/183182235f6d53bac62c6c39014738a54a68dfa6 (7.1-rc4)
+CVE-2026-53284 [btrfs: only release the dirty pages io tree after successful 
writes]
+       - linux 7.0.10-1
+       NOTE: 
https://git.kernel.org/linus/4066c55e109475a06d18a1f127c939d551211956 (7.1-rc4)
+CVE-2026-53281 [iommu/vt-d: Avoid NULL pointer dereference or refcount 
corruption]
+       - linux 7.0.10-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/79ea2feb917b05366b49d85573c9c5331f043b2c (7.1-rc4)
+CVE-2026-53279 [drm/gma500/oaktrail_lvds: fix hang on init failure]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/657a091ab6d01d0091b77660c75cfed573c9a53e (7.1-rc4)
 CVE-2026-9699 (Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 
fail to sa ...)
        NOT-FOR-US: Mattermost Plugins
 CVE-2026-9640 (A privilege escalation vulnerability exists in LXD from 6.0 
before 6.9 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a544d145924272aff97b997bee69dc46808592fc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a544d145924272aff97b997bee69dc46808592fc
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to