[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 1 18:46:16 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f988d2ab by Salvatore Bonaccorso at 2025-04-01T19:46:05+02:00
Merge Linux CVEs from kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,355 @@
+CVE-2025-21986 [net: switchdev: Convert blocking notification chain to a raw one]
+ - linux 6.12.20-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/62531a1effa87bdab12d5104015af72e60d926ff (6.14-rc7)
+CVE-2025-21985 [drm/amd/display: Fix out-of-bound accesses]
+ - linux 6.12.20-1
+ NOTE: https://git.kernel.org/linus/8adbb2a98b00926315fd513b5fe2596b5716b82d (6.14-rc2)
+CVE-2025-21984 [mm: fix kernel BUG when userfaultfd_move encounters swapcache]
+ - linux 6.12.20-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/c50f8e6053b0503375c2975bf47f182445aebb4c (6.14-rc6)
+CVE-2025-21983 [mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq]
+ - linux 6.12.20-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/dfd3df31c9db752234d7d2e09bef2aeabb643ce4 (6.14-rc6)
+CVE-2025-21982 [pinctrl: nuvoton: npcm8xx: Add NULL check in npcm8xx_gpio_fw]
+ - linux 6.12.20-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/acf40ab42799e4ae1397ee6f5c5941092d66f999 (6.14-rc7)
+CVE-2025-21981 [ice: fix memory leak in aRFS after reset]
+ - linux 6.12.20-1
+ NOTE: https://git.kernel.org/linus/23d97f18901ef5e4e264e3b1777fe65c760186b5 (6.14-rc7)
+CVE-2025-21980 [sched: address a potential NULL pointer dereference in the GRED scheduler.]
+ - linux 6.12.20-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/115ef44a98220fddfab37a39a19370497cd718b9 (6.14-rc7)
+CVE-2025-21979 [wifi: cfg80211: cancel wiphy_work before freeing wiphy]
+ - linux 6.12.20-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/72d520476a2fab6f3489e8388ab524985d6c4b90 (6.14-rc7)
+CVE-2025-21978 [drm/hyperv: Fix address space leak when Hyper-V DRM device is removed]
+ - linux 6.12.20-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/aed709355fd05ef747e1af24a1d5d78cd7feb81e (6.14-rc7)
+CVE-2025-21977 [fbdev: hyperv_fb: Fix hang in kdump kernel when on Hyper-V Gen 2 VMs]
+ - linux 6.12.20-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/304386373007aaca9236a3f36afac0bbedcd2bf0 (6.14-rc7)
+CVE-2025-21976 [fbdev: hyperv_fb: Allow graceful removal of framebuffer]
+ - linux 6.12.20-1
+ NOTE: https://git.kernel.org/linus/ea2f45ab0e53b255f72c85ccd99e2b394fc5fceb (6.14-rc7)
+CVE-2025-21975 [net/mlx5: handle errors in mlx5_chains_create_table()]
+ - linux 6.12.20-1
+ NOTE: https://git.kernel.org/linus/eab0396353be1c778eba1c0b5180176f04dd21ce (6.14-rc7)
+CVE-2025-21974 [eth: bnxt: return fail if interface is down in bnxt_queue_mem_alloc()]
+ - linux 6.12.20-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ca2456e073957781e1184de68551c65161b2bd30 (6.14-rc7)
+CVE-2025-21973 [Description:]
+ - linux 6.12.20-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f09af5fdfbd9b0fcee73aab1116904c53b199e97 (6.14-rc7)
+CVE-2025-21972 [net: mctp: unshare packets when reassembling]
+ - linux 6.12.20-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f5d83cf0eeb90fade4d5c4d17d24b8bee9ceeecc (6.14-rc7)
+CVE-2025-21971 [net_sched: Prevent creation of classes with TC_H_ROOT]
+ - linux 6.12.20-1
+ NOTE: https://git.kernel.org/linus/0c3057a5a04d07120b3d0ec9c79568fceb9c921e (6.14-rc7)
+CVE-2025-21970 [net/mlx5: Bridge, fix the crash caused by LAG state check]
+ - linux 6.12.20-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/4b8eeed4fb105770ce6dc84a2c6ef953c7b71cbb (6.14-rc7)
+CVE-2025-21969 [Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd]
+ - linux 6.12.20-1
+ NOTE: https://git.kernel.org/linus/b4f82f9ed43aefa79bec2504ae8c29be0c0f5d1d (6.14-rc3)
+CVE-2025-21968 [drm/amd/display: Fix slab-use-after-free on hdcp_work]
+ - linux 6.12.20-1
+ NOTE: https://git.kernel.org/linus/e65e7bea220c3ce8c4c793b4ba35557f4994ab2b (6.14-rc7)
+CVE-2025-21967 [ksmbd: fix use-after-free in ksmbd_free_work_struct]
+ - linux 6.12.20-1
+ NOTE: https://git.kernel.org/linus/bb39ed47065455604729404729d9116868638d31 (6.14-rc7)
+CVE-2025-21966 [dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature]
+ - linux 6.12.20-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/57e9417f69839cb10f7ffca684c38acd28ceb57b (6.14-rc7)
+CVE-2025-21965 [sched_ext: Validate prev_cpu in scx_bpf_select_cpu_dfl()]
+ - linux 6.12.20-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9360dfe4cbd62ff1eb8217b815964931523b75b3 (6.14-rc7)
+CVE-2025-21964 [cifs: Fix integer overflow while processing acregmax mount option]
+ - linux 6.12.20-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/7489161b1852390b4413d57f2457cd40b34da6cc (6.14-rc7)
+CVE-2025-21963 [cifs: Fix integer overflow while processing acdirmax mount option]
+ - linux 6.12.20-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/5b29891f91dfb8758baf1e2217bef4b16b2b165b (6.14-rc7)
+CVE-2025-21962 [cifs: Fix integer overflow while processing closetimeo mount option]
+ - linux 6.12.20-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/d5a30fddfe2f2e540f6c43b59cf701809995faef (6.14-rc7)
+CVE-2025-21961 [eth: bnxt: fix truesize for mb-xdp-pass case]
+ - linux 6.12.20-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9f7b2aa5034e24d3c49db73d5f760c0435fe31c2 (6.14-rc7)
+CVE-2025-21960 [eth: bnxt: do not update checksum in bnxt_xdp_build_skb()]
+ - linux 6.12.20-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/c03e7d05aa0e2f7e9a9ce5ad8a12471a53f941dc (6.14-rc7)
+CVE-2025-21959 [netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree()]
+ - linux 6.12.20-1
+ NOTE: https://git.kernel.org/linus/d653bfeb07ebb3499c403404c21ac58a16531607 (6.14-rc7)
+CVE-2025-21958 [Revert "openvswitch: switch to per-action label counting in conntrack"]
+ - linux 6.12.20-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/1063ae07383c0ddc5bcce170260c143825846b03 (6.14-rc7)
+CVE-2025-21957 [scsi: qla1280: Fix kernel oops when debug level > 2]
+ - linux 6.12.20-1
+ NOTE: https://git.kernel.org/linus/5233e3235dec3065ccc632729675575dbe3c6b8a (6.14-rc2)
+CVE-2025-21956 [drm/amd/display: Assign normalized_pix_clk when color depth = 14]
+ - linux 6.12.20-1
+ NOTE: https://git.kernel.org/linus/79e31396fdd7037c503e6add15af7cb00633ea92 (6.14-rc7)
+CVE-2025-21955 [ksmbd: prevent connection release during oplock break notification]
+ - linux 6.12.20-1
+ NOTE: https://git.kernel.org/linus/3aa660c059240e0c795217182cf7df32909dd917 (6.14-rc7)
+CVE-2025-21954 [netmem: prevent TX of unreadable skbs]
+ - linux 6.12.20-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f3600c867c99a2cc8038680ecf211089c50e7971 (6.14-rc7)
+CVE-2025-21953 [net: mana: cleanup mana struct after debugfs_remove()]
+ - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/3e64bb2ae7d9f2b3a8259d4d6b86ed1984d5460a (6.14-rc7)
+CVE-2025-21952 [HID: corsair-void: Update power supply values with a unified work handler]
+ - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/0c28e4d1e10d2aae608094620bb386e6fd73d55e (6.14-rc6)
+CVE-2025-21951 [bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock]
+ - linux 6.12.19-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/a321d163de3d8aa38a6449ab2becf4b1581aed96 (6.14-rc6)
+CVE-2025-21950 [drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl]
+ - linux 6.12.19-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/819cec1dc47cdeac8f5dd6ba81c1dbee2a68c3bb (6.14-rc6)
+CVE-2025-21949 [LoongArch: Set hugetlb mmap base address aligned with pmd size]
+ - linux <unfixed>
+ NOTE: https://git.kernel.org/linus/3109d5ff484b7bc7b955f166974c6776d91f247b (6.14-rc6)
+CVE-2025-21948 [HID: appleir: Fix potential NULL dereference at raw event handle]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/2ff5baa9b5275e3acafdf7f2089f74cccb2f38d1 (6.14-rc6)
+CVE-2025-21947 [ksmbd: fix type confusion via race condition when using ipc_msg_send_request]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/e2ff19f0b7a30e03516e6eb73b948e27a55bc9d2 (6.14-rc6)
+CVE-2025-21946 [ksmbd: fix out-of-bounds in parse_sec_desc()]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/d6e13e19063db24f94b690159d0633aaf72a0f03 (6.14-rc6)
+CVE-2025-21945 [ksmbd: fix use-after-free in smb2_lock]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/84d2d1641b71dec326e8736a749b7ee76a9599fc (6.14-rc6)
+CVE-2025-21944 [ksmbd: fix bug on trap in smb2_lock]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/e26e2d2e15daf1ab33e0135caf2304a0cfa2744b (6.14-rc6)
+CVE-2025-21943 [gpio: aggregator: protect driver attr handlers against module unload]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/12f65d1203507f7db3ba59930fe29a3b8eee9945 (6.14-rc6)
+CVE-2025-21942 [btrfs: zoned: fix extent range end unlock in cow_file_range()]
+ - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/5a4041f2c47247575a6c2e53ce14f7b0ac946c33 (6.14-rc6)
+CVE-2025-21941 [drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/374c9faac5a763a05bc3f68ad9f73dab3c6aec90 (6.14-rc6)
+CVE-2025-21940 [drm/amdkfd: Fix NULL Pointer Dereference in KFD queue]
+ - linux 6.12.19-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/fd617ea3b79d2116d53f76cdb5a3601c0ba6e42f (6.14-rc6)
+CVE-2025-21939 [drm/xe/hmm: Don't dereference struct page pointers without notifier lock]
+ - linux 6.12.19-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/0a98219bcc961edd3388960576e4353e123b4a51 (6.14-rc6)
+CVE-2025-21938 [mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr]
+ - linux 6.12.19-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/022bfe24aad8937705704ff2e414b100cf0f2e1a (6.14-rc6)
+CVE-2025-21937 [Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()]
+ - linux 6.12.19-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f2176a07e7b19f73e05c805cf3d130a2999154cb (6.14-rc6)
+CVE-2025-21936 [Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()]
+ - linux 6.12.19-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/d8df010f72b8a32aaea393e36121738bb53ed905 (6.14-rc6)
+CVE-2025-21935 [rapidio: add check for rio_add_net() in rio_scan_alloc_net()]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/e842f9a1edf306bf36fe2a4d847a0b0d458770de (6.14-rc6)
+CVE-2025-21934 [rapidio: fix an API misues when rio_add_net() fails]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/b2ef51c74b0171fde7eb69b6152d3d2f743ef269 (6.14-rc6)
+CVE-2025-21933 [arm: pgtable: fix NULL pointer dereference issue]
+ - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/a564ccfe300fa6a065beda06ab7f3c140d6b4d63 (6.14-rc6)
+CVE-2025-21932 [mm: abort vma_modify() on merge out of memory failure]
+ - linux 6.12.19-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/47b16d0462a460000b8f05dfb1292377ac48f3ca (6.14-rc6)
+CVE-2025-21931 [hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/af288a426c3e3552b62595c6138ec6371a17dbba (6.14-rc6)
+CVE-2025-21930 [wifi: iwlwifi: mvm: don't try to talk to a dead firmware]
+ - linux 6.12.19-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/d73d2c6e3313f0ba60711ab4f4b9044eddca9ca5 (6.14-rc6)
+CVE-2025-21929 [HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove()]
+ - linux 6.12.19-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/823987841424289339fdb4ba90e6d2c3792836db (6.14-rc6)
+CVE-2025-21928 [HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/07583a0010696a17fb0942e0b499a62785c5fc9f (6.14-rc6)
+CVE-2025-21927 [nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/ad95bab0cd28ed77c2c0d0b6e76e03e031391064 (6.14-rc6)
+CVE-2025-21926 [net: gso: fix ownership in __udp_gso_segment]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/ee01b2f2d7d0010787c2343463965bbc283a497f (6.14-rc6)
+CVE-2025-21925 [llc: do not use skb_get() before dev_queue_xmit()]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/64e6a754d33d31aa844b3ee66fb93ac84ca1565e (6.14-rc6)
+CVE-2025-21924 [net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error]
+ - linux 6.12.19-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b7365eab39831487a84e63a9638209b68dc54008 (6.14-rc6)
+CVE-2025-21923 [HID: hid-steam: Fix use-after-free when detaching device]
+ - linux 6.12.19-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/e53fc232a65f7488ab75d03a5b95f06aaada7262 (6.14-rc6)
+CVE-2025-21922 [ppp: Fix KMSAN uninit-value warning with bpf]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/4c2d14c40a68678d885eab4008a0129646805bae (6.14-rc6)
+CVE-2025-21921 [net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device]
+ - linux 6.12.19-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/637399bf7e77797811adf340090b561a8f9d1213 (6.14-rc6)
+CVE-2025-21920 [vlan: enforce underlying device type]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/b33a534610067ade2bdaf2052900aaad99701353 (6.14-rc6)
+CVE-2025-21919 [sched/fair: Fix potential memory corruption in child_cfs_rq_on_list]
+ - linux 6.12.19-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/3b4035ddbfc8e4521f85569998a7569668cccf51 (6.14-rc6)
+CVE-2025-21918 [usb: typec: ucsi: Fix NULL pointer access]
+ - linux 6.12.19-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b13abcb7ddd8d38de769486db5bd917537b32ab1 (6.14-rc6)
+CVE-2025-21917 [usb: renesas_usbhs: Flush the notify_hotplug_work]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/552ca6b87e3778f3dd5b87842f95138162e16c82 (6.14-rc6)
+CVE-2025-21916 [usb: atm: cxacru: fix a flaw in existing endpoint checks]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/c90aad369899a607cfbc002bebeafd51e31900cd (6.14-rc6)
+CVE-2025-21915 [cdx: Fix possible UAF error in driver_override_show()]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/91d44c1afc61a2fec37a9c7a3485368309391e0b (6.14-rc6)
+CVE-2025-21914 [slimbus: messaging: Free transaction ID in delayed interrupt scenario]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/dcb0d43ba8eb9517e70b1a0e4b0ae0ab657a0e5a (6.14-rc6)
+CVE-2025-21913 [x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range()]
+ - linux 6.12.19-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/14cb5d83068ecf15d2da6f7d0e9ea9edbcbc0457 (6.14-rc6)
+CVE-2025-21912 [gpio: rcar: Use raw_spinlock to protect register access]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/f02c41f87cfe61440c18bf77d1ef0a884b9ee2b5 (6.14-rc6)
+CVE-2025-21911 [drm/imagination: avoid deadlock on fence release]
+ - linux 6.12.19-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/df1a1ed5e1bdd9cc13148e0e5549f5ebcf76cf13 (6.14-rc6)
+CVE-2025-21910 [wifi: cfg80211: regulatory: improve invalid hints checking]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/59b348be7597c4a9903cb003c69e37df20c04a30 (6.14-rc6)
+CVE-2025-21909 [wifi: nl80211: reject cooked mode if it is set along with other flags]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/49f27f29446a5bfe633dd2cc0cfebd48a1a5e77f (6.14-rc6)
+CVE-2025-21908 [NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback]
+ - linux 6.12.19-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ce6d9c1c2b5cc785016faa11b48b6cd317eb367e (6.14-rc6)
+CVE-2025-21907 [mm: memory-failure: update ttu flag inside unmap_poisoned_folio]
+ - linux 6.12.19-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b81679b1633aa43c0d973adfa816d78c1ed0d032 (6.14-rc6)
+CVE-2025-21906 [wifi: iwlwifi: mvm: clean up ROC on failure]
+ - linux 6.12.19-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f9751163bffd3fe60794929829f810968c6de73d (6.14-rc6)
+CVE-2025-21905 [wifi: iwlwifi: limit printed string from FW file]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/e0dc2c1bef722cbf16ae557690861e5f91208129 (6.14-rc6)
+CVE-2025-21904 [caif_virtio: fix wrong pointer check in cfv_probe()]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/a466fd7e9fafd975949e5945e2f70c33a94b1a70 (6.14-rc6)
+CVE-2025-21903 [mctp i3c: handle NULL header address]
+ - linux 6.12.19-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/cf7ee25e70c6edfac4553d6b671e8b19db1d9573 (6.14-rc6)
+CVE-2025-21902 [acpi: typec: ucsi: Introduce a ->poll_cci method]
+ - linux 6.12.19-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/976e7e9bdc7719a023a4ecccd2e3daec9ab20a40 (6.14-rc6)
+CVE-2025-21901 [RDMA/bnxt_re: Add sanity checks on rdev validity]
+ - linux 6.12.19-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f0df225d12fcb049429fb5bf5122afe143c2dd15 (6.14-rc5)
+CVE-2025-21900 [NFSv4: Fix a deadlock when recovering state on a sillyrenamed file]
+ - linux 6.12.19-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/8f8df955f078e1a023ee55161935000a67651f38 (6.14-rc5)
+CVE-2025-21899 [tracing: Fix bad hist from corrupting named_triggers list]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/6f86bdeab633a56d5c6dccf1a2c5989b6a5e323e (6.14-rc5)
+CVE-2025-21898 [ftrace: Avoid potential division by zero in function_stat_show()]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/a1a7eb89ca0b89dc1c326eeee2596f263291aca3 (6.14-rc5)
+CVE-2025-21897 [sched_ext: Fix pick_task_scx() picking non-queued tasks when it's called without balance()]
+ - linux 6.12.19-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/8fef0a3b17bb258130a4fcbcb5addf94b25e9ec5 (6.14-rc5)
+CVE-2025-21896 [fuse: revert back to __readahead_folio() for readahead]
+ - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/0c67c37e1710b2a8f61c8a02db95a51fe577e2c1 (6.14-rc5)
+CVE-2025-21895 [perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list]
+ - linux 6.12.19-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/2016066c66192a99d9e0ebf433789c490a6785a2 (6.14-rc5)
+CVE-2025-21894 [net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC]
+ - linux 6.12.19-1
+ NOTE: https://git.kernel.org/linus/a562d0c4a893eae3ea51d512c4d90ab858a6b7ec (6.14-rc5)
CVE-2025-3034
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/#CVE-2025-3034
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f988d2ab73ddbaa97fb45a537a4773857ea717a1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f988d2ab73ddbaa97fb45a537a4773857ea717a1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250401/7a8d953b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list