[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Apr 16 14:17:59 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
157bde58 by Salvatore Bonaccorso at 2025-04-16T15:16:30+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2025-22023 [usb: xhci: Don't skip on Stopped - Length Invalid]
+	- linux 6.12.22-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/58d0a3fab5f4fdc112c16a4c6d382f62097afd1c (6.15-rc1)
+CVE-2025-22022 [usb: xhci: Apply the link chain quirk on NEC isoc endpoints]
+	- linux 6.12.22-1
+	NOTE: https://git.kernel.org/linus/bb0ba4cb1065e87f9cc75db1fa454e56d0894d01 (6.15-rc1)
+CVE-2025-22021 [netfilter: socket: Lookup orig tuple for IPv6 SNAT]
+	- linux 6.12.22-1
+	[bookworm] - linux 6.1.133-1
+	NOTE: https://git.kernel.org/linus/932b32ffd7604fb00b5c57e239a3cc4d901ccf6e (6.15-rc1)
+CVE-2025-22020 [memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove]
+	- linux 6.12.22-1
+	[bookworm] - linux 6.1.133-1
+	NOTE: https://git.kernel.org/linus/4676741a3464b300b486e70585c3c9b692be1632 (6.15-rc1)
+CVE-2025-22019 [bcachefs: bch2_ioctl_subvolume_destroy() fixes]
+	- linux 6.12.22-1
+	NOTE: https://git.kernel.org/linus/707549600c4a012ed71c0204a7992a679880bf33 (6.15-rc1)
+CVE-2024-58092 [nfsd: fix legacy client tracking initialization]
+	- linux 6.12.22-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/de71d4e211eddb670b285a0ea477a299601ce1ca (6.14-rc1)
 CVE-2025-3698 (Interface exposure vulnerability in the mobile application (com.transs ...)
 	TODO: check
 CVE-2025-3676 (A vulnerability classified as critical has been found in xxyopen Novel ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/157bde58585bfb6eaf28c3f93d64c2a39a5ee173

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/157bde58585bfb6eaf28c3f93d64c2a39a5ee173
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250416/79ebe268/attachment.htm>

More information about the debian-security-tracker-commits mailing list