[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1caeea21 by Salvatore Bonaccorso at 2025-08-16T14:20:11+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,88 @@
+CVE-2025-38539 [tracing: Add down_write(trace_event_sem) when adding trace event]
+	- linux <unfixed>
+	[trixie] - linux 6.12.41-1
+	[bookworm] - linux 6.1.147-1
+	NOTE: https://git.kernel.org/linus/b5e8acc14dcb314a9b61ff19dcd9fdd0d88f70df (6.16-rc7)
+CVE-2025-38538 [dmaengine: nbpfaxi: Fix memory corruption in probe()]
+	- linux <unfixed>
+	[trixie] - linux 6.12.41-1
+	[bookworm] - linux 6.1.147-1
+	NOTE: https://git.kernel.org/linus/188c6ba1dd925849c5d94885c8bbdeb0b3dcf510 (6.16-rc7)
+CVE-2025-38537 [net: phy: Don't register LEDs for genphy]
+	- linux <unfixed>
+	[trixie] - linux 6.12.41-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f0f2b992d8185a0366be951685e08643aae17d6d (6.16-rc7)
+CVE-2025-38536 [net: airoha: fix potential use-after-free in airoha_npu_get()]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3cd582e7d0787506990ef0180405eb6224fa90a6 (6.16-rc7)
+CVE-2025-38535 [phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode]
+	- linux <unfixed>
+	[trixie] - linux 6.12.41-1
+	[bookworm] - linux 6.1.147-1
+	NOTE: https://git.kernel.org/linus/cefc1caee9dd06c69e2d807edc5949b329f52b22 (6.16-rc7)
+CVE-2025-38534 [netfs: Fix copy-to-cache so that it performs collection with ceph+fscache]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4c238e30774e3022a505fa54311273add7570f13 (6.16-rc7)
+CVE-2025-38533 [net: libwx: fix the using of Rx buffer DMA]
+	- linux <unfixed>
+	[trixie] - linux 6.12.41-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/5fd77cc6bd9b368431a815a780e407b7781bcca0 (6.16-rc7)
+CVE-2025-38532 [net: libwx: properly reset Rx ring descriptor]
+	- linux <unfixed>
+	[trixie] - linux 6.12.41-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d992ed7e1b687ad7df0763d3e015a5358646210b (6.16-rc7)
+CVE-2025-38531 [iio: common: st_sensors: Fix use of uninitialize device structs]
+	- linux <unfixed>
+	[trixie] - linux 6.12.41-1
+	NOTE: https://git.kernel.org/linus/9f92e93e257b33e73622640a9205f8642ec16ddd (6.16-rc7)
+CVE-2025-38530 [comedi: pcl812: Fix bit shift out of bounds]
+	- linux <unfixed>
+	[trixie] - linux 6.12.41-1
+	[bookworm] - linux 6.1.147-1
+	NOTE: https://git.kernel.org/linus/b14b076ce593f72585412fc7fd3747e03a5e3632 (6.16-rc7)
+CVE-2025-38529 [comedi: aio_iiro_16: Fix bit shift out of bounds]
+	- linux <unfixed>
+	[trixie] - linux 6.12.41-1
+	[bookworm] - linux 6.1.147-1
+	NOTE: https://git.kernel.org/linus/66acb1586737a22dd7b78abc63213b1bcaa100e4 (6.16-rc7)
+CVE-2025-38528 [bpf: Reject %p% format string in bprintf-like helpers]
+	- linux <unfixed>
+	[trixie] - linux 6.12.41-1
+	[bookworm] - linux 6.1.147-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f8242745871f81a3ac37f9f51853d12854fd0b58 (6.16-rc7)
+CVE-2025-38527 [smb: client: fix use-after-free in cifs_oplock_break]
+	- linux <unfixed>
+	[trixie] - linux 6.12.41-1
+	[bookworm] - linux 6.1.147-1
+	NOTE: https://git.kernel.org/linus/705c79101ccf9edea5a00d761491a03ced314210 (6.16-rc7)
+CVE-2025-38526 [ice: add NULL check in eswitch lag check]
+	- linux <unfixed>
+	[trixie] - linux 6.12.41-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3ce58b01ada408b372f15b7c992ed0519840e3cf (6.16-rc7)
+CVE-2025-38525 [rxrpc: Fix irq-disabled in local_bh_enable()]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/e4d2878369d590bf8455e3678a644e503172eafa (6.16-rc7)
+CVE-2025-38524 [rxrpc: Fix recv-recv race of completed call]
+	- linux <unfixed>
+	[trixie] - linux 6.12.41-1
+	NOTE: https://git.kernel.org/linus/962fb1f651c2cf2083e0c3ef53ba69e3b96d3fbc (6.16-rc7)
+CVE-2025-38523 [cifs: Fix the smbd_response slab to allow usercopy]
+	- linux 6.12.37-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/43e7e284fc77b710d899569360ea46fa3374ae22 (6.16-rc4)
+CVE-2025-38522 [sched/ext: Prevent update_locked_rq() calls with NULL rq]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/e14fd98c6d66cb76694b12c05768e4f9e8c95664 (6.16-rc7)
 CVE-2025-38521 [drm/imagination: Fix kernel crash when hard resetting the GPU]
 	- linux <unfixed>
 	[trixie] - linux 6.12.41-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1caeea2116476c238f25ff2b3a95c00d2ba8ed38

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1caeea2116476c238f25ff2b3a95c00d2ba8ed38
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250816/1bc18f54/attachment-0001.htm>