[Git][security-tracker-team/security-tracker][master] Add new batch of Linux CVEs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 19 20:16:54 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
daf4950e by Salvatore Bonaccorso at 2025-08-19T21:16:28+02:00
Add new batch of Linux CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,216 @@
+CVE-2025-38615 [fs/ntfs3: cancle set bad inode after removing name fails]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d99208b91933fd2a58ed9ed321af07dacd06ddc3 (6.17-rc1)
+CVE-2025-38614 [eventpoll: Fix semi-unbounded recursion]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/f2e467a48287c868818085aa35389a224d226732 (6.17-rc1)
+CVE-2025-38613 [staging: gpib: fix unset padding field copy back to userspace]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a739d3b13bff0dfa1aec679d08c7062131a2a425 (6.17-rc1)
+CVE-2025-38612 [staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/eb2cb7dab60f9be0b435ac4a674255429a36d72c (6.17-rc1)
+CVE-2025-38611 [vmci: Prevent the dispatching of uninitialized payloads]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/bfb4cf9fb97e4063f0aa62e9e398025fb6625031 (6.17-rc1)
+CVE-2025-38610 [powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw()]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/46dc57406887dd02565cb264224194a6776d882b (6.17-rc1)
+CVE-2025-38609 [PM / devfreq: Check governor before using governor->name]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/bab7834c03820eb11269bc48f07c3800192460d2 (6.17-rc1)
+CVE-2025-38608 [bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/178f6a5c8cb3b6be1602de0964cd440243f493c9 (6.17-rc1)
+CVE-2025-38607 [bpf: handle jset (if a Description: b ...) as a jump in CFG computation]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3157f7e2999616ac91f4d559a8566214f74000a5 (6.17-rc1)
+CVE-2025-38606 [wifi: ath12k: Avoid accessing uninitialized arvif->ar during beacon miss]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/36670b67de18f1e5d34900c5d2ac60a8970c293c (6.17-rc1)
+CVE-2025-38605 [wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type()]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/05062834350f0bf7ad1abcebc2807220e90220eb (6.17-rc1)
+CVE-2025-38604 [wifi: rtl818x: Kill URBs before clearing tx status queue]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/16d8fd74dbfca0ea58645cd2fca13be10cae3cdd (6.17-rc1)
+CVE-2025-38603 [drm/amdgpu: fix slab-use-after-free in amdgpu_userq_mgr_fini+0x70c]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/5fb90421fa0fbe0a968274912101fe917bf1c47b (6.17-rc1)
+CVE-2025-38602 [iwlwifi: Add missing check for alloc_ordered_workqueue]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/90a0d9f339960448a3acc1437a46730f975efd6a (6.17-rc1)
+CVE-2025-38601 [wifi: ath11k: clear initialized flag for deinit-ed srng lists]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/a5b46aa7cf5f05c213316a018e49a8e086efd98e (6.17-rc1)
+CVE-2025-38600 [wifi: mt76: mt7925: fix off by one in mt7925_mcu_hw_scan()]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/b3a431fe2e399b2e0cc5f43f7e9d63d63d3710ee (6.17-rc1)
+CVE-2025-38599 [wifi: mt76: mt7996: Fix possible OOB access in mt7996_tx()]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/64cbf0d7ce9afe20666da90ec6ecaec6ba5ac64b (6.17-rc1)
+CVE-2025-38598 [drm/amdgpu: fix use-after-free in amdgpu_userq_suspend+0x51a/0x5a0]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a886d26f2c8f9e3f3c1869ae368d09c75daac553 (6.17-rc1)
+CVE-2025-38597 [drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f9f68bf1d0efeadb6c427c9dbb30f307a7def19b (6.17-rc1)
+CVE-2025-38596 [drm/panthor: Fix UAF in panthor_gem_create_with_handle() debugfs code]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/fe69a391808404977b1f002a6e7447de3de7a88e (6.17-rc1)
+CVE-2025-38595 [xen: fix UAF in dmabuf_exp_from_pages()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/532c8b51b3a8676cbf533a291f8156774f30ea87 (6.17-rc1)
+CVE-2025-38594 [iommu/vt-d: Fix UAF on sva unbind with pending IOPFs]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f0b9d31c6edd50a6207489cd1bd4ddac814b9cd2 (6.17-rc1)
+CVE-2025-38593 [Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()']
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/2935e556850e9c94d7a00adf14d3cd7fe406ac03 (6.17-rc1)
+CVE-2025-38592 [Bluetooth: hci_devcd_dump: fix out-of-bounds via dev_coredumpv]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/7af4d7b53502286c6cf946d397ab183e76d14820 (6.17-rc1)
+CVE-2025-38591 [bpf: Reject narrower access to pointer ctx fields]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/e09299225d5ba3916c91ef70565f7d2187e4cca0 (6.17-rc1)
+CVE-2025-38590 [net/mlx5e: Remove skb secpath if xfrm state is not found]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/6d19c44b5c6dd72f9a357d0399604ec16a77de3c (6.17-rc1)
+CVE-2025-38589 [neighbour: Fix null-ptr-deref in neigh_flush_dev().]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/1bbb76a899486827394530916f01214d049931b3 (6.17-rc1)
+CVE-2025-38588 [ipv6: prevent infinite loop in rt6_nlmsg_size()]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/54e6fe9dd3b0e7c481c2228782c9494d653546da (6.17-rc1)
+CVE-2025-38587 [ipv6: fix possible infinite loop in fib6_info_uses_dev()]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f8d8ce1b515a0a6af72b30502670a406cfb75073 (6.17-rc1)
+CVE-2025-38586 [bpf, arm64: Fix fp initialization for exception boundary]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/b114fcee766d5101eada1aca7bb5fd0a86c89b35 (6.17-rc1)
+CVE-2025-38585 [staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ee4cf798202d285dcbe85e4467a094c44f5ed8e6 (6.17-rc1)
+CVE-2025-38584 [padata: Fix pd UAF once and for all]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/71203f68c7749609d7fc8ae6ad054bdedeb24f91 (6.17-rc1)
+CVE-2025-38583 [clk: xilinx: vcu: unregister pll_post only if registered correctly]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3b0abc443ac22f7d4f61ddbbbbc5dbb06c87139d (6.17-rc1)
+CVE-2025-38582 [RDMA/hns: Fix double destruction of rsv_qp]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c6957b95ecc5b63c5a4bb4ecc28af326cf8f6dc8 (6.17-rc1)
+CVE-2025-38581 [crypto: ccp - Fix crash when rebind ccp device for ccp.ko]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/181698af38d3f93381229ad89c09b5bd0496661a (6.17-rc1)
+CVE-2025-38580 [ext4: fix inode use after free in ext4_end_io_rsv_work()]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c678bdc998754589cea2e6afab9401d7d8312ac4 (6.17-rc1)
+CVE-2025-38579 [f2fs: fix KMSAN uninit-value in extent_info usage]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/154467f4ad033473e5c903a03e7b9bca7df9a0fa (6.17-rc1)
+CVE-2025-38578 [f2fs: fix to avoid UAF in f2fs_sync_inode_meta()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/7c30d79930132466f5be7d0b57add14d1a016bda (6.17-rc1)
+CVE-2025-38577 [f2fs: fix to avoid panic in f2fs_evict_inode]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/a509a55f8eecc8970b3980c6f06886bbff0e2f68 (6.17-rc1)
+CVE-2025-38576 [powerpc/eeh: Make EEH driver device hotplug safe]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/1010b4c012b0d78dfb9d3132b49aa2ef024a07a7 (6.17-rc1)
+CVE-2025-38574 [pptp: ensure minimal skb length in pptp_xmit()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/de9c4861fb42f0cd72da844c3c34f692d5895b7b (6.17-rc1)
+CVE-2025-38573 [spi: cs42l43: Property entry should be a null-terminated array]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ffcfd071eec7973e58c4ffff7da4cb0e9ca7b667 (6.17-rc1)
+CVE-2025-38572 [ipv6: reject malicious packets in ipv6_gso_segment()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/d45cf1e7d7180256e17c9ce88e32e8061a7887fe (6.17-rc1)
+CVE-2025-38571 [sunrpc: fix client side handling of tls alerts]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/cc5d59081fa26506d02de2127ab822f40d88bc5a (6.17-rc1)
+CVE-2025-38570 [eth: fbnic: unlink NAPIs from queues on error to open]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4b31bcb025cb497da2b01f87173108ff32d350d2 (6.17-rc1)
+CVE-2025-38569 [benet: fix BUG when creating VFs]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/5a40f8af2ba1b9bdf46e2db10e8c9710538fbc63 (6.17-rc1)
+CVE-2025-38568 [net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ffd2dc4c6c49ff4f1e5d34e454a6a55608104c17 (6.17-rc1)
+CVE-2025-38567 [nfsd: avoid ref leak in nfsd_open_local_fh()]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/e5a73150776f18547ee685c9f6bfafe549714899 (6.17-rc2)
+CVE-2025-38566 [sunrpc: fix handling of server side tls alerts]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/bee47cb026e762841f3faece47b51f985e215edb (6.17-rc2)
+CVE-2025-38565 [perf/core: Exit early on perf_mmap() fail]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/07091aade394f690e7b655578140ef84d0e8d7b0 (6.17-rc1)
+CVE-2025-38564 [perf/core: Handle buffer mapping fail correctly in perf_mmap()]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f74b9f4ba63ffdf597aaaa6cad7e284cb8e04820 (6.17-rc1)
+CVE-2025-38563 [perf/core: Prevent VMA split of buffer mappings]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/b024d7b56c77191cde544f838debb7f8451cd0d6 (6.17-rc1)
+CVE-2025-38562 [ksmbd: fix null pointer dereference error in generate_encryptionkey]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/9b493ab6f35178afd8d619800df9071992f715de (6.17-rc1)
+CVE-2025-38561 [ksmbd: fix Preauh_HashValue race condition]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/44a3059c4c8cc635a1fb2afd692d0730ca1ba4b6 (6.17-rc1)
+CVE-2025-38560 [x86/sev: Evict cache lines during SNP memory validation]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/7b306dfa326f70114312b320d083b21fa9481e1e (6.17-rc2)
+CVE-2025-38559 [platform/x86/intel/pmt: fix a crashlog NULL pointer access]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/54d5cd4719c5e87f33d271c9ac2e393147d934f8 (6.17-rc1)
+CVE-2025-38558 [usb: gadget: uvc: Initialize frame-based format color matching descriptor]
+	- linux <unfixed>
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/323a80a1a5ace319a722909c006d5bdb2a35d273 (6.17-rc1)
+CVE-2025-38557 [HID: apple: validate feature-report field count to prevent NULL pointer dereference]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/1bb3363da862e0464ec050eea2fb5472a36ad86b (6.17-rc1)
+CVE-2025-38556 [HID: core: Harden s32ton() against conversion to 0 bits]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd (6.17-rc1)
+CVE-2025-38555 [usb: gadget : fix use-after-free in composite_dev_cleanup()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/151c0aa896c47a4459e07fee7d4843f44c1bb18e (6.17-rc1)
+CVE-2025-38554 [mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9bbffee67ffd16360179327b57f3b1245579ef08 (6.17-rc1)
 CVE-2025-XXXX [imagemagick GHSA-9ccg-6pjw-x645]
 	- imagemagick <unfixed> (bug #1111586)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9ccg-6pjw-x645



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daf4950ecd243a93ccf7378ab5bb8774b7eaff8a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daf4950ecd243a93ccf7378ab5bb8774b7eaff8a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250819/2a147654/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list