[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 4 18:35:22 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a0d5f00c by Salvatore Bonaccorso at 2025-12-04T19:34:57+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,86 @@
+CVE-2025-40266 [KVM: arm64: Check the untrusted offset in FF-A memory share]
+	- linux 6.17.10-1
+	NOTE: https://git.kernel.org/linus/103e17aac09cdd358133f9e00998b75d6c1f1518 (6.18-rc6)
+CVE-2025-40265 [vfat: fix missing sb_min_blocksize() return value checks]
+	- linux 6.17.10-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/63b5aa01da0f38cdbd97d021477258e511631497 (6.18-rc7)
+CVE-2025-40264 [be2net: pass wrb_params in case of OS2BMC]
+	- linux 6.17.10-1
+	NOTE: https://git.kernel.org/linus/7d277a7a58578dd62fd546ddaef459ec24ccae36 (6.18-rc7)
+CVE-2025-40263 [Input: cros_ec_keyb - fix an invalid memory access]
+	- linux 6.17.10-1
+	NOTE: https://git.kernel.org/linus/e08969c4d65ac31297fcb4d31d4808c789152f68 (6.18-rc7)
+CVE-2025-40262 [Input: imx_sc_key - fix memory corruption on unload]
+	- linux 6.17.10-1
+	NOTE: https://git.kernel.org/linus/d83f1512758f4ef6fc5e83219fe7eeeb6b428ea4 (6.18-rc7)
+CVE-2025-40261 [nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl()]
+	- linux 6.17.10-1
+	NOTE: https://git.kernel.org/linus/0a2c5495b6d1ecb0fa18ef6631450f391a888256 (6.18-rc7)
+CVE-2025-40260 [sched_ext: Fix scx_enable() crash on helper kthread creation failure]
+	- linux 6.17.10-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/7b6216baae751369195fa3c83d434d23bcda406a (6.18-rc7)
+CVE-2025-40259 [scsi: sg: Do not sleep in atomic context]
+	- linux 6.17.10-1
+	NOTE: https://git.kernel.org/linus/90449f2d1e1f020835cba5417234636937dd657e (6.18-rc7)
+CVE-2025-40258 [mptcp: fix race condition in mptcp_schedule_work()]
+	- linux 6.17.10-1
+	NOTE: https://git.kernel.org/linus/035bca3f017ee9dea3a5a756e77a6f7138cc6eea (6.18-rc7)
+CVE-2025-40257 [mptcp: fix a race in mptcp_pm_del_add_timer()]
+	- linux 6.17.10-1
+	NOTE: https://git.kernel.org/linus/426358d9be7ce3518966422f87b96f1bad27295f (6.18-rc7)
+CVE-2025-40256 [xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added]
+	- linux 6.17.10-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/10deb69864840ccf96b00ac2ab3a2055c0c04721 (6.18-rc7)
+CVE-2025-40255 [net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower()]
+	- linux 6.17.10-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f796a8dec9beafcc0f6f0d3478ed685a15c5e062 (6.18-rc7)
+CVE-2025-40254 [net: openvswitch: remove never-working support for setting nsh fields]
+	- linux 6.17.10-1
+	NOTE: https://git.kernel.org/linus/dfe28c4167a9259fc0c372d9f9473e1ac95cff67 (6.18-rc7)
+CVE-2025-40253 [s390/ctcm: Fix double-kfree]
+	- linux 6.17.10-1
+	NOTE: https://git.kernel.org/linus/da02a1824884d6c84c5e5b5ac373b0c9e3288ec2 (6.18-rc7)
+CVE-2025-40252 [net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end()]
+	- linux 6.17.10-1
+	NOTE: https://git.kernel.org/linus/896f1a2493b59beb2b5ccdf990503dbb16cb2256 (6.18-rc7)
+CVE-2025-40251 [devlink: rate: Unset parent pointer in devl_rate_nodes_destroy]
+	- linux 6.17.10-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f94c1a114ac209977bdf5ca841b98424295ab1f0 (6.18-rc7)
+CVE-2025-40250 [net/mlx5: Clean up only new IRQ glue on request_irq() failure]
+	- linux 6.17.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d47515af6cccd7484d8b0870376858c9848a18ec (6.18-rc7)
+CVE-2025-40249 [gpio: cdev: make sure the cdev fd is still active before emitting events]
+	- linux 6.17.10-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d4cd0902c156b2ca60fdda8cd8b5bcb4b0e9ed64 (6.18-rc7)
+CVE-2025-40248 [vsock: Ignore signal/timeout on connect() if already established]
+	- linux 6.17.10-1
+	NOTE: https://git.kernel.org/linus/002541ef650b742a198e4be363881439bb9d86b4 (6.18-rc7)
+CVE-2025-40247 [drm/msm: Fix pgtable prealloc error path]
+	- linux 6.17.10-1
+	NOTE: https://git.kernel.org/linus/830d68f2cb8ab6fb798bb9555016709a9e012af0 (6.18-rc4)
+CVE-2025-40246 [xfs: fix out of bounds memory read error in symlink repair]
+	- linux 6.17.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/678e1cc2f482e0985a0613ab4a5bf89c497e5acc (6.18-rc7)
 CVE-2025-40245 [nios2: ensure that memblock.current_limit is set when setting pfn limits]
 	- linux 6.17.6-1
 	[trixie] - linux 6.12.57-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0d5f00c88c41c3f62005c923377fda74431d35d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0d5f00c88c41c3f62005c923377fda74431d35d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251204/362358a6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list