[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Dec 7 06:10:50 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
469f3835 by Salvatore Bonaccorso at 2025-12-07T07:10:07+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,84 @@
+CVE-2025-40289 [drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM]
+	- linux 6.17.9-1
+	NOTE: https://git.kernel.org/linus/33cc891b56b93cad1a83263eaf2e417436f70c82 (6.18-rc2)
+CVE-2025-40288 [drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices]
+	- linux 6.17.9-1
+	NOTE: https://git.kernel.org/linus/883f309add55060233bf11c1ea6947140372920f (6.18-rc2)
+CVE-2025-40287 [exfat: fix improper check of dentry.stream.valid_size]
+	- linux 6.17.9-1
+	NOTE: https://git.kernel.org/linus/82ebecdc74ff555daf70b811d854b1f32a296bea (6.18-rc2)
+CVE-2025-40286 [smb/server: fix possible memory leak in smb2_read()]
+	- linux 6.17.9-1
+	NOTE: https://git.kernel.org/linus/6fced056d2cc8d01b326e6fcfabaacb9850b71a4 (6.18-rc2)
+CVE-2025-40285 [smb/server: fix possible refcount leak in smb2_sess_setup()]
+	- linux 6.17.9-1
+	NOTE: https://git.kernel.org/linus/379510a815cb2e64eb0a379cb62295d6ade65df0 (6.18-rc2)
+CVE-2025-40284 [Bluetooth: MGMT: cancel mesh send timer when hdev removed]
+	- linux 6.17.9-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/55fb52ffdd62850d667ebed842815e072d3c9961 (6.18-rc6)
+CVE-2025-40283 [Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF]
+	- linux 6.17.9-1
+	NOTE: https://git.kernel.org/linus/23d22f2f71768034d6ef86168213843fc49bf550 (6.18-rc6)
+CVE-2025-40282 [Bluetooth: 6lowpan: reset link-local header on ipv6 recv path]
+	- linux 6.17.9-1
+	NOTE: https://git.kernel.org/linus/3b78f50918276ab28fb22eac9aa49401ac436a3b (6.18-rc6)
+CVE-2025-40281 [sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto]
+	- linux 6.17.9-1
+	NOTE: https://git.kernel.org/linus/1534ff77757e44bcc4b98d0196bc5c0052fce5fa (6.18-rc6)
+CVE-2025-40280 [tipc: Fix use-after-free in tipc_mon_reinit_self().]
+	- linux 6.17.9-1
+	NOTE: https://git.kernel.org/linus/0725e6afb55128be21a2ca36e9674f573ccec173 (6.18-rc6)
+CVE-2025-40279 [net: sched: act_connmark: initialize struct tc_ife to fix kernel leak]
+	- linux 6.17.9-1
+	NOTE: https://git.kernel.org/linus/62b656e43eaeae445a39cd8021a4f47065af4389 (6.18-rc6)
+CVE-2025-40278 [net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak]
+	- linux 6.17.9-1
+	NOTE: https://git.kernel.org/linus/ce50039be49eea9b4cd8873ca6eccded1b4a130a (6.18-rc6)
+CVE-2025-40277 [drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE]
+	- linux 6.17.9-1
+	NOTE: https://git.kernel.org/linus/32b415a9dc2c212e809b7ebc2b14bc3fbda2b9af (6.18-rc6)
+CVE-2025-40276 [drm/panthor: Flush shmem writes before mapping buffers CPU-uncached]
+	- linux 6.17.9-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/576c930e5e7dcb937648490611a83f1bf0171048 (6.18-rc6)
+CVE-2025-40275 [ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd]
+	- linux 6.17.9-1
+	NOTE: https://git.kernel.org/linus/632108ec072ad64c8c83db6e16a7efee29ebfb74 (6.18-rc6)
+CVE-2025-40274 [KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying]
+	- linux 6.17.9-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ae431059e75d36170a5ae6b44cc4d06d43613215 (6.18-rc6)
+CVE-2025-40273 [NFSD: free copynotify stateid in nfs4_free_ol_stateid()]
+	- linux 6.17.9-1
+	NOTE: https://git.kernel.org/linus/4aa17144d5abc3c756883e3a010246f0dba8b468 (6.18-rc6)
+CVE-2025-40272 [mm/secretmem: fix use-after-free race in fault handler]
+	- linux 6.17.9-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/6f86d0534fddfbd08687fa0f01479d4226bc3c3d (6.18-rc6)
+CVE-2025-40271 [fs/proc: fix uaf in proc_readdir_de()]
+	- linux 6.17.9-1
+	NOTE: https://git.kernel.org/linus/895b4c0c79b092d732544011c3cecaf7322c36a1 (6.18-rc6)
+CVE-2025-40270 [mm, swap: fix potential UAF issue for VMA readahead]
+	- linux 6.17.9-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/1c2a936edd71e133f2806e68324ec81a4eb07588 (6.18-rc6)
+CVE-2025-40269 [ALSA: usb-audio: Fix potential overflow of PCM transfer buffer]
+	- linux 6.17.9-1
+	NOTE: https://git.kernel.org/linus/05a1fc5efdd8560f34a3af39c9cf1e1526cc3ddf (6.18-rc6)
+CVE-2025-40268 [cifs: client: fix memory leak in smb3_fs_context_parse_param]
+	- linux 6.17.9-1
+	NOTE: https://git.kernel.org/linus/e8c73eb7db0a498cd4b22d2819e6ab1a6f506bd6 (6.18-rc6)
+CVE-2025-40267 [io_uring/rw: ensure allocated iovec gets cleared for early failure]
+	- linux 6.17.9-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d3c9c213c0b86ac5dd8fe2c53c24db20f1f510bc (6.18-rc6)
 CVE-2025-14141 (A flaw has been found in UTT \u8fdb\u53d6 520W 1.7.7-180627. The impac ...)
 	NOT-FOR-US: UTT
 CVE-2025-14140 (A vulnerability was detected in UTT \u8fdb\u53d6 520W 1.7.7-180627. Th ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/469f38357e85ddec855ef5f44eaf23749861ea8c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/469f38357e85ddec855ef5f44eaf23749861ea8c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251207/3b9eaa98/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list