[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Dec 7 08:12:53 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1ea05362 by security tracker role at 2025-12-07T08:12:46+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,79 +1,89 @@
-CVE-2025-40289 [drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM]
+CVE-2025-14186 (A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. Th ...)
+	TODO: check
+CVE-2025-14185 (A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. ...)
+	TODO: check
+CVE-2025-14184 (A vulnerability was determined in SGAI Space1 NAS N1211DS up to 1.0.91 ...)
+	TODO: check
+CVE-2025-14183 (A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. Th ...)
+	TODO: check
+CVE-2025-14182 (A vulnerability has been found in Sobey Media Convergence System 2.0/2 ...)
+	TODO: check
+CVE-2025-40289 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.17.9-1
 	NOTE: https://git.kernel.org/linus/33cc891b56b93cad1a83263eaf2e417436f70c82 (6.18-rc2)
-CVE-2025-40288 [drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices]
+CVE-2025-40288 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.17.9-1
 	NOTE: https://git.kernel.org/linus/883f309add55060233bf11c1ea6947140372920f (6.18-rc2)
-CVE-2025-40287 [exfat: fix improper check of dentry.stream.valid_size]
+CVE-2025-40287 (In the Linux kernel, the following vulnerability has been resolved:  e ...)
 	- linux 6.17.9-1
 	NOTE: https://git.kernel.org/linus/82ebecdc74ff555daf70b811d854b1f32a296bea (6.18-rc2)
-CVE-2025-40286 [smb/server: fix possible memory leak in smb2_read()]
+CVE-2025-40286 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.17.9-1
 	NOTE: https://git.kernel.org/linus/6fced056d2cc8d01b326e6fcfabaacb9850b71a4 (6.18-rc2)
-CVE-2025-40285 [smb/server: fix possible refcount leak in smb2_sess_setup()]
+CVE-2025-40285 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.17.9-1
 	NOTE: https://git.kernel.org/linus/379510a815cb2e64eb0a379cb62295d6ade65df0 (6.18-rc2)
-CVE-2025-40284 [Bluetooth: MGMT: cancel mesh send timer when hdev removed]
+CVE-2025-40284 (In the Linux kernel, the following vulnerability has been resolved:  B ...)
 	- linux 6.17.9-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/55fb52ffdd62850d667ebed842815e072d3c9961 (6.18-rc6)
-CVE-2025-40283 [Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF]
+CVE-2025-40283 (In the Linux kernel, the following vulnerability has been resolved:  B ...)
 	- linux 6.17.9-1
 	NOTE: https://git.kernel.org/linus/23d22f2f71768034d6ef86168213843fc49bf550 (6.18-rc6)
-CVE-2025-40282 [Bluetooth: 6lowpan: reset link-local header on ipv6 recv path]
+CVE-2025-40282 (In the Linux kernel, the following vulnerability has been resolved:  B ...)
 	- linux 6.17.9-1
 	NOTE: https://git.kernel.org/linus/3b78f50918276ab28fb22eac9aa49401ac436a3b (6.18-rc6)
-CVE-2025-40281 [sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto]
+CVE-2025-40281 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.17.9-1
 	NOTE: https://git.kernel.org/linus/1534ff77757e44bcc4b98d0196bc5c0052fce5fa (6.18-rc6)
-CVE-2025-40280 [tipc: Fix use-after-free in tipc_mon_reinit_self().]
+CVE-2025-40280 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
 	- linux 6.17.9-1
 	NOTE: https://git.kernel.org/linus/0725e6afb55128be21a2ca36e9674f573ccec173 (6.18-rc6)
-CVE-2025-40279 [net: sched: act_connmark: initialize struct tc_ife to fix kernel leak]
+CVE-2025-40279 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.17.9-1
 	NOTE: https://git.kernel.org/linus/62b656e43eaeae445a39cd8021a4f47065af4389 (6.18-rc6)
-CVE-2025-40278 [net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak]
+CVE-2025-40278 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.17.9-1
 	NOTE: https://git.kernel.org/linus/ce50039be49eea9b4cd8873ca6eccded1b4a130a (6.18-rc6)
-CVE-2025-40277 [drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE]
+CVE-2025-40277 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.17.9-1
 	NOTE: https://git.kernel.org/linus/32b415a9dc2c212e809b7ebc2b14bc3fbda2b9af (6.18-rc6)
-CVE-2025-40276 [drm/panthor: Flush shmem writes before mapping buffers CPU-uncached]
+CVE-2025-40276 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.17.9-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/576c930e5e7dcb937648490611a83f1bf0171048 (6.18-rc6)
-CVE-2025-40275 [ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd]
+CVE-2025-40275 (In the Linux kernel, the following vulnerability has been resolved:  A ...)
 	- linux 6.17.9-1
 	NOTE: https://git.kernel.org/linus/632108ec072ad64c8c83db6e16a7efee29ebfb74 (6.18-rc6)
-CVE-2025-40274 [KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying]
+CVE-2025-40274 (In the Linux kernel, the following vulnerability has been resolved:  K ...)
 	- linux 6.17.9-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/ae431059e75d36170a5ae6b44cc4d06d43613215 (6.18-rc6)
-CVE-2025-40273 [NFSD: free copynotify stateid in nfs4_free_ol_stateid()]
+CVE-2025-40273 (In the Linux kernel, the following vulnerability has been resolved:  N ...)
 	- linux 6.17.9-1
 	NOTE: https://git.kernel.org/linus/4aa17144d5abc3c756883e3a010246f0dba8b468 (6.18-rc6)
-CVE-2025-40272 [mm/secretmem: fix use-after-free race in fault handler]
+CVE-2025-40272 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.17.9-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/6f86d0534fddfbd08687fa0f01479d4226bc3c3d (6.18-rc6)
-CVE-2025-40271 [fs/proc: fix uaf in proc_readdir_de()]
+CVE-2025-40271 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
 	- linux 6.17.9-1
 	NOTE: https://git.kernel.org/linus/895b4c0c79b092d732544011c3cecaf7322c36a1 (6.18-rc6)
-CVE-2025-40270 [mm, swap: fix potential UAF issue for VMA readahead]
+CVE-2025-40270 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.17.9-1
 	[trixie] - linux <not-affected> (Vulnerable code not present)
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/1c2a936edd71e133f2806e68324ec81a4eb07588 (6.18-rc6)
-CVE-2025-40269 [ALSA: usb-audio: Fix potential overflow of PCM transfer buffer]
+CVE-2025-40269 (In the Linux kernel, the following vulnerability has been resolved:  A ...)
 	- linux 6.17.9-1
 	NOTE: https://git.kernel.org/linus/05a1fc5efdd8560f34a3af39c9cf1e1526cc3ddf (6.18-rc6)
-CVE-2025-40268 [cifs: client: fix memory leak in smb3_fs_context_parse_param]
+CVE-2025-40268 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 6.17.9-1
 	NOTE: https://git.kernel.org/linus/e8c73eb7db0a498cd4b22d2819e6ab1a6f506bd6 (6.18-rc6)
-CVE-2025-40267 [io_uring/rw: ensure allocated iovec gets cleared for early failure]
+CVE-2025-40267 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 6.17.9-1
 	[trixie] - linux <not-affected> (Vulnerable code not present)
 	[bookworm] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ea053629920cb1190e724ec845a5cb64c57eff9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ea053629920cb1190e724ec845a5cb64c57eff9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251207/a3287222/attachment.htm>

More information about the debian-security-tracker-commits mailing list