[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Mon Dec 8 04:54:41 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b033bfac by Salvatore Bonaccorso at 2025-12-08T05:53:47+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,135 @@
+CVE-2025-40326 [NFSD: Define actions for the new time_deleg FATTR4 attributes]
+	- linux 6.17.8-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4f76435fd517981f01608678c06ad9718a86ee98 (6.18-rc4)
+CVE-2025-40324 [NFSD: Fix crash in nfsd4_read_release()]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/abb1f08a2121dd270193746e43b2a9373db9ad84 (6.18-rc4)
+CVE-2025-40323 [fbcon: Set fb_display[i]->mode to NULL when the mode is released]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/a1f3058930745d2b938b6b4f5bd9630dc74b26b7 (6.18-rc4)
+CVE-2025-40322 [fbdev: bitblit: bound-check glyph index in bit_putcs*]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/18c4ef4e765a798b47980555ed665d78b71aeadf (6.18-rc4)
+CVE-2025-40321 [wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/3776c685ebe5f43e9060af06872661de55e80b9a (6.18-rc4)
+CVE-2025-40320 [smb: client: fix potential cfid UAF in smb2_query_info_compound]
+	- linux 6.17.8-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/5c76f9961c170552c1d07c830b5e145475151600 (6.18-rc4)
+CVE-2025-40319 [bpf: Sync pending IRQ work before freeing ring buffer]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/4e9077638301816a7d73fa1e1b4c1db4a7e3b59c (6.18-rc4)
+CVE-2025-40318 [Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once]
+	- linux 6.17.8-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/09b0cd1297b4dbfe736aeaa0ceeab2265f47f772 (6.18-rc4)
+CVE-2025-40317 [regmap: slimbus: fix bus_context pointer in regmap init calls]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/434f7349a1f00618a620b316f091bd13a12bc8d2 (6.18-rc4)
+CVE-2025-40316 [drm/mediatek: Fix device use-after-free on unbind]
+	- linux 6.17.8-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/926d002e6d7e2f1fd5c1b53cf6208153ee7d380d (6.18-rc4)
+CVE-2025-40315 [usb: gadget: f_fs: Fix epfile null pointer access after ep enable.]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/cfd6f1a7b42f62523c96d9703ef32b0dbc495ba4 (6.18-rc1)
+CVE-2025-40314 [usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/87c5ff5615dc0a37167e8faf3adeeddc6f1344a3 (6.18-rc1)
+CVE-2025-40313 [ntfs3: pretend $Extend records as regular files]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/4e8011ffec79717e5fdac43a7e79faf811a384b7 (6.18-rc1)
+CVE-2025-40312 [jfs: Verify inode mode when loading from disk]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/7a5aa54fba2bd591b22b9b624e6baa9037276986 (6.18-rc1)
+CVE-2025-40311 [accel/habanalabs: support mapping cb with vmalloc-backed coherent memory]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/513024d5a0e34fd34247043f1876b6138ca52847 (6.18-rc1)
+CVE-2025-40310 [amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/99d7181bca34e96fbf61bdb6844918bdd4df2814 (6.18-rc1)
+CVE-2025-40309 [Bluetooth: SCO: Fix UAF on sco_conn_free]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/ecb9a843be4d6fd710d7026e359f21015a062572 (6.18-rc1)
+CVE-2025-40308 [Bluetooth: bcsp: receive data only if registered]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/ca94b2b036c22556c3a66f1b80f490882deef7a6 (6.18-rc1)
+CVE-2025-40307 [exfat: validate cluster allocation bits of the allocation bitmap]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/79c1587b6cda74deb0c86fc7ba194b92958c793c (6.18-rc1)
+CVE-2025-40306 [orangefs: fix xattr related buffer overflow...]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/025e880759c279ec64d0f754fe65bf45961da864 (6.18-rc1)
+CVE-2025-40305 [9p/trans_fd: p9_fd_request: kick rx thread if EPOLLIN]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/e8fe3f07a357c39d429e02ca34f740692d88967a (6.18-rc1)
+CVE-2025-40304 [fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/3637d34b35b287ab830e66048841ace404382b67 (6.18-rc1)
+CVE-2025-40303 [btrfs: ensure no dirty metadata is written back for an fs with errors]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/2618849f31e7cf51fadd4a5242458501a6d5b315 (6.18-rc5)
+CVE-2025-40302 [media: videobuf2: forbid remove_bufs when legacy fileio is active]
+	- linux 6.17.8-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/27afd6e066cfd80ddbe22a4a11b99174ac89cced (6.18-rc5)
+CVE-2025-40301 [Bluetooth: hci_event: validate skb length for unknown CC opcode]
+	- linux 6.17.8-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/5c5f1f64681cc889d9b13e4a61285e9e029d6ab5 (6.18-rc5)
+CVE-2025-40299 [gve: Implement gettimex64 with -EOPNOTSUPP]
+	- linux 6.17.8-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/6ab753b5d8e521616cd9bd10b09891cbeb7e0235 (6.18-rc5)
+CVE-2025-40298 [gve: Implement settime64 with -EOPNOTSUPP]
+	- linux 6.17.8-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/329d050bbe63c2999f657cf2d3855be11a473745 (6.18-rc5)
+CVE-2025-40297 [net: bridge: fix use-after-free due to MST port state bypass]
+	- linux 6.17.8-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8dca36978aa80bab9d4da130c211db75c9e00048 (6.18-rc5)
+CVE-2025-40296 [platform/x86: int3472: Fix double free of GPIO device during unregister]
+	- linux 6.17.8-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f0f7a3f542c1698edb69075f25a3f846207facba (6.18-rc5)
+CVE-2025-40295 [fscrypt: fix left shift underflow when inode->i_blkbits > PAGE_SHIFT]
+	- linux 6.17.8-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/1e39da974ce621ed874c6d3aaf65ad14848c9f0d (6.18-rc5)
+CVE-2025-40294 [Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern()]
+	- linux 6.17.8-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8d59fba49362c65332395789fd82771f1028d87e (6.18-rc5)
+CVE-2025-40293 [iommufd: Don't overflow during division for dirty tracking]
+	- linux 6.17.8-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/cb30dfa75d55eced379a42fd67bd5fb7ec38555e (6.18-rc5)
+CVE-2025-40292 [virtio-net: fix received length check in big packets]
+	- linux 6.17.8-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/0c716703965ffc5ef4311b65cb5d84a703784717 (6.18-rc5)
+CVE-2025-40291 [io_uring: fix regbuf vector size truncation]
+	- linux 6.17.8-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/146eb58629f45f8297e83d69e64d4eea4b28d972 (6.18-rc5)
 CVE-2025-40290 [xsk: avoid data corruption on cq descriptor number]
 	- linux 6.17.11-1 (bug #1118437)
 	[trixie] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b033bfac772238ef6d743559a1c9caa35e7b249d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b033bfac772238ef6d743559a1c9caa35e7b249d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251208/e0e7d870/attachment.htm>
