[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Dec 8 07:03:23 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a4cd8c72 by Salvatore Bonaccorso at 2025-12-08T08:02:43+01:00
Merge Linux CVEs from kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,124 @@
+CVE-2023-53769 [virt/coco/sev-guest: Double-buffer messages]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/965006103a14703cc42043bbf9b5e0cdf7a468ad (6.4-rc1)
+CVE-2023-53768 [regmap-irq: Fix out-of-bounds access when allocating config buffers]
+ - linux 6.4.11-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/963b54df82b6d6206d7def273390bf3f7af558e1 (6.5-rc2)
+CVE-2023-53767 [wifi: ath12k: fix memory leak in ath12k_qmi_driver_event_work()]
+ - linux 6.3.7-1
+ NOTE: https://git.kernel.org/linus/960412bee0ea75f6b3c2dca4a3535795ee84c47a (6.4-rc1)
+CVE-2023-53766 [FS: JFS: Check for read-only mounted filesystem in txBegin]
+ - linux 6.4.11-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux 5.10.197-1
+ NOTE: https://git.kernel.org/linus/95e2b352c03b0a86c5717ba1d24ea20969abcacc (6.5-rc1)
+CVE-2023-53765 [dm cache: free background tracker's queued work in btracker_destroy]
+ - linux 6.1.20-1
+ NOTE: https://git.kernel.org/linus/95ab80a8a0fef2ce0cc494a306dd283948066ce7 (6.3-rc1)
+CVE-2023-53764 [wifi: ath12k: Handle lock during peer_id find]
+ - linux 6.3.7-1
+ NOTE: https://git.kernel.org/linus/95a389e2ff3212d866cc51c77d682d2934074eb8 (6.4-rc1)
+CVE-2023-53763 [Revert "f2fs: fix to do sanity check on extent cache correctly"]
+ - linux 6.5.3-1
+ [bookworm] - linux 6.1.55-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/958ccbbf1ce716d77c7cfa79ace50a421c1eed73 (6.6-rc1)
+CVE-2023-53762 [Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync]
+ - linux 6.5.3-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/94d9ba9f9888b748d4abd2aa1547af56ae85f772 (6.6-rc1)
+CVE-2023-53761 [USB: usbtmc: Fix direction for 0-length ioctl control messages]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/94d25e9128988c6a1fc9070f6e98215a95795bd8 (6.4-rc3)
+CVE-2023-53760 [scsi: ufs: core: mcq: Fix Description:hwq->cq_lock deadlock issue]
+ - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/948afc69615167a3c82430f99bfd046332b89912 (6.4-rc1)
+CVE-2023-53759 [HID: hidraw: fix data race on device refcount]
+ - linux 6.3.11-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/944ee77dc6ec7b0afd8ec70ffc418b238c92f12b (6.5-rc1)
+CVE-2023-53758 [spi: atmel-quadspi: Free resources even if runtime resume failed in .remove()]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9448bc1dee65f86c0fe64d9dea8b410af0586886 (6.4-rc1)
+CVE-2023-53757 [irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe]
+ - linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/9419e700021a393f67be36abd0c4f3acc6139041 (6.3-rc1)
+CVE-2023-53756 [KVM: VMX: Fix crash due to uninitialized current_vmcs]
+ - linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/93827a0a36396f2fd6368a54a020f420c8916e9b (6.3-rc1)
+CVE-2023-53755 [dmaengine: ptdma: check for null desc before calling pt_cmd_callback]
+ - linux 6.1.20-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/928469986171a6f763b34b039427f5667ba3fd50 (6.3-rc1)
+CVE-2023-53754 [scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup()]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/91a0c0c1413239d0548b5aac4c82f38f6d53a91e (6.4-rc1)
+CVE-2023-53753 [drm/amd/display: fix mapping to non-allocated address]
+ - linux 6.1.20-1
+ NOTE: https://git.kernel.org/linus/9190d4a263264eabf715f5fc1827da45e3fdc247 (6.3-rc1)
+CVE-2023-53752 [net: deal with integer overflows in kmalloc_reserve()]
+ - linux 6.5.3-1
+ [bookworm] - linux 6.1.55-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/915d975b2ffa58a14bfcf16fafe00c41315949ff (6.6-rc1)
+CVE-2023-53751 [cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ NOTE: https://git.kernel.org/linus/90c49fce1c43e1cc152695e20363ff5087897c09 (6.4-rc1)
+CVE-2023-53750 [pinctrl: freescale: Fix a memory out of bounds when num_configs is 1]
+ - linux 6.4.4-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9063777ca1e2e895c5fdd493ee0c3f18fa710ed4 (6.5-rc1)
+CVE-2023-53749 [x86: fix clear_user_rep_good() exception handling annotation]
+ - linux 6.4.4-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/d2c95f9d6802cc518d71d9795f4d9da54fb4e24d (6.4-rc1)
+CVE-2023-53748 [media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ NOTE: https://git.kernel.org/linus/8fbcf730cb89c3647f3365226fe7014118fa93c7 (6.4-rc1)
+CVE-2023-53747 [vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/8fb9ea65c9d1338b0d2bb0a9122dc942cdd32357 (6.4-rc3)
+CVE-2023-53746 [s390/vfio-ap: fix memory leak in vfio_ap device driver]
+ - linux 6.1.25-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/8f8cf767589f2131ae5d40f3758429095c701c84 (6.3-rc5)
+CVE-2023-53745 [um: vector: Fix memory leak in vector_config]
+ - linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/8f88c73afe481f93d40801596927e8c0047b6d96 (6.3-rc1)
+CVE-2023-53744 [soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/8f3c307b580a4a6425896007325bddefc36e8d91 (6.4-rc1)
+CVE-2023-53743 [PCI: Free released resource after coalescing]
+ - linux 6.5.3-1
+ [bookworm] - linux 6.1.55-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/8ec9c1d5d0a5a4744516adb483b97a238892f9d5 (6.6-rc1)
+CVE-2023-53742 [kcsan: Avoid READ_ONCE() in read_instrumented_memory()]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ NOTE: https://git.kernel.org/linus/8dec88070d964bfeb4198f34cb5956d89dd1f557 (6.4-rc1)
CVE-2022-50630 [mm: hugetlb: fix UAF in hugetlb_handle_userfault]
- linux 6.0.3-1
[bullseye] - linux 5.10.158-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4cd8c7201ade4fd80c068a378b14d631b5ebd41
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4cd8c7201ade4fd80c068a378b14d631b5ebd41
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251208/49a98493/attachment.htm>
More information about the debian-security-tracker-commits
mailing list