[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 9 05:07:24 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8cd0dc49 by Salvatore Bonaccorso at 2025-12-09T06:06:06+01:00
Merge Linux CVEs from kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,296 @@
+CVE-2023-53819 [amdgpu: validate offset_in_bo of drm_amdgpu_gem_va]
+ - linux 6.4.4-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/9f0bcf49e9895cb005d78b33a5eebfa11711b425 (6.5-rc1)
+CVE-2023-53818 [ARM: zynq: Fix refcount leak in zynq_early_slcr_init]
+ - linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/9eedb910a3be0005b88c696a8552c0d4c9937cd4 (6.3-rc1)
+CVE-2023-53817 [crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()]
+ - linux 6.5.6-1
+ [bookworm] - linux 6.1.55-1
+ [bullseye] - linux 5.10.197-1
+ NOTE: https://git.kernel.org/linus/9e47a758b70167c9301d2b44d2569f86c7796f2d (6.6-rc1)
+CVE-2023-53816 [drm/amdkfd: fix potential kgd_mem UAFs]
+ - linux 6.1.25-1
+ NOTE: https://git.kernel.org/linus/9da050b0d9e04439d225a2ec3044af70cdfb3933 (6.3-rc3)
+CVE-2023-53815 [posix-timers: Prevent RT livelock in itimer_delete()]
+ - linux 6.4.4-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/9d9e522010eb5685d8b53e8a24320653d9d4cbbf (6.5-rc1)
+CVE-2023-53814 [PCI: Fix dropping valid root bus resources with .end = zero]
+ - linux 6.1.20-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9d8ba74a181b1c81def21168795ed96cbe6f05ed (6.3-rc1)
+CVE-2023-53813 [ext4: fix rbtree traversal bug in ext4_mb_use_preallocated]
+ - linux 6.4.11-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9d3de7ee192a6a253f475197fe4d2e2af10a731f (6.5-rc3)
+CVE-2023-53812 [media: mediatek: vcodec: fix decoder disable pm crash]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9d2f13fb47dcab6d094f34ecfd6a879a409722b3 (6.4-rc1)
+CVE-2023-53811 [RDMA/irdma: Cap MSIX used to online CPUs + 1]
+ - linux 6.1.20-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9cd9842c46996ef62173c36619c746f57416bcb0 (6.3-rc1)
+CVE-2023-53810 [blk-mq: release crypto keyslot before reporting I/O complete]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/9cd1e566676bbcb8a126acd921e4e194e6339603 (6.4-rc1)
+CVE-2023-53809 [l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register()]
+ - linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/9ca5e7ecab064f1f47da07f7c1ddf40e4bc0e5ac (6.3-rc1)
+CVE-2023-53808 [wifi: mwifiex: fix memory leak in mwifiex_histogram_read()]
+ - linux 6.5.3-1
+ [bookworm] - linux 6.1.55-1
+ [bullseye] - linux 5.10.197-1
+ NOTE: https://git.kernel.org/linus/9c8fd72a5c2a031cbc680a2990107ecd958ffcdb (6.6-rc1)
+CVE-2023-53807 [clk: clocking-wizard: Fix Oops in clk_wzrd_register_divider()]
+ - linux 6.4.4-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9c632a6396505a019ea6d12b5ab45e659a542a93 (6.5-rc1)
+CVE-2023-53806 [drm/amd/display: populate subvp cmd info only for the top pipe]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ NOTE: https://git.kernel.org/linus/9bb10b7aaec3b6278f9cc410c17dcaa129bbbbf0 (6.4-rc1)
+CVE-2023-53805 [tty: n_gsm: fix UAF in gsm_cleanup_mux]
+ - linux 6.4.11-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/9b9c8195f3f0d74a826077fc1c01b9ee74907239 (6.5-rc4)
+CVE-2023-53804 [nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/9b5a04ac3ad9898c4745cba46ea26de74ba56a8e (6.4-rc3)
+CVE-2023-53803 [scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()]
+ - linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/9b4f5028e493cb353a5c8f5c45073eeea0303abd (6.3-rc1)
+CVE-2023-53802 [wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function]
+ - linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/9b25e3985477ac3f02eca5fc1e0cc6850a3f7e69 (6.3-rc1)
+CVE-2023-53801 [iommu/sprd: Release dma buffer to avoid memory leak]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.82-1
+ NOTE: https://git.kernel.org/linus/9afea57384d4ae7b2034593eac7fa76c7122762a (6.4-rc1)
+CVE-2023-53800 [ubi: Fix use-after-free when volume resizing failed]
+ - linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/9af31d6ec1a4be4caab2550096c6bd2ba8fba472 (6.3-rc1)
+CVE-2023-53799 [crypto: api - Use work queue in crypto_destroy_instance]
+ - linux 6.5.3-1
+ [bookworm] - linux 6.1.55-1
+ [bullseye] - linux 5.10.197-1
+ NOTE: https://git.kernel.org/linus/9ae4577bc077a7e32c3c7d442c95bc76865c0f17 (6.6-rc1)
+CVE-2023-53798 [ethtool: Fix uninitialized number of lanes]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9ad685dbfe7e856bbf17a7177b64676d324d6ed7 (6.4-rc1)
+CVE-2023-53797 [HID: wacom: Use ktime_t rather than int when dealing with timestamps]
+ - linux 6.3.11-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/9a6c0e28e215535b2938c61ded54603b4e5814c5 (6.5-rc1)
+CVE-2023-53796 [f2fs: fix information leak in f2fs_move_inline_dirents()]
+ - linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/9a5571cff4ffcfc24847df9fd545cc5799ac0ee5 (6.3-rc1)
+CVE-2023-53795 [iommufd: IOMMUFD_DESTROY should not increase the refcount]
+ - linux 6.4.11-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/99f98a7c0d6985d5507c8130a981972e4b7b3bdc (6.5-rc4)
+CVE-2023-53794 [cifs: fix session state check in reconnect to avoid use-after-free issue]
+ - linux 6.4.13-1
+ [bookworm] - linux 6.1.52-1
+ NOTE: https://git.kernel.org/linus/99f280700b4cc02d5f141b8d15f8e9fad0418f65 (6.5-rc1)
+CVE-2023-53793 [perf tool x86: Fix perf_env memory leak]
+ - linux 6.4.4-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/99d4850062a84564f36923764bb93935ef2ed108 (6.5-rc1)
+CVE-2023-53792 [nvme-core: fix memory leak in dhchap_ctrl_secret]
+ - linux 6.4.4-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/99c2dcc8ffc24e210a3aa05c204d92f3ef460b05 (6.5-rc1)
+CVE-2023-53791 [md: fix warning for holder mismatch from export_rdev()]
+ - linux 6.5.6-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/99892147f028d711f9d40fefad4f33632593864c (6.6-rc2)
+CVE-2023-53790 [bpf: Zeroing allocated object from slab in bpf memory allocator]
+ - linux 6.1.20-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/997849c4b969034e225153f41026657def66d286 (6.3-rc1)
+CVE-2023-53789 [iommu/amd: Improve page fault error reporting]
+ - linux 6.1.20-1
+ NOTE: https://git.kernel.org/linus/996d120b4de2b0d6b592bd9fbbe6e244b81ab3cc (6.3-rc1)
+CVE-2023-53788 [ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()]
+ - linux 6.1.25-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/98e5eb110095ec77cb6d775051d181edbf9cd3cf (6.3-rc3)
+CVE-2023-53787 [regulator: da9063: fix null pointer deref with partial DT config]
+ - linux 6.4.11-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/98e2dd5f7a8be5cb2501a897e96910393a49f0ff (6.5-rc3)
+CVE-2023-53786 [dm flakey: fix a crash with invalid table line]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/98dba02d9a93eec11bffbb93c7c51624290702d2 (6.4-rc1)
+CVE-2023-53785 [mt76: mt7921: don't assume adequate headroom for SDIO headers]
+ - linux 6.5.6-1
+ [bookworm] - linux 6.1.55-1
+ NOTE: https://git.kernel.org/linus/98c4d0abf5c478db1ad126ff0c187dbb84c0803c (6.6-rc1)
+CVE-2023-53784 [drm: bridge: dw_hdmi: fix connector access for scdc]
+ - linux 6.4.11-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/98703e4e061fb8715c7613cd227e32cdfd136b23 (6.5-rc2)
+CVE-2023-53783 [blk-iocost: fix divide by 0 error in calc_lcoefs()]
+ - linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/984af1e66b4126cf145153661cc24c213e2ec231 (6.3-rc1)
+CVE-2023-53782 [dccp: Fix out of bounds access in DCCP error handler]
+ - linux 6.5.3-1
+ [bookworm] - linux 6.1.55-1
+ [bullseye] - linux 5.10.197-1
+ NOTE: https://git.kernel.org/linus/977ad86c2a1bcaf58f01ab98df5cc145083c489c (6.6-rc1)
+CVE-2023-53781 [smc: Fix use-after-free in tcp_write_timer_handler().]
+ - linux 6.3.7-1
+ NOTE: https://git.kernel.org/linus/9744d2bf19762703704ecba885b7ac282c02eacf (6.3-rc7)
+CVE-2023-53780 [drm/amd/display: fix FCLK pstate change underflow]
+ - linux 6.1.20-1
+ NOTE: https://git.kernel.org/linus/972243f973eb0821084e5833d5f7f4ed025f42da (6.3-rc1)
+CVE-2023-53779 [mfd: dln2: Fix memory leak in dln2_probe()]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/96da8f148396329ba769246cb8ceaa35f1ddfc48 (6.4-rc1)
+CVE-2023-53778 [accel/qaic: Clean up integer overflow checking in map_user_pages()]
+ - linux 6.4.13-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/96d3c1cadedb6ae2e8965e19cd12caa244afbd9c (6.5-rc7)
+CVE-2023-53777 [erofs: kill hooked chains to avoid loops on deduplicated compressed images]
+ - linux 6.4.4-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/967c28b23f6c89bb8eef6a046ea88afe0d7c1029 (6.5-rc1)
+CVE-2022-50656 [nfc: pn533: Clear nfc_target before being used]
+ - linux 6.1.4-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/9f28157778ede0d4f183f7ab3b46995bb400abbe (6.2-rc1)
+CVE-2022-50655 [ppp: associate skb with a device at tx]
+ - linux 6.1.4-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/9f225444467b98579cf28d94f4ad053460dfdb84 (6.2-rc1)
+CVE-2022-50654 [bpf: Fix panic due to wrong pageattr of im->image]
+ - linux 6.1.7-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9ed1d9aeef5842ecacb660fce933613b58af1e00 (6.2-rc3)
+CVE-2022-50653 [mmc: atmel-mci: fix return value check of mmc_add_host()]
+ - linux 6.1.4-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/9e6e8c43726673ca2abcaac87640b9215fd72f4c (6.2-rc1)
+CVE-2022-50652 [uio: uio_dmem_genirq: Fix missing unlock in irq configuration]
+ - linux 6.1.4-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/9de255c461d1b3f0242b3ad1450c3323a3e00b34 (6.2-rc1)
+CVE-2022-50651 [ethtool: eeprom: fix null-deref on genl_info in dump]
+ - linux 6.0.7-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9d9effca9d7d7cf6341182a7c5cabcbd6fa28063 (6.1-rc3)
+CVE-2022-50650 [bpf: Fix reference state management for synchronous callbacks]
+ - linux 6.0.3-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9d9d00ac29d0ef7ce426964de46fa6b380357d0a (6.1-rc1)
+CVE-2022-50649 [power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type()]
+ - linux 6.0.3-1
+ [bullseye] - linux 5.10.158-1
+ NOTE: https://git.kernel.org/linus/9d47e01b9d807808224347935562f7043a358054 (6.1-rc1)
+CVE-2022-50648 [ftrace: Fix recursive locking direct_mutex in ftrace_modify_direct_caller]
+ - linux 6.0.3-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9d2ce78ddcee159eb6a97449e9c68b6d60b9cec4 (6.1-rc1)
+CVE-2022-50647 [RISC-V: Make port I/O string accessors actually work]
+ - linux 6.0.3-1
+ [bullseye] - linux 5.10.158-1
+ NOTE: https://git.kernel.org/linus/9cc205e3c17d5716da7ebb7fa0c985555e95d009 (6.1-rc1)
+CVE-2022-50646 [scsi: hpsa: Fix possible memory leak in hpsa_init_one()]
+ - linux 6.1.4-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/9c9ff300e0de07475796495d86f449340d454a0c (6.2-rc1)
+CVE-2022-50645 [EDAC/i10nm: fix refcount leak in pci_get_dev_wrapper()]
+ - linux 6.1.4-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/9c8921555907f4d723f01ed2d859b66f2d14f08e (6.2-rc1)
+CVE-2022-50644 [clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe]
+ - linux 6.0.3-1
+ [bullseye] - linux 5.10.158-1
+ NOTE: https://git.kernel.org/linus/9c59a01caba26ec06fefd6ca1f22d5fd1de57d63 (6.1-rc1)
+CVE-2022-50643 [cifs: Fix xid leak in cifs_copy_file_range()]
+ - linux 6.0.6-1
+ [bullseye] - linux 5.10.158-1
+ NOTE: https://git.kernel.org/linus/9a97df404a402fe1174d2d1119f87ff2a0ca2fe9 (6.1-rc2)
+CVE-2022-50642 [platform/chrome: cros_ec_typec: zero out stale pointers]
+ - linux 6.1.4-1
+ NOTE: https://git.kernel.org/linus/9a8aadcf0b459c1257b9477fd6402e1d5952ae07 (6.2-rc1)
+CVE-2022-50641 [HSI: omap_ssi: Fix refcount leak in ssi_probe]
+ - linux 6.0.3-1
+ [bullseye] - linux 5.10.158-1
+ NOTE: https://git.kernel.org/linus/9a2ea132df860177b33c9fd421b26c4e9a0a9396 (6.1-rc1)
+CVE-2022-50640 [mmc: core: Fix kernel panic when remove non-standard SDIO card]
+ - linux 6.0.7-1
+ [bullseye] - linux 5.10.158-1
+ NOTE: https://git.kernel.org/linus/9972e6b404884adae9eec7463e30d9b3c9a70b18 (6.1-rc3)
+CVE-2022-50639 [io-wq: Fix memory leak in worker creation]
+ - linux 6.0.5-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/996d3efeb091c503afd3ee6b5e20eabf446fd955 (6.1-rc2)
+CVE-2022-50638 [ext4: fix bug_on in __es_tree_search caused by bad boot loader inode]
+ - linux 6.1.4-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/991ed014de0840c5dc405b679168924afb2952ac (6.2-rc1)
+CVE-2022-50637 [cpufreq: qcom-hw: Fix memory leak in qcom_cpufreq_hw_read_lut()]
+ - linux 6.1.4-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/9901c21bcaf2f01fe5078f750d624f4ddfa8f81b (6.2-rc1)
+CVE-2022-50636 [PCI: Fix pci_device_is_present() for VFs by checking PF]
+ - linux 6.1.4-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/98b04dd0b4577894520493d96bc4623387767445 (6.2-rc1)
+CVE-2022-50635 [powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe()]
+ - linux 6.0.3-1
+ NOTE: https://git.kernel.org/linus/97f88a3d723162781d6cbfdc7b9617eefab55b19 (6.1-rc1)
+CVE-2022-50634 [power: supply: cw2015: Fix potential null-ptr-deref in cw_bat_probe()]
+ - linux 6.1.4-1
+ NOTE: https://git.kernel.org/linus/97f2b4ddb0aa700d673691a7d5e44d226d22bab7 (6.2-rc1)
+CVE-2022-50633 [usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init]
+ - linux 6.1.4-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/97a48da1619ba6bd42a0e5da0a03aa490a9496b1 (6.2-rc1)
+CVE-2022-50632 [drivers: perf: marvell_cn10k: Fix hotplug callback leak in tad_pmu_init()]
+ - linux 6.1.4-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/973ae93d80d9d262f695eb485a1902b74c4b9098 (6.2-rc1)
+CVE-2022-50631 [RISC-V: kexec: Fix memory leak of fdt buffer]
+ - linux 6.1.4-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/96df59b1ae23f5c11698c3c2159aeb2ecd4944a4 (6.2-rc1)
CVE-2025-62408 [Use after free due to connection being cleaned up after error]
- c-ares 1.34.6-1
[bookworm] - c-ares <not-affected> (Vulnerable code introduced later)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cd0dc4923a64177eac494130307fbd501e9e7a2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cd0dc4923a64177eac494130307fbd501e9e7a2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251209/f09a1607/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list