[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 9 07:47:34 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
83c2ab22 by Salvatore Bonaccorso at 2025-12-09T08:47:06+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,68 @@
+CVE-2025-40344 [ASoC: Intel: avs: Disable periods-elapsed work when closing PCM]
+	- linux 6.17.8-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/845f716dc5f354c719f6fda35048b6c2eca99331 (6.18-rc4)
+CVE-2025-40343 [nvmet-fc: avoid scheduling association deletion twice]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/f2537be4f8421f6495edfa0bc284d722f253841d (6.18-rc1)
+CVE-2025-40342 [nvme-fc: use lock accessing port_state and rport state]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/891cdbb162ccdb079cd5228ae43bdeebce8597ad (6.18-rc1)
+CVE-2025-40341 [futex: Don't leak robust_list pointer on exec race]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/6b54082c3ed4dc9821cdf0edb17302355cc5bb45 (6.18-rc1)
+CVE-2025-40340 [drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test.]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/1cda3c755bb7770be07d75949bb0f45fb88651f6 (6.18-rc1)
+CVE-2025-40339 [drm/amdgpu: fix nullptr err of vm_handle_moved]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/859958a7faefe5b7742b7b8cdbc170713d4bf158 (6.18-rc1)
+CVE-2025-40338 [ASoC: Intel: avs: Do not share the name pointer between components]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/4dee5c1cc439b0d5ef87f741518268ad6a95b23d (6.18-rc1)
+CVE-2025-40337 [net: stmmac: Correctly handle Rx checksum offload errors]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/ee0aace5f844ef59335148875d05bec8764e71e8 (6.18-rc1)
+CVE-2025-40336 [drm/gpusvm: fix hmm_pfn_to_map_order() usage]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/c50729c68aaf93611c855752b00e49ce1fdd1558 (6.18-rc1)
+CVE-2025-40335 [drm/amdgpu: validate userq input args]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/219be4711a1ba788bc2a9fafc117139d133e5fea (6.18-rc1)
+CVE-2025-40334 [drm/amdgpu: validate userq buffer virtual address and size]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/9e46b8bb0539d7bc9a9e7b3072fa4f6082490392 (6.18-rc1)
+CVE-2025-40333 [f2fs: fix infinite loop in __insert_extent_tree()]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/23361bd54966b437e1ed3eb1a704572f4b279e58 (6.18-rc1)
+CVE-2025-40332 [drm/amdkfd: Fix mmap write lock not release]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/7574f30337e19045f03126b4c51f525b84e5049e (6.18-rc1)
+CVE-2025-40331 [sctp: Prevent TOCTOU out-of-bounds write]
+	- linux 6.17.8-1
+	NOTE: https://git.kernel.org/linus/95aef86ab231f047bb8085c70666059b58f53c09 (6.18-rc5)
+CVE-2025-40330 [bnxt_en: Shutdown FW DMA in bnxt_shutdown()]
+	- linux 6.17.8-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/bc7208ca805ae6062f353a4753467d913d963bc6 (6.18-rc5)
+CVE-2025-40329 [drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb]
+	- linux 6.17.8-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/487df8b698345dd5a91346335f05170ed5f29d4e (6.18-rc5)
+CVE-2025-40328 [smb: client: fix potential UAF in smb2_close_cached_fid()]
+	- linux 6.17.8-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/734e99623c5b65bf2c03e35978a0b980ebc3c2f8 (6.18-rc5)
+CVE-2025-40327 [perf/core: Fix system hang caused by cpu-clock usage]
+	- linux 6.17.8-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/eb3182ef0405ff2f6668fd3e5ff9883f60ce8801 (6.18-rc5)
 CVE-2013-10031
 	- libplack-middleware-session-perl 0.21-1
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/35012183/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83c2ab22c2621727753e08334fceedd9198bd185

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83c2ab22c2621727753e08334fceedd9198bd185
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251209/6edd9598/attachment.htm>

More information about the debian-security-tracker-commits mailing list