[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
46a41070 by Salvatore Bonaccorso at 2025-12-18T17:18:18+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2025-68325 [net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/9fefc78f7f02d71810776fdeb119a05a946a27cc (6.19-rc1)
+CVE-2025-68324 [scsi: imm: Fix use-after-free bug caused by unfinished delayed work]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/ab58153ec64fa3fc9aea09ca09dc9322e0b54a7c (6.19-rc1)
+CVE-2025-68323 [usb: typec: ucsi: fix use-after-free caused by uec->work]
+	- linux <unfixed>
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/2b7a0f47aaf2439d517ba0a6b29c66a535302154 (6.19-rc1)
 CVE-2025-6326 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-6324 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46a41070b44f384c78af6a3e15314a5311fe4949

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46a41070b44f384c78af6a3e15314a5311fe4949
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251218/b491699b/attachment.htm>