[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 24 20:01:39 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab66f541 by Salvatore Bonaccorso at 2025-12-24T21:00:12+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,194 @@
+CVE-2025-68344 [ALSA: wavefront: Fix integer overflow in sample size validation]
+	- linux 6.17.13-1
+	NOTE: https://git.kernel.org/linus/0c4a13ba88594fd4a27292853e736c6b4349823d (6.19-rc1)
+CVE-2025-68345 [ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi()]
+	- linux 6.17.13-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c34b04cc6178f33c08331568c7fd25c5b9a39f66 (6.19-rc1)
+CVE-2025-68346 [ALSA: dice: fix buffer overflow in detect_stream_formats()]
+	- linux 6.17.13-1
+	NOTE: https://git.kernel.org/linus/324f3e03e8a85931ce0880654e3c3eb38b0f0bba (6.19-rc1)
+CVE-2025-68347 [ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events]
+	- linux 6.17.13-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/210d77cca3d0494ed30a5c628b20c1d95fa04fb1 (6.19-rc1)
+CVE-2025-68348 [block: fix memory leak in __blkdev_issue_zero_pages]
+	- linux 6.17.13-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f7e3f852a42d7cd8f1af2c330d9d153e30c8adcf (6.19-rc1)
+CVE-2025-68349 [NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid]
+	- linux 6.17.13-1
+	NOTE: https://git.kernel.org/linus/e0f8058f2cb56de0b7572f51cd563ca5debce746 (6.19-rc1)
+CVE-2025-68350 [exfat: fix divide-by-zero in exfat_allocate_bitmap]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d70a5804c563b5e34825353ba9927509df709651 (6.19-rc1)
+CVE-2025-68351 [exfat: fix refcount leak in exfat_find]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9aee8de970f18c2aaaa348e3de86c38e2d956c1d (6.19-rc1)
+CVE-2025-68352 [spi: ch341: fix out-of-bounds memory access in ch341_transfer_one]
+	- linux 6.17.13-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/545d1287e40a55242f6ab68bcc1ba3b74088b1bc (6.19-rc1)
+CVE-2025-68353 [net: vxlan: prevent NULL deref in vxlan_xmit_one]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/1f73a56f986005f0bc64ed23873930e2ee4f5911 (6.19-rc1)
+CVE-2025-68354 [regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex]
+	- linux 6.17.13-1
+	NOTE: https://git.kernel.org/linus/0cc15a10c3b4ab14cd71b779fd5c9ca0cb2bc30d (6.19-rc1)
+CVE-2025-68355 [bpf: Fix exclusive map memory leak]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/688b745401ab16e2e1a3b504863f0a45fd345638 (6.19-rc1)
+CVE-2025-68356 [gfs2: Prevent recursive memory reclaim]
+	- linux 6.17.13-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/2c5f4a53476e3cab70adc77b38942c066bd2c17c (6.19-rc1)
+CVE-2025-68357 [iomap: allocate s_dio_done_wq for async reads as well]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/7fd8720dff2d9c70cf5a1a13b7513af01952ec02 (6.19-rc1)
+CVE-2025-68358 [btrfs: fix racy bitfield write in btrfs_clear_space_info_full()]
+	- linux 6.17.13-1
+	NOTE: https://git.kernel.org/linus/38e818718c5e04961eea0fa8feff3f100ce40408 (6.19-rc1)
+CVE-2025-68359 [btrfs: fix double free of qgroup record after failure to add delayed ref head]
+	- linux 6.17.13-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/725e46298876a2cc1f1c3fb22ba69d29102c3ddf (6.19-rc1)
+CVE-2025-68360 [wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks]
+	- linux 6.17.13-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/385aab8fccd7a8746b9f1a17f3c1e38498a14bc7 (6.19-rc1)
+CVE-2025-68361 [erofs: limit the level of fs stacking for file-backed mounts]
+	- linux 6.17.13-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d53cd891f0e4311889349fff3a784dc552f814b9 (6.19-rc1)
+CVE-2025-68362 [wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb()]
+	- linux 6.17.13-1
+	NOTE: https://git.kernel.org/linus/b647d2574e4583c2e3b0ab35568f60c88e910840 (6.19-rc1)
+CVE-2025-68363 [bpf: Check skb->transport_header is set in bpf_skb_check_mtu]
+	- linux 6.17.13-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d946f3c98328171fa50ddb908593cf833587f725 (6.19-rc1)
+CVE-2025-68364 [ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent()]
+	- linux 6.17.13-1
+	NOTE: https://git.kernel.org/linus/8a7d58845fae061c62b50bc5eeb9bae4a1dedc3d (6.19-rc1)
+CVE-2025-68365 [fs/ntfs3: Initialize allocated memory before use]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a8a3ca23bbd9d849308a7921a049330dc6c91398 (6.19-rc1)
+CVE-2025-68366 [nbd: defer config unlock in nbd_genl_connect]
+	- linux 6.17.13-1
+	NOTE: https://git.kernel.org/linus/1649714b930f9ea6233ce0810ba885999da3b5d4 (6.19-rc1)
+CVE-2025-68367 [macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse]
+	- linux 6.17.13-1
+	NOTE: https://git.kernel.org/linus/1e4b207ffe54cf33a4b7a2912c4110f89c73bf3f (6.19-rc1)
+CVE-2025-68368 [md: init bioset in mddev_init]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/381a3ce1c0ffed647c9b913e142b099c7e9d5afc (6.19-rc1)
+CVE-2025-68369 [ntfs3: init run lock for extend inode]
+	- linux 6.17.13-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/be99c62ac7e7af514e4b13f83c891a3cccefaa48 (6.19-rc1)
+CVE-2025-68370 [coresight: tmc: add the handle of the event to the path]
+	- linux 6.17.13-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/aaa5abcc9d44d2c8484f779ab46d242d774cabcb (6.19-rc1)
+CVE-2025-68371 [scsi: smartpqi: Fix device resources accessed after device removal]
+	- linux 6.17.13-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/b518e86d1a70a88f6592a7c396cf1b93493d1aab (6.19-rc1)
+CVE-2025-68372 [nbd: defer config put in recv_work]
+	- linux 6.17.13-1
+	NOTE: https://git.kernel.org/linus/9517b82d8d422d426a988b213fdd45c6b417b86d (6.19-rc1)
+CVE-2025-68373 [md: avoid repeated calls to del_gendisk]
+	- linux 6.17.13-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/90e3bb44c0a86e245d8e5c6520206fa113acb1ee (6.19-rc1)
+CVE-2025-68374 [md: fix rcu protection in md_wakeup_thread]
+	- linux 6.17.13-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/0dc76205549b4c25705e54345f211b9f66e018a0 (6.19-rc1)
+CVE-2025-68375 [perf/x86: Fix NULL event access and potential PEBS record loss]
+	- linux 6.17.13-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/7e772a93eb61cb6265bdd1c5bde17d0f2718b452 (6.19-rc1)
+CVE-2025-68376 [coresight: ETR: Fix ETR buffer use-after-free issue]
+	- linux 6.17.13-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/35501ac3c7d40a7bb9568c2f89d6b56beaf9bed3 (6.19-rc1)
+CVE-2025-68377 [ns: initialize ns_list_node for initial namespaces]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3dd50c58664e2684bd610a57bf3ab713cbb0ea91 (6.19-rc1)
+CVE-2025-68378 [bpf: Fix stackmap overflow check in __bpf_get_stackid()]
+	- linux 6.17.13-1
+	NOTE: https://git.kernel.org/linus/23f852daa4bab4d579110e034e4d513f7d490846 (6.19-rc1)
+CVE-2025-68379 [RDMA/rxe: Fix null deref on srq->rq.queue after resize failure]
+	- linux 6.17.13-1
+	NOTE: https://git.kernel.org/linus/503a5e4690ae14c18570141bc0dcf7501a8419b0 (6.19-rc1)
+CVE-2025-68380 [wifi: ath11k: fix peer HE MCS assignment]
+	- linux 6.17.13-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4a013ca2d490c73c40588d62712ffaa432046a04 (6.19-rc1)
+CVE-2025-68724 [crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id]
+	- linux 6.17.13-1
+	NOTE: https://git.kernel.org/linus/df0845cf447ae1556c3440b8b155de0926cbaa56 (6.19-rc1)
+CVE-2025-68725 [bpf: Do not let BPF test infra emit invalid GSO types to stack]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/04a899573fb87273a656f178b5f920c505f68875 (6.19-rc1)
+CVE-2025-68726 [crypto: aead - Fix reqsize handling]
+	- linux 6.17.13-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9b04d8f00569573796dd05397f5779135593eb24 (6.19-rc1)
+CVE-2025-68727 [ntfs3: Fix uninit buffer allocated by __getname()]
+	- linux 6.17.13-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9948dcb2f7b5a1bf8e8710eafaf6016e00be3ad6 (6.19-rc1)
+CVE-2025-68728 [ntfs3: fix uninit memory after failed mi_read in mi_format_new]
+	- linux 6.17.13-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/73e6b9dacf72a1e7a4265eacca46f8f33e0997d6 (6.19-rc1)
+CVE-2025-68729 [wifi: ath12k: Fix MSDU buffer types handling in RX error path]
+	- linux 6.17.13-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/36f9edbb9d0fc36c865c74f3c1ad8e1261ad3981 (6.19-rc1)
+CVE-2025-68730 [accel/ivpu: Fix page fault in ivpu_bo_unbind_all_bos_from_context()]
+	- linux 6.17.13-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8b694b405a84696f1d964f6da7cf9721e68c4714 (6.19-rc1)
+CVE-2025-68731 [accel/amdxdna: Fix an integer overflow in aie2_query_ctx_status_array()]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9e16c8bf9aebf629344cfd4cd5e3dc7d8c3f7d82 (6.19-rc1)
+CVE-2025-68732 [gpu: host1x: Fix race in syncpt alloc/free]
+	- linux 6.17.13-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c7d393267c497502fa737607f435f05dfe6e3d9b (6.19-rc1)
+CVE-2025-68733 [smack: fix bug: unprivileged task can create labels]
+	- linux 6.17.13-1
+	NOTE: https://git.kernel.org/linus/c147e13ea7fe9f118f8c9ba5e96cbd644b00d6b3 (6.19-rc1)
 CVE-2025-68696 (httparty is an API tool. In versions 0.23.2 and prior, httparty is vul ...)
 	- ruby-httparty <unfixed>
 	NOTE: https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab66f54187dc7eb6f8923b0ed14b8ff37fcea912

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab66f54187dc7eb6f8923b0ed14b8ff37fcea912
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251224/a863eb8a/attachment.htm>

More information about the debian-security-tracker-commits mailing list