[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 30 12:24:20 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
90b2ba49 by Salvatore Bonaccorso at 2025-12-30T13:23:52+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,250 @@
+CVE-2023-54203 [ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/dc8289f912387c3bcfbc5d2db29c8947fa207c11 (6.3-rc6)
+CVE-2023-54200 [netfilter: nf_tables: always release netdev hooks from notifier]
+	- linux 6.3.7-1
+	[bookworm] - linux 6.1.37-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/dc1c9fd4a8bbe1e06add9053010b652449bfe411 (6.4-rc2)
+CVE-2023-54199 [drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup()]
+	- linux 6.1.20-1
+	[bullseye] - linux 5.10.178-1
+	NOTE: https://git.kernel.org/linus/dbeedbcb268d055d8895aceca427f897e12c2b50 (6.3-rc1)
+CVE-2023-54198 [tty: fix out-of-bounds access in tty_driver_lookup_tty()]
+	- linux 6.1.20-1
+	[bullseye] - linux 5.10.178-1
+	NOTE: https://git.kernel.org/linus/db4df8e9d79e7d37732c1a1b560958e8dadfefa1 (6.3-rc1)
+CVE-2023-54197 [Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work"]
+	- linux 6.3.7-1
+	[bookworm] - linux 6.1.37-1
+	[bullseye] - linux 5.10.191-1
+	NOTE: https://git.kernel.org/linus/db2bf510bd5d57f064d9e1db395ed86a08320c54 (6.4-rc1)
+CVE-2023-54195 [rxrpc: Fix timeout of a call that hasn't yet been granted a channel]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/db099c625b13a74d462521a46d98a8ce5b53af5d (6.4-rc1)
+CVE-2023-54194 [exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree]
+	- linux 6.4.11-1
+	[bookworm] - linux 6.1.52-1
+	[bullseye] - linux 5.10.191-1
+	NOTE: https://git.kernel.org/linus/daf60d6cca26e50d65dac374db92e58de745ad26 (6.5-rc5)
+CVE-2023-54193 [net/sched: cls_api: remove block_cb from driver_list before freeing]
+	- linux 6.3.7-1
+	[bookworm] - linux 6.1.37-1
+	[bullseye] - linux 5.10.191-1
+	NOTE: https://git.kernel.org/linus/da94a7781fc3c92e7df7832bc2746f4d39bc624e (6.4-rc1)
+CVE-2023-54192 [f2fs: fix null pointer panic in tracepoint in __replace_atomic_write_block]
+	- linux 6.3.7-1
+	[bookworm] - linux 6.1.37-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/da6ea0b050fa720302b56fbb59307e7c7531a342 (6.4-rc1)
+CVE-2023-54191 [wifi: mt76: mt7996: fix memory leak in mt7996_mcu_exit]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/da5b4d93e141b52c5a71d0c41a042d1bcaf70d2e (6.3-rc1)
+CVE-2023-54190 [leds: led-core: Fix refcount leak in of_led_get()]
+	- linux 6.1.20-1
+	[bullseye] - linux 5.10.178-1
+	NOTE: https://git.kernel.org/linus/da1afe8e6099980fe1e2fd7436dca284af9d3f29 (6.3-rc1)
+CVE-2023-54189 [pstore/ram: Add check for kstrdup]
+	- linux 6.4.4-1
+	[bookworm] - linux 6.1.52-1
+	[bullseye] - linux 5.10.191-1
+	NOTE: https://git.kernel.org/linus/d97038d5ec2062733c1e016caf9baaf68cf64ea1 (6.5-rc1)
+CVE-2023-54188 [dmaengine: apple-admac: Fix 'current_tx' not getting freed]
+	- linux 6.1.25-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d9503be5a100c553731c0e8a82c7b4201e8a970c (6.3-rc7)
+CVE-2023-54187 [f2fs: fix potential corruption when moving a directory]
+	- linux 6.3.7-1
+	[bookworm] - linux 6.1.37-1
+	[bullseye] - linux 5.10.191-1
+	NOTE: https://git.kernel.org/linus/d94772154e524b329a168678836745d2773a6e02 (6.4-rc1)
+CVE-2023-54186 [usb: typec: altmodes/displayport: fix pin_assignment_show]
+	- linux 6.3.7-1
+	[bookworm] - linux 6.1.37-1
+	[bullseye] - linux 5.10.191-1
+	NOTE: https://git.kernel.org/linus/d8f28269dd4bf9b55c3fb376ae31512730a96fce (6.4-rc3)
+CVE-2023-54184 [scsi: target: iscsit: Free cmds before session free]
+	- linux 6.3.7-1
+	[bookworm] - linux 6.1.37-1
+	[bullseye] - linux 5.10.191-1
+	NOTE: https://git.kernel.org/linus/d8990b5a4d065f38f35d69bcd627ec5a7f8330ca (6.4-rc1)
+CVE-2023-54183 [media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link()]
+	- linux 6.5.3-1
+	[bookworm] - linux 6.1.55-1
+	[bullseye] - linux 5.10.197-1
+	NOTE: https://git.kernel.org/linus/d7b13edd4cb4bfa335b6008ab867ac28582d3e5c (6.6-rc1)
+CVE-2023-54179 [scsi: qla2xxx: Array index may go out of bound]
+	- linux 6.4.11-1
+	[bookworm] - linux 6.1.52-1
+	[bullseye] - linux 5.10.191-1
+	NOTE: https://git.kernel.org/linus/d721b591b95cf3f290f8a7cbe90aa2ee0368388d (6.5-rc1)
+CVE-2023-54178 [of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name()]
+	- linux 6.5.3-1
+	[bookworm] - linux 6.1.55-1
+	[bullseye] - linux 5.10.197-1
+	NOTE: https://git.kernel.org/linus/d6ce4f0ea19c32f10867ed93d8386924326ab474 (6.6-rc1)
+CVE-2023-54177 [quota: fix warning in dqgrab()]
+	- linux 6.4.11-1
+	[bookworm] - linux 6.1.52-1
+	[bullseye] - linux 5.10.197-1
+	NOTE: https://git.kernel.org/linus/d6a95db3c7ad160bc16b89e36449705309b52bcb (6.5-rc1)
+CVE-2023-54176 [mptcp: stricter state check in mptcp_worker]
+	- linux 6.1.25-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d6a0443733434408f2cbd4c53fea6910599bab9e (6.3-rc7)
+CVE-2023-54175 [i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path]
+	- linux 6.3.7-1
+	[bookworm] - linux 6.1.37-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d663d93bb47e7ab45602b227701022d8aa16040a (6.4-rc1)
+CVE-2023-54174 [vfio: Fix NULL pointer dereference caused by uninitialized group->iommufd]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d649c34cb916b015fdcb487e51409fcc5caeca8d (6.3-rc1)
+CVE-2023-54173 [bpf: Disable preemption in bpf_event_output]
+	- linux 6.4.11-1
+	[bookworm] - linux 6.1.52-1
+	[bullseye] - linux 5.10.191-1
+	NOTE: https://git.kernel.org/linus/d62cc390c2e99ae267ffe4b8d7e2e08b6c758c32 (6.5-rc5)
+CVE-2023-54171 [tracing: Fix memory leak of iter->temp when reading trace_pipe]
+	- linux 6.4.11-1
+	[bookworm] - linux 6.1.52-1
+	[bullseye] - linux 5.10.191-1
+	NOTE: https://git.kernel.org/linus/d5a821896360cc8b93a15bd888fabc858c038dc0 (6.5-rc2)
+CVE-2023-54170 [keys: Fix linking a duplicate key to a keyring's assoc_array]
+	- linux 6.4.11-1
+	[bookworm] - linux 6.1.52-1
+	[bullseye] - linux 5.10.191-1
+	NOTE: https://git.kernel.org/linus/d55901522f96082a43b9842d34867363c0cdbac5 (6.5-rc3)
+CVE-2023-54169 [net/mlx5e: fix memory leak in mlx5e_ptp_open]
+	- linux 6.4.11-1
+	[bookworm] - linux 6.1.52-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d543b649ffe58a0cb4b6948b3305069c5980a1fa (6.5-rc2)
+CVE-2023-54168 [RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()]
+	- linux 6.3.7-1
+	[bookworm] - linux 6.1.37-1
+	[bullseye] - linux 5.10.191-1
+	NOTE: https://git.kernel.org/linus/d50b3c73f1ac20dabc53dc6e9d64ce9c79a331eb (6.4-rc1)
+CVE-2023-54167 [m68k: mm: Move initrd phys_to_virt handling after paging_init()]
+	- linux 6.1.20-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d4b97925e87eb133e400fe4a482d750c74ce392f (6.3-rc2)
+CVE-2023-54166 [igc: Fix Kernel Panic during ndo_tx_timeout callback]
+	- linux 6.4.11-1
+	[bookworm] - linux 6.1.52-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d4a7ce642100765119a872d4aba1bf63e3a22c8a (6.5-rc4)
+CVE-2023-54165 [zsmalloc: move LRU update from zs_map_object() to zs_malloc()]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d461aac924b937bcb4fd0ca1242b3ef6868ecddd (6.4-rc3)
+CVE-2023-54164 [Bluetooth: ISO: fix iso_conn related locking and validity issues]
+	- linux 6.4.11-1
+	[bookworm] - linux 6.1.52-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d40ae85ee62e3666f45bc61864b22121346f88ef (6.5-rc3)
+CVE-2022-50827 [scsi: lpfc: Fix memory leak in lpfc_create_port()]
+	- linux 6.0.6-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/dc8e483f684a24cc06e1d5fa958b54db58855093 (6.1-rc2)
+CVE-2022-50826 [ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection()]
+	- linux 6.1.4-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/dc608edf7d45ba0c2ad14c06eccd66474fec7847 (6.2-rc1)
+CVE-2022-50825 [usb: typec: wusb3801: fix fwnode refcount leak in wusb3801_probe()]
+	- linux 6.1.4-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/dc18a4c7b3bd447cef2395deeb1f6ac16dfaca0e (6.2-rc1)
+CVE-2022-50824 [tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak]
+	- linux 6.1.4-1
+	[bullseye] - linux 5.10.178-1
+	NOTE: https://git.kernel.org/linus/db9622f762104459ff87ecdf885cc42c18053fd9 (6.2-rc1)
+CVE-2022-50823 [clk: tegra: Fix refcount leak in tegra114_clock_init]
+	- linux 6.0.3-1
+	[bullseye] - linux 5.10.158-1
+	NOTE: https://git.kernel.org/linus/db16a80c76ea395766913082b1e3f939dde29b2c (6.1-rc1)
+CVE-2022-50821 [SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails]
+	- linux 6.1.4-1
+	[bullseye] - linux 5.10.178-1
+	NOTE: https://git.kernel.org/linus/da522b5fe1a5f8b7c20a0023e87b52a150e53bf5 (6.2-rc1)
+CVE-2022-50820 [perf/arm_dmc620: Fix hotplug callback leak in dmc620_pmu_init()]
+	- linux 6.1.4-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d9f564c966e63925aac4ba273a9319d7fb6f4b4e (6.2-rc1)
+CVE-2022-50819 [udmabuf: Set ubuf->sg = NULL if the creation of sg table fails]
+	- linux 6.0.3-1
+	[bullseye] - linux 5.10.158-1
+	NOTE: https://git.kernel.org/linus/d9c04a1b7a15b5e74b2977461d9511e497f05d8f (6.1-rc1)
+CVE-2022-50818 [scsi: pm8001: Fix running_req for internal abort commands]
+	- linux 6.0.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d8c22c4697c11ed28062afe3c2b377025be11a23 (6.1-rc1)
+CVE-2022-50817 [net: hsr: avoid possible NULL deref in skb_clone()]
+	- linux 6.0.6-1
+	[bullseye] - linux 5.10.158-1
+	NOTE: https://git.kernel.org/linus/d8b57135fd9ffe9a5b445350a686442a531c5339 (6.1-rc2)
+CVE-2022-50816 [ipv6: ensure sane device mtu in tunnels]
+	- linux 6.0.7-1
+	[bullseye] - linux 5.10.158-1
+	NOTE: https://git.kernel.org/linus/d89d7ff01235f218dad37de84457717f699dee79 (6.1-rc3)
+CVE-2022-50814 [crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr]
+	- linux 6.0.3-1
+	[bullseye] - linux 5.10.158-1
+	NOTE: https://git.kernel.org/linus/d74f9340097a881869c4c22ca376654cc2516ecc (6.1-rc1)
+CVE-2022-50813 [drivers: mcb: fix resource leak in mcb_probe()]
+	- linux 6.1.4-1
+	[bullseye] - linux 5.10.178-1
+	NOTE: https://git.kernel.org/linus/d7237462561fcd224fa687c56ccb68629f50fc0d (6.2-rc1)
+CVE-2022-50811 [erofs: fix missing unmap if z_erofs_get_extent_compressedlen() fails]
+	- linux 6.1.4-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d5d188b8f8b38d3d71dd05993874b4fc9284ce95 (6.2-rc1)
+CVE-2022-50810 [rapidio: devices: fix missing put_device in mport_cdev_open]
+	- linux 6.1.4-1
+	[bullseye] - linux 5.10.178-1
+	NOTE: https://git.kernel.org/linus/d5b6e6eba3af11cb2a2791fa36a2524990fcde1a (6.2-rc1)
+CVE-2022-50809 [xhci: dbc: Fix memory leak in xhci_alloc_dbc()]
+	- linux 6.0.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d591b32e519603524a35b172156db71df9116902 (6.1-rc1)
+CVE-2023-54202 [drm/i915: fix race condition UAF in i915_perf_add_config_ioctl]
+	- linux 6.1.25-1
+	NOTE: https://git.kernel.org/linus/dc30c011469165d57af9adac5baff7d767d20e5c (6.3-rc6)
+CVE-2023-54201 [RDMA/efa: Fix wrong resources deallocation order]
+	- linux 6.5.3-1
+	[bookworm] - linux 6.1.55-1
+	NOTE: https://git.kernel.org/linus/dc202c57e9a1423aed528e4b8dc949509cd32191 (6.6-rc1)
+CVE-2023-54196 [fs/ntfs3: Fix NULL pointer dereference in 'ni_write_inode']
+	- linux 6.3.7-1
+	[bookworm] - linux 6.1.82-1
+	NOTE: https://git.kernel.org/linus/db2a3cc6a3481076da6344cc62a80a4e2525f36f (6.4-rc1)
+CVE-2023-54185 [btrfs: remove BUG_ON()'s in add_new_free_space()]
+	- linux 6.4.11-1
+	[bookworm] - linux 6.1.52-1
+	NOTE: https://git.kernel.org/linus/d8ccbd21918fd7fa6ce3226cffc22c444228e8ad (6.5-rc4)
+CVE-2023-54182 [f2fs: fix to check readonly condition correctly]
+	- linux 6.3.7-1
+	[bookworm] - linux 6.1.37-1
+	NOTE: https://git.kernel.org/linus/d78dfefcde9d311284434560d69c0478c55a657e (6.4-rc1)
+CVE-2023-54181 [bpf: Fix issue in verifying allow_ptr_leaks]
+	- linux 6.5.3-1
+	[bookworm] - linux 6.1.55-1
+	NOTE: https://git.kernel.org/linus/d75e30dddf73449bc2d10bb8e2f1a2c446bc67a2 (6.6-rc1)
+CVE-2023-54180 [btrfs: handle case when repair happens with dev-replace]
+	- linux 6.1.7-1
+	NOTE: https://git.kernel.org/linus/d73a27b86fc722c28a26ec64002e3a7dc86d1c07 (6.2-rc3)
+CVE-2023-54172 [x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction]
+	- linux 6.4.11-1
+	[bookworm] - linux 6.1.52-1
+	NOTE: https://git.kernel.org/linus/d5ace2a776442d80674eff9ed42e737f7dd95056 (6.5-rc5)
+CVE-2022-50822 [RDMA/restrack: Release MR restrack when delete]
+	- linux 6.1.4-1
+	NOTE: https://git.kernel.org/linus/dac153f2802db1ad46207283cb9b2aae3d707a45 (6.2-rc1)
+CVE-2022-50815 [ext2: Add sanity checks for group and filesystem size]
+	- linux 6.0.3-1
+	NOTE: https://git.kernel.org/linus/d766f2d1e3e3bd44024a7f971ffcf8b8fbb7c5d2 (6.1-rc1)
+CVE-2022-50812 [security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6]
+	- linux 6.1.4-1
+	NOTE: https://git.kernel.org/linus/d6a9fb87e9d18f3394a9845546bbe868efdccfd2 (6.2-rc1)
 CVE-2023-54162 [ksmbd: fix possible memory leak in smb2_lock()]
 	- linux 6.1.20-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90b2ba4952d3d7fff324c0942f2f00bafa5e832d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90b2ba4952d3d7fff324c0942f2f00bafa5e832d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251230/d36ea7e9/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list