[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 30 12:44:28 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8502132a by Salvatore Bonaccorso at 2025-12-30T13:43:59+01:00
Merge Linux CVEs from kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,279 @@
+CVE-2023-54326 [misc: pci_endpoint_test: Free IRQs before removing the device]
+ - linux 6.4.11-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/f61b7634a3249d12b9daa36ffbdb9965b6f24c6c (6.5-rc1)
+CVE-2023-54325 [crypto: qat - fix out-of-bounds read]
+ - linux 6.1.20-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f6044cc3030e139f60c281386f28bda6e3049d66 (6.3-rc1)
+CVE-2023-54323 [cxl/pmem: Fix nvdimm registration races]
+ - linux 6.1.20-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f57aec443c24d2e8e1f3b5b4856aea12ddda4254 (6.3-rc1)
+CVE-2023-54319 [pinctrl: at91-pio4: check return value of devm_kasprintf()]
+ - linux 6.4.4-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/f6fd5d4ff8ca0b24cee1af4130bcb1fa96b61aa0 (6.5-rc1)
+CVE-2023-54318 [net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add]
+ - linux 6.5.6-1
+ [bookworm] - linux 6.1.55-1
+ [bullseye] - linux 5.10.197-1
+ NOTE: https://git.kernel.org/linus/f5146e3ef0a9eea405874b36178c19a4863b8989 (6.6-rc2)
+CVE-2023-54317 [dm flakey: don't corrupt the zero page]
+ - linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/f50714b57aecb6b3dc81d578e295f86d9c73f078 (6.3-rc1)
+CVE-2023-54316 [refscale: Fix uninitalized use of wait_queue_head_t]
+ - linux 6.5.3-1
+ [bookworm] - linux 6.1.55-1
+ [bullseye] - linux 5.10.197-1
+ NOTE: https://git.kernel.org/linus/f5063e8948dad7f31adb007284a5d5038ae31bb8 (6.6-rc1)
+CVE-2023-54315 [powerpc/powernv/sriov: perform null check on iov before dereferencing iov]
+ - linux 6.4.4-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/f4f913c980bc6abe0ccfe88fe3909c125afe4a2d (6.5-rc1)
+CVE-2023-54314 [media: af9005: Fix null-ptr-deref in af9005_i2c_xfer]
+ - linux 6.5.6-1
+ [bookworm] - linux 6.1.55-1
+ [bullseye] - linux 5.10.197-1
+ NOTE: https://git.kernel.org/linus/f4ee84f27625ce1fdf41e8483fa0561a1b837d10 (6.6-rc1)
+CVE-2023-54313 [ovl: fix null pointer dereference in ovl_get_acl_rcu()]
+ - linux 6.4.4-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f4e19e595cc2e76a8a58413eb19d3d9c51328b53 (6.5-rc1)
+CVE-2023-54312 [samples/bpf: Fix buffer overflow in tcp_basertt]
+ - linux 6.4.4-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/f4dea9689c5fea3d07170c2cb0703e216f1a0922 (6.5-rc1)
+CVE-2023-54311 [ext4: fix deadlock when converting an inline directory in nojournal mode]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/f4ce24f54d9cca4f09a395f3eecce20d6bec4663 (6.4-rc2)
+CVE-2023-54310 [scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/f486893288f3e9b171b836f43853a6426515d800 (6.4-rc1)
+CVE-2023-54309 [tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation]
+ - linux 6.4.11-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/f4032d615f90970d6c3ac1d9c0bce3351eb4445c (6.5-rc3)
+CVE-2023-54308 [ALSA: ymfpci: Create card with device-managed snd_devm_card_new()]
+ - linux 6.1.25-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f33fc1576757741479452255132d6e3aaf558ffe (6.3-rc5)
+CVE-2023-54307 [ptp_qoriq: fix memory leak in probe()]
+ - linux 6.1.25-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/f33642224e38d7e0d59336e10e7b4e370b1c4506 (6.3-rc5)
+CVE-2023-54306 [net: tls: avoid hanging tasks on the tx_lock]
+ - linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/f3221361dc85d4de22586ce8441ec2c67b454f5d (6.3-rc2)
+CVE-2023-54305 [ext4: refuse to create ea block when umounted]
+ - linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/f31173c19901a96bb2ebf6bcfec8a08df7095c91 (6.3-rc1)
+CVE-2023-54304 [firmware: meson_sm: fix to avoid potential NULL pointer dereference]
+ - linux 6.5.3-1
+ [bookworm] - linux 6.1.55-1
+ [bullseye] - linux 5.10.197-1
+ NOTE: https://git.kernel.org/linus/f2ed165619c16577c02b703a114a1f6b52026df4 (6.6-rc1)
+CVE-2023-54303 [bpf: Disable preemption in bpf_perf_event_output]
+ - linux 6.4.11-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f2c67a3e60d1071b65848efaa8c3b66c363dd025 (6.5-rc5)
+CVE-2023-54302 [RDMA/irdma: Fix data race on CQP completion stats]
+ - linux 6.4.11-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f2c3037811381f9149243828c7eb9a1631df9f9c (6.5-rc4)
+CVE-2023-54301 [serial: 8250_bcm7271: fix leak in `brcmuart_probe`]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f264f2f6f4788dc031cef60a0cf2881902736709 (6.4-rc3)
+CVE-2023-54300 [wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx]
+ - linux 6.4.4-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/f24292e827088bba8de7158501ac25a59b064953 (6.5-rc1)
+CVE-2023-54299 [usb: typec: bus: verify partner exists in typec_altmode_attention]
+ - linux 6.5.3-1
+ [bookworm] - linux 6.1.55-1
+ [bullseye] - linux 5.10.197-1
+ NOTE: https://git.kernel.org/linus/f23643306430f86e2f413ee2b986e0773e79da31 (6.6-rc1)
+CVE-2023-54298 [thermal: intel: quark_dts: fix error pointer dereference]
+ - linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/f1b930e740811d416de4d2074da48b6633a672c8 (6.3-rc1)
+CVE-2023-54297 [btrfs: zoned: fix memory leak after finding block group with super blocks]
+ - linux 6.4.11-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f1a07c2b4e2c473ec322b8b9ece071b8c88a3512 (6.5-rc3)
+CVE-2023-54296 [KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration]
+ - linux 6.5.6-1
+ [bookworm] - linux 6.1.55-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f1187ef24eb8f36e8ad8106d22615ceddeea6097 (6.6-rc1)
+CVE-2023-54295 [mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type]
+ - linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/f0f0cfdc3a024e21161714f2e05f0df3b84d42ad (6.3-rc1)
+CVE-2023-54294 [md/raid10: fix memleak of md thread]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/f0ddb83da3cbbf8a1f9087a642c448ff52ee9abd (6.4-rc1)
+CVE-2023-54293 [bcache: fixup btree_cache_wait list damage]
+ - linux 6.4.4-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/f0854489fc07d2456f7cc71a63f4faf9c716ffbe (6.5-rc1)
+CVE-2023-54292 [RDMA/irdma: Fix data race on CQP request done]
+ - linux 6.4.11-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f0842bb3d38863777e3454da5653d80b5fde6321 (6.5-rc4)
+CVE-2023-54291 [vduse: fix NULL pointer dereference]
+ - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f06cf1e1a503169280467d12d2ec89bf2c30ace7 (6.5-rc1)
+CVE-2023-54290 [thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in mtk_thermal_probe]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/f05c7b7d9ea9477fcc388476c6f4ade8c66d2d26 (6.4-rc1)
+CVE-2023-54289 [scsi: qedf: Fix NULL dereference in error handling]
+ - linux 6.4.4-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/f025312b089474a54e4859f3453771314d9e3d4f (6.5-rc1)
+CVE-2023-54288 [wifi: mac80211: fortify the spinlock against deadlock by interrupt]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ef6e1997da63ad0ac3fe33153fec9524c9ae56c9 (6.4-rc3)
+CVE-2023-54286 [wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/ef16799640865f937719f0771c93be5dca18adc6 (6.4-rc1)
+CVE-2023-54284 [media: av7110: prevent underflow in write_ts_to_decoder()]
+ - linux 6.3.7-1
+ [bookworm] - linux 6.1.37-1
+ [bullseye] - linux 5.10.216-1
+ NOTE: https://git.kernel.org/linus/eed9496a0501357aa326ddd6b71408189ed872eb (6.4-rc1)
+CVE-2023-54283 [bpf: Address KCSAN report on bpf_lru_list]
+ - linux 6.4.11-1
+ [bookworm] - linux 6.1.52-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/ee9fd0ac3017c4313be91a220a9ac4c99dde7ad4 (6.5-rc1)
+CVE-2023-54282 [media: tuners: qt1010: replace BUG_ON with a regular error]
+ - linux 6.5.6-1
+ [bookworm] - linux 6.1.55-1
+ [bullseye] - linux 5.10.197-1
+ NOTE: https://git.kernel.org/linus/ee630b29ea44d1851bb6c903f400956604834463 (6.6-rc1)
+CVE-2023-54281 [btrfs: release path before inode lookup during the ino lookup ioctl]
+ - linux 6.5.6-1
+ [bookworm] - linux 6.1.55-1
+ [bullseye] - linux 5.10.197-1
+ NOTE: https://git.kernel.org/linus/ee34a82e890a7babb5585daf1a6dd7d4d1cf142a (6.6-rc2)
+CVE-2022-50889 [dm integrity: Fix UAF in dm_integrity_dtr()]
+ - linux 6.1.4-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/f50cb2cbabd6c4a60add93d72451728f86e4791c (6.2-rc1)
+CVE-2022-50888 [remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio()]
+ - linux 6.1.4-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f360e2b275efbb745ba0af8b47d9ef44221be586 (6.2-rc1)
+CVE-2022-50887 [regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()]
+ - linux 6.1.4-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/f2b41b748c19962b82709d9f23c6b2b0ce9d2f91 (6.2-rc1)
+CVE-2022-50886 [mmc: toshsd: fix return value check of mmc_add_host()]
+ - linux 6.1.4-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/f670744a316ea983113a65313dcd387b5a992444 (6.2-rc1)
+CVE-2022-50885 [RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed]
+ - linux 6.1.4-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/f67376d801499f4fa0838c18c1efcad8840e550d (6.2-rc1)
+CVE-2022-50884 [drm: Prevent drm_copy_field() to attempt copying a NULL pointer]
+ - linux 6.0.3-1
+ [bullseye] - linux 5.10.158-1
+ NOTE: https://git.kernel.org/linus/f6ee30407e883042482ad4ad30da5eaba47872ee (6.1-rc1)
+CVE-2022-50883 [bpf: Prevent decl_tag from being referenced in func_proto arg]
+ - linux 6.1.4-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/f17472d4599697d701aa239b4c475a506bccfd19 (6.2-rc1)
+CVE-2022-50882 [media: uvcvideo: Fix memory leak in uvc_gpio_parse]
+ - linux 6.0.3-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f0f078457f18f10696888f8d0e6aba9deb9cde92 (6.1-rc1)
+CVE-2022-50881 [wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()]
+ - linux 6.1.20-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/f099c5c9e2ba08a379bd354a82e05ef839ae29ac (6.3-rc1)
+CVE-2022-50880 [wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()]
+ - linux 6.0.3-1
+ [bullseye] - linux 5.10.158-1
+ NOTE: https://git.kernel.org/linus/f020d9570a04df0762a2ac5c50cf1d8c511c9164 (6.1-rc1)
+CVE-2022-50879 [objtool: Fix SEGFAULT]
+ - linux 6.1.4-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/efb11fdb3e1a9f694fa12b70b21e69e55ec59c36 (6.2-rc1)
+CVE-2022-50878 [gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init()]
+ - linux 6.0.3-1
+ [bullseye] - linux 5.10.158-1
+ NOTE: https://git.kernel.org/linus/ef8886f321c5dab8124b9153d25afa2a71d05323 (6.1-rc1)
+CVE-2022-50877 [net: broadcom: bcm4908_enet: update TX stats after actual transmission]
+ - linux 6.0.7-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ef3556ee16c68735ec69bd08df41d1cd83b14ad3 (6.1-rc3)
+CVE-2022-50876 [usb: musb: Fix musb_gadget.c rxstate overflow bug]
+ - linux 6.0.3-1
+ [bullseye] - linux 5.10.158-1
+ NOTE: https://git.kernel.org/linus/eea4c860c3b366369eff0489d94ee4f0571d467d (6.1-rc1)
+CVE-2022-50875 [of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop()]
+ - linux 6.1.4-1
+ [bullseye] - linux 5.10.178-1
+ NOTE: https://git.kernel.org/linus/ee9d7a0e754568180a2f8ebc4aad226278a9116f (6.2-rc1)
+CVE-2022-50874 [RDMA/erdma: Fix refcount leak in erdma_mmap]
+ - linux 6.1.20-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ee84146c05ad2316b9a7222d0ec4413e0bf30eeb (6.3-rc1)
+CVE-2023-54324 [dm: fix a race condition in retrieve_deps]
+ - linux 6.5.6-1
+ [bookworm] - linux 6.1.64-1
+ NOTE: https://git.kernel.org/linus/f6007dce0cd35d634d9be91ef3515a6385dcee16 (6.6-rc2)
+CVE-2023-54322 [arm64: set __exception_irq_entry with __irq_entry as a default]
+ - linux 6.4.11-1
+ [bullseye] - linux 5.10.191-1
+ NOTE: https://git.kernel.org/linus/f6794950f0e5ba37e3bbedda4d6ab0aad7395dd3 (6.5-rc1)
+CVE-2023-54321 [driver core: fix potential null-ptr-deref in device_add()]
+ - linux 6.1.20-1
+ NOTE: https://git.kernel.org/linus/f6837f34a34973ef6600c08195ed300e24e97317 (6.3-rc1)
+CVE-2023-54320 [platform/x86/amd: pmc: Fix memory leak in amd_pmc_stb_debugfs_open_v2()]
+ - linux 6.3.7-1
+ NOTE: https://git.kernel.org/linus/f6e7ac4c35a28aef0be93b32c533ae678ad0b9e7 (6.4-rc1)
+CVE-2023-54287 [tty: serial: imx: disable Ageing Timer interrupt request irq]
+ - linux 6.1.20-1
+ NOTE: https://git.kernel.org/linus/ef25e16ea9674b713a68c3bda821556ce9901254 (6.3-rc1)
+CVE-2023-54285 [iomap: Fix possible overflow condition in iomap_write_delalloc_scan]
+ - linux 6.5.6-1
+ NOTE: https://git.kernel.org/linus/eee2d2e6ea5550118170dbd5bb1316ceb38455fb (6.6-rc1)
+CVE-2023-54280 [cifs: fix potential race when tree connecting ipc]
+ - linux 6.3.7-1
+ NOTE: https://git.kernel.org/linus/ee20d7c6100752eaf2409d783f4f1449c29ea33d (6.4-rc1)
CVE-2023-54279 [MIPS: fw: Allow firmware to pass a empty env]
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8502132a825e4168fb40f66ec7479b250c4864d5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8502132a825e4168fb40f66ec7479b250c4864d5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251230/3416efe1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list