[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 3 10:15:44 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e71ceaf5 by Salvatore Bonaccorso at 2025-07-03T11:14:49+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,265 @@
+CVE-2025-38173 [crypto: marvell/cesa - Handle zero-length skcipher requests]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/8a4e047c6cc07676f637608a9dd675349b5de0a7 (6.16-rc1)
+CVE-2025-38172 [erofs: avoid using multiple devices with different type]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9748f2f54f66743ac77275c34886a9f890e18409 (6.16-rc1)
+CVE-2025-38171 [power: supply: max77705: Fix workqueue error handling in probe]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/11741b8e382d34b13277497ab91123d8b0b5c2db (6.16-rc1)
+CVE-2025-38170 [arm64/fpsimd: Discard stale CPU state when handling SME traps]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d3eaab3c70905c5467e5c4ea403053d67505adeb (6.16-rc1)
+CVE-2025-38169 [arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/01098d893fa8a6edb2b56e178b798e3e6b674f02 (6.16-rc1)
+CVE-2025-38168 [perf: arm-ni: Unregister PMUs on probe failure]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/7f57afde6a44d9e044885e1125034edd4fda02e8 (6.16-rc1)
+CVE-2025-38167 [fs/ntfs3: handle hdr_first_de() return value]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/af5cab0e5b6f8edb0be51a9f47f3f620e0b4fd70 (6.16-rc1)
+CVE-2025-38166 [bpf: fix ktls panic with sockmap]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/54a3ecaeeeae8176da8badbd7d72af1017032c39 (6.16-rc1)
+CVE-2025-38165 [bpf, sockmap: Fix panic when calling skb_linearize]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/5ca2e29f6834c64c0e5a9ccf1278c21fb49b827e (6.16-rc1)
+CVE-2025-38164 [f2fs: zone: fix to avoid inconsistence in between SIT and SSA]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/773704c1ef96a8b70d0d186ab725f50548de82c4 (6.16-rc1)
+CVE-2025-38163 [f2fs: fix to do sanity check on sbi->total_valid_block_count]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/05872a167c2cab80ef186ef23cc34a6776a1a30c (6.16-rc1)
+CVE-2025-38162 [netfilter: nft_set_pipapo: prevent overflow in lookup table allocation]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/4c5c6aa9967dbe55bd017bb509885928d0f31206 (6.16-rc1)
+CVE-2025-38161 [RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/5d2ea5aebbb2f3ebde4403f9c55b2b057e5dd2d6 (6.16-rc1)
+CVE-2025-38160 [clk: bcm: rpi: Add NULL check in raspberrypi_clk_register()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/73c46d9a93d071ca69858dea3f569111b03e549e (6.16-rc1)
+CVE-2025-38159 [wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/4c2c372de2e108319236203cce6de44d70ae15cd (6.16-rc1)
+CVE-2025-38158 [hisi_acc_vfio_pci: fix XQE dma address error]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8bb7170c5a055ea17c6857c256ee73c10ff872eb (6.16-rc1)
+CVE-2025-38157 [wifi: ath9k_htc: Abort software beacon handling if disabled]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/ac4e317a95a1092b5da5b9918b7118759342641c (6.16-rc1)
+CVE-2025-38156 [wifi: mt76: mt7996: Fix null-ptr-deref in mt7996_mmio_wed_init()]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8f30e2b059757d8711a823e4c9c023db62a1d171 (6.16-rc1)
+CVE-2025-38155 [wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init()]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/efb95439c1477bbc955cacd0179c35e7861b437c (6.16-rc1)
+CVE-2025-38154 [bpf, sockmap: Avoid using sk_socket after free when sending]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8259eb0e06d8f64c700f5fbdb28a5c18e10de291 (6.16-rc1)
+CVE-2025-38153 [net: usb: aqc111: fix error handling of usbnet read calls]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/405b0d610745fb5e84fc2961d9b960abb9f3d107 (6.16-rc1)
+CVE-2025-38151 [RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/92a251c3df8ea1991cd9fe00f1ab0cfce18d7711 (6.16-rc1)
+CVE-2025-38150 [af_packet: move notifier's packet_dev_mc out of rcu critical section]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d8d85ef0a631df9127f202e6371bb33a0b589952 (6.16-rc1)
+CVE-2025-38149 [net: phy: clear phydev->devlink when the link is deleted]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/0795b05a59b1371b18ffbf09d385296b12e9f5d5 (6.16-rc1)
+CVE-2025-38148 [net: phy: mscc: Fix memory leak when using one step timestamping]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/846992645b25ec4253167e3f931e4597eb84af56 (6.16-rc1)
+CVE-2025-38147 [calipso: Don't call calipso functions for AF_INET sk.]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/6e9f2df1c550ead7cecb3e450af1105735020c92 (6.16-rc1)
+CVE-2025-38146 [net: openvswitch: Fix the dead loop of MPLS parse]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/0bdc924bfb319fb10d1113cbf091fc26fb7b1f99 (6.16-rc1)
+CVE-2025-38145 [soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/f1706e0e1a74b095cbc60375b9b1e6205f5f4c98 (6.16-rc1)
+CVE-2025-38144 [watchdog: lenovo_se30_wdt: Fix possible devm_ioremap() NULL pointer dereference in lenovo_se30_wdt_probe()]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a4e2401438a26131ecff9be6a3a1d4cbfea66f9a (6.16-rc1)
+CVE-2025-38143 [backlight: pm8941: Add NULL check in wled_configure()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/e12d3e1624a02706cdd3628bbf5668827214fa33 (6.16-rc1)
+CVE-2025-38142 [hwmon: (asus-ec-sensors) check sensor index in read_string()]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/25be318324563c63cbd9cb53186203a08d2f83a1 (6.16-rc1)
+CVE-2025-38141 [dm: fix dm_blk_report_zones]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/37f53a2c60d03743e0eacf7a0c01c279776fef4e (6.16-rc1)
+CVE-2025-38140 [dm: limit swapping tables for devices with zone write plugs]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/121218bef4c1df165181f5cd8fc3a2246bac817e (6.16-rc1)
+CVE-2025-38139 [netfs: Fix oops in write-retry from mis-resetting the subreq iterator]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4481f7f2b3df123ec77e828c849138f75cff2bf2 (6.16-rc1)
+CVE-2025-38138 [dmaengine: ti: Add NULL check in udma_probe()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/fd447415e74bccd7362f760d4ea727f8e1ebfe91 (6.16-rc1)
+CVE-2025-38137 [PCI/pwrctrl: Cancel outstanding rescan work when unregistering]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8b926f237743f020518162c62b93cb7107a2b5eb (6.16-rc1)
+CVE-2025-38136 [usb: renesas_usbhs: Reorder clock handling and power management in probe]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/ffb34a60ce86656ba12d46e91f1ccc71dd221251 (6.16-rc1)
+CVE-2025-38135 [serial: Fix potential null-ptr-deref in mlb_usio_probe()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/86bcae88c9209e334b2f8c252f4cc66beb261886 (6.16-rc1)
+CVE-2025-38134 [usb: acpi: Prevent null pointer dereference in usb_acpi_add_usb4_devlink()]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/73fb0ec9436ae87bcae067ce35d6cdd72bade86c (6.16-rc1)
+CVE-2025-38133 [iio: adc: ad4851: fix ad4858 chan pointer handling]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/499a8cee812588905cc940837e69918c1649a19e (6.16-rc1)
+CVE-2025-38132 [coresight: holding cscfg_csdev_lock while removing cscfg from csdev]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/53b9e2659719b04f5ba7593f2af0f2335f75e94a (6.16-rc1)
+CVE-2025-38131 [coresight: prevent deactivate active config while enabling the config]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/408c97c4a5e0b634dcd15bf8b8808b382e888164 (6.16-rc1)
+CVE-2025-38130 [drm/connector: only call HDMI audio helper plugged cb if non-null]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/be9b3f9a54101c19226c25ba7163d291183777a0 (6.16-rc1)
+CVE-2025-38129 [page_pool: Fix use-after-free in page_pool_recycle_in_ring]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/271683bb2cf32e5126c592b5d5e6a756fa374fd9 (6.16-rc1)
+CVE-2025-38128 [Bluetooth: MGMT: reject malformed HCI_CMD_SYNC commands]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/03f1700b9b4d4f2fed3165370f3c23db76553178 (6.16-rc1)
+CVE-2025-38127 [ice: fix Tx scheduler error handling in XDP callback]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/0153f36041b8e52019ebfa8629c13bf8f9b0a951 (6.16-rc1)
+CVE-2025-38126 [net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/030ce919e114a111e83b7976ecb3597cefd33f26 (6.16-rc1)
+CVE-2025-38125 [net: stmmac: make sure that ptp_rate is not 0 before configuring EST]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/cbefe2ffa7784525ec5d008ba87c7add19ec631a (6.16-rc1)
+CVE-2025-38124 [net: fix udp gso skb_segment after pull from frag_list]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3382a1ed7f778db841063f5d7e317ac55f9e7f72 (6.16-rc1)
+CVE-2025-38123 [net: wwan: t7xx: Fix napi rx poll issue]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/905fe0845bb27e4eed2ca27ea06e6c4847f1b2b1 (6.16-rc1)
+CVE-2025-38122 [gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/12c331b29c7397ac3b03584e12902990693bc248 (6.16-rc1)
+CVE-2025-38121 [wifi: iwlwifi: mld: avoid panic on init failure]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/960c7e6d388034d219dafffa6da0a5c2ccd5ff30 (6.16-rc1)
+CVE-2025-38120 [netfilter: nf_set_pipapo_avx2: fix initial map fill]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ea77c397bff8b6d59f6d83dae1425b08f465e8b5 (6.16-rc1)
+CVE-2025-38119 [scsi: core: ufs: Fix a hang in the error handler]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/8a3514d348de87a9d5e2ac00fbac4faae0b97996 (6.16-rc2)
+CVE-2025-38118 [Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c (6.16-rc2)
+CVE-2025-38117 [Bluetooth: MGMT: Protect mgmt_pending list with its own lock]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/6fe26f694c824b8a4dbf50c635bee1302e3f099c (6.16-rc2)
+CVE-2025-38116 [wifi: ath12k: fix uaf in ath12k_core_init()]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f3fe49dbddd73f0155a8935af47cb63693069dbe (6.16-rc2)
+CVE-2025-38115 [net_sched: sch_sfq: fix a potential crash on gso_skb handling]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/82ffbe7776d0ac084031f114167712269bf3d832 (6.16-rc2)
+CVE-2025-38114 [e1000: Move cancel_work_sync to avoid deadlock]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/b4a8085ceefb7bbb12c2b71c55e71fc946c6929f (6.16-rc2)
+CVE-2025-38113 [ACPI: CPPC: Fix NULL pointer dereference when nosmp is used]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/15eece6c5b05e5f9db0711978c3e3b7f1a2cfe12 (6.16-rc2)
+CVE-2025-38112 [net: Fix TOCTOU issue in sk_is_readable()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/2660a544fdc0940bba15f70508a46cf9a6491230 (6.16-rc2)
+CVE-2025-38111 [net/mdiobus: Fix potential out-of-bounds read/write access]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/0e629694126ca388916f059453a1c36adde219c4 (6.16-rc2)
+CVE-2025-38110 [net/mdiobus: Fix potential out-of-bounds clause 45 read/write access]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/260388f79e94fb3026c419a208ece8358bb7b555 (6.16-rc2)
+CVE-2025-38109 [net/mlx5: Fix ECVF vports unload on shutdown flow]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/687560d8a9a2d654829ad0da1ec24242f1de711d (6.16-rc2)
+CVE-2025-38108 [net_sched: red: fix a race in __red_change()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/85a3e0ede38450ea3053b8c45d28cf55208409b8 (6.16-rc2)
+CVE-2025-38107 [net_sched: ets: fix a race in ets_qdisc_change()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/d92adacdd8c2960be856e0b82acc5b7c5395fddb (6.16-rc2)
+CVE-2025-38106 [io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo()]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ac0b8b327a5677dc6fecdf353d808161525b1ff0 (6.16-rc2)
+CVE-2025-38105 [ALSA: usb-audio: Kill timer properly at removal]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/0718a78f6a9f04b88d0dc9616cc216b31c5f3cf1 (6.16-rc1)
+CVE-2025-38103 [HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/fe7f7ac8e0c708446ff017453add769ffc15deed (6.16-rc1)
+CVE-2025-38102 [VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/1bd6406fb5f36c2bb1e96e27d4c3e9f4d09edde4 (6.16-rc1)
+CVE-2025-38101 [ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set()]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/40ee2afafc1d9fe3aa44a6fbe440d78a5c96a72e (6.16-rc1)
+CVE-2025-38100 [x86/iopl: Cure TIF_IO_BITMAP inconsistencies]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/8b68e978718f14fdcb080c2a7791c52a0d09bc6d (6.16-rc1)
 CVE-2025-38099 [Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken]
 	- linux 6.12.32-1
 	NOTE: https://git.kernel.org/linus/14d17c78a4b1660c443bae9d38c814edea506f62 (6.15-rc1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e71ceaf5277be25542e71d650ef608f140bab73d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e71ceaf5277be25542e71d650ef608f140bab73d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250703/1cbaeae3/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list