[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Fri Jul 4 16:33:32 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fc4c8d20 by Salvatore Bonaccorso at 2025-07-04T17:33:03+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,200 @@
+CVE-2025-38234 [sched/rt: Fix race in push_rt_task]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/690e47d1403e90b7f2366f03b52ed3304194c793 (6.16-rc1)
+CVE-2025-38233 [powerpc64/ftrace: fix clobbered r15 during livepatching]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/cb5b691f8273432297611863ac142e17119279e0 (6.16-rc1)
+CVE-2025-38232 [NFSD: fix race between nfsd registration and exports_proc]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/f7fb730cac9aafda8b9813b55d04e28a9664d17c (6.16-rc1)
+CVE-2025-38231 [nfsd: Initialize ssc before laundromat_work to prevent NULL dereference]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/b31da62889e6d610114d81dc7a6edbcaa503fcf8 (6.16-rc1)
+CVE-2025-38230 [jfs: validate AG parameters in dbMount() to prevent crashes]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/37bfb464ddca87f203071b5bd562cd91ddc0b40a (6.16-rc1)
+CVE-2025-38229 [media: cxusb: no longer judge rbuf when the write fails]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/73fb3b92da84637e3817580fa205d48065924e15 (6.16-rc1)
+CVE-2025-38228 [media: imagination: fix a potential memory leak in e5010_probe()]
+	- linux 6.12.35-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/609ba05b9484856b08869f827a6edee51d51b5f3 (6.16-rc1)
+CVE-2025-38227 [media: vidtv: Terminating the subsequent process of initialization failure]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/1d5f88f053480326873115092bc116b7d14916ba (6.16-rc1)
+CVE-2025-38226 [media: vivid: Change the siize of the composing]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/f83ac8d30c43fd902af7c84c480f216157b60ef0 (6.16-rc1)
+CVE-2025-38225 [media: imx-jpeg: Cleanup after an allocation error]
+	- linux 6.12.35-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/7500bb9cf164edbb2c8117d57620227b1a4a8369 (6.16-rc1)
+CVE-2025-38224 [can: kvaser_pciefd: refine error prone echo_skb_max handling logic]
+	- linux 6.12.35-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/54ec8b08216f3be2cc98b33633d3c8ea79749895 (6.16-rc1)
+CVE-2025-38223 [ceph: avoid kernel BUG for encrypted inode with unaligned file size]
+	- linux 6.12.35-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/060909278cc0a91373a20726bd3d8ce085f480a9 (6.16-rc1)
+CVE-2025-38222 [ext4: inline: fix len overflow in ext4_prepare_inline_data]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/227cb4ca5a6502164f850d22aec3104d7888b270 (6.16-rc1)
+CVE-2025-38221 [ext4: fix out of bounds punch offset]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/b5e58bcd79625423487fa3ecba8e8411b5396327 (6.16-rc1)
+CVE-2025-38220 [ext4: only dirty folios when data journaling regular files]
+	- linux 6.12.35-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/e26268ff1dcae5662c1b96c35f18cfa6ab73d9de (6.16-rc1)
+CVE-2025-38219 [f2fs: prevent kernel warning due to negative i_nlink from corrupted image]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/42cb74a92adaf88061039601ddf7c874f58b554e (6.16-rc1)
+CVE-2025-38218 [f2fs: fix to do sanity check on sit_bitmap_size]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/5db0d252c64e91ba1929c70112352e85dc5751e7 (6.16-rc1)
+CVE-2025-38217 [hwmon: (ftsteutates) Fix TOCTOU race in fts_read()]
+	- linux 6.12.35-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/14c9ede9ca4cd078ad76a6ab9617b81074eb58bf (6.16-rc3)
+CVE-2025-38216 [iommu/vt-d: Restore context entry setup order for aliased devices]
+	- linux 6.12.35-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/320302baed05c6456164652541f23d2a96522c06 (6.16-rc1)
+CVE-2025-38215 [fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/17186f1f90d34fa701e4f14e6818305151637b9e (6.16-rc1)
+CVE-2025-38214 [fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/05f6e183879d9785a3cdf2f08a498bc31b7a20aa (6.16-rc1)
+CVE-2025-38213 [vgacon: Add check for vc_origin address range in vgacon_scroll()]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/864f9963ec6b4b76d104d595ba28110b87158003 (6.16-rc1)
+CVE-2025-38212 [ipc: fix to protect IPCS lookups using RCU]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/d66adabe91803ef34a8b90613c81267b5ded1472 (6.16-rc1)
+CVE-2025-38211 [RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/6883b680e703c6b2efddb4e7a8d891ce1803d06b (6.16-rc1)
+CVE-2025-38210 [configfs-tsm-report: Fix NULL dereference of tsm_ops]
+	- linux 6.12.35-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/fba4ceaa242d2bdf4c04b77bda41d32d02d3925d (6.16-rc1)
+CVE-2025-38209 [nvme-tcp: remove tag set when second admin queue config fails]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/e7143706702a209c814ed2c3fc6486c2a7decf6c (6.16-rc1)
+CVE-2025-38208 [smb: client: add NULL check in automount_fullpath]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/f1e7a277a1736e12cc4bd6d93b8a5c439b8ca20c (6.16-rc1)
+CVE-2025-38207 [mm: fix uprobe pte be overwritten when expanding vma]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/2b12d06c37fd3a394376f42f026a7478d826ed63 (6.16-rc1)
+CVE-2025-38206 [exfat: fix double free in delayed_free]
+	- linux 5.16.7-1
+	NOTE: https://git.kernel.org/linus/1f3d9724e16d62c7d42c67d6613b8512f2887c22 (6.16-rc1)
+CVE-2025-38205 [drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/7e40f64896e8e3dca471e287672db5ace12ea0be (6.16-rc1)
+CVE-2025-38204 [jfs: fix array-index-out-of-bounds read in add_missing_indices]
+	- linux 5.16.7-1
+	NOTE: https://git.kernel.org/linus/5dff41a86377563f7a2b968aae00d25b4ceb37c9 (6.16-rc1)
+CVE-2025-38203 [jfs: Fix null-ptr-deref in jfs_ioc_trim]
+	- linux 5.16.7-1
+	NOTE: https://git.kernel.org/linus/a4685408ff6c3e2af366ad9a7274f45ff3f394ee (6.16-rc1)
+CVE-2025-38202 [bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/d4965578267e2e81f67c86e2608481e77e9c8569 (6.16-rc1)
+CVE-2025-38201 [netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/b85e3367a5716ed3662a4fe266525190d2af76df (6.16-rc1)
+CVE-2025-38200 [i40e: fix MMIO write access to an invalid page in i40e_clear_hw]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/015bac5daca978448f2671478c553ce1f300c21e (6.16-rc1)
+CVE-2025-38199 [wifi: ath12k: Fix memory leak due to multiple rx_stats allocation]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/c426497fa2055c8005196922e7d29c41d7e0948a (6.16-rc1)
+CVE-2025-38198 [fbcon: Make sure modelist not set on unregistered console]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/cedc1b63394a866bf8663a3e40f4546f1d28c8d8 (6.16-rc1)
+CVE-2025-38197 [platform/x86: dell_rbu: Fix list usage]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/61ce04601e0d8265ec6d2ffa6df5a7e1bce64854 (6.16-rc3)
+CVE-2025-38196 [io_uring/rsrc: validate buffer count with offset for cloning]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/1d27f11bf02b38c431e49a17dee5c10a2b4c2e28 (6.16-rc3)
+CVE-2025-38195 [LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset()]
+	- linux 6.12.35-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ee084fa96123ede8b0563a1b5a9b23adc43cd50d (6.16-rc1)
+CVE-2025-38194 [jffs2: check that raw node were preallocated before writing summary]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/ec9e6f22bce433b260ea226de127ec68042849b0 (6.16-rc1)
+CVE-2025-38193 [net_sched: sch_sfq: reject invalid perturb period]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/7ca52541c05c832d32b112274f81a985101f9ba8 (6.16-rc2)
+CVE-2025-38192 [net: clear the dst when changing skb protocol]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/ba9db6f907ac02215e30128770f85fbd7db2fcf9 (6.16-rc2)
+CVE-2025-38191 [ksmbd: fix null pointer dereference in destroy_previous_session]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/7ac5b66acafcc9292fb935d7e03790f2b8b2dc0e (6.16-rc3)
+CVE-2025-38190 [atm: Revert atm_account_tx() if copy_from_iter_full() fails.]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/7851263998d4269125fd6cb3fdbfc7c6db853859 (6.16-rc3)
+CVE-2025-38189 [drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()`]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/e1bc3a13bd775791cca0bb144d977b00f3598042 (6.16-rc3)
+CVE-2025-38188 [drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE]
+	- linux 6.12.35-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/2b520c6104f34e3a548525173c38ebca4402cac3 (6.16-rc3)
+CVE-2025-38187 [drm/nouveau: fix a use-after-free in r535_gsp_rpc_push()]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9802f0a63b641f4cddb2139c814c2e95cb825099 (6.16-rc3)
+CVE-2025-38186 [bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start()]
+	- linux 6.12.35-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/1e9ac33fa271be0d2480fd732f9642d81542500b (6.16-rc3)
+CVE-2025-38185 [atm: atmtcp: Free invalid length skb in atmtcp_c_send().]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/2f370ae1fb6317985f3497b1bb80d457508ca2f7 (6.16-rc3)
+CVE-2025-38184 [tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/f82727adcf2992822e12198792af450a76ebd5ef (6.16-rc3)
+CVE-2025-38183 [net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get()]
+	- linux 6.12.35-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/e353b0854d3a1a31cb061df8d022fbfea53a0f24 (6.16-rc3)
+CVE-2025-38182 [ublk: santizize the arguments from userspace when adding a device]
+	- linux 6.12.35-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8c8472855884355caf3d8e0c50adf825f83454b2 (6.16-rc3)
+CVE-2025-38181 [calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/10876da918fa1aec0227fb4c67647513447f53a9 (6.16-rc3)
+CVE-2025-38180 [net: atm: fix /proc/net/atm/lec handling]
+	- linux 6.12.35-1
+	NOTE: https://git.kernel.org/linus/d03b79f459c7935cff830d98373474f440bd03ae (6.16-rc3)
+CVE-2025-38179 [smb: client: fix max_sge overflow in smb_extract_folioq_to_rdma()]
+	- linux 6.12.35-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a379a8a2a0032e12e7ef397197c9c2ad011588d6 (6.16-rc3)
+CVE-2025-38178 [EDAC/igen6: Fix NULL pointer dereference]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/88efa0de3285be66969b71ec137d9dab1ee19e52 (6.16-rc3)
 CVE-2025-38177 [sch_hfsc: make hfsc_qlen_notify() idempotent]
 	- linux 6.12.29-1
 	[bookworm] - linux 6.1.139-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc4c8d2024615803e01f24aa8b57f6cc264694e8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc4c8d2024615803e01f24aa8b57f6cc264694e8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250704/f360c632/attachment-0001.htm>
