[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
171e5fc5 by Salvatore Bonaccorso at 2025-07-25T15:30:40+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2025-38369 [dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/17502e7d7b7113346296f6758324798d536c31fd (6.16-rc1)
+CVE-2025-38368 [misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe()]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/a99b598d836c9c6411110c70a2da134c78d96e67 (6.16-rc1)
+CVE-2025-38367 [LoongArch: KVM: Avoid overflow with array index]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/080e8d2ecdfde588897aa8a87a8884061f4dbbbb (6.16-rc4)
+CVE-2025-38366 [LoongArch: KVM: Check validity of "num_cpu" from user space]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/cc8d5b209e09d3b52bca1ffe00045876842d96ae (6.16-rc4)
+CVE-2025-38365 [btrfs: fix a race between renames and directory logging]
+	- linux 6.12.37-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3ca864de852bc91007b32d2a0d48993724f4abad (6.16-rc4)
+CVE-2025-38364 [maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()]
+	- linux 6.12.37-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/fba46a5d83ca8decb338722fb4899026d8d9ead2 (6.16-rc4)
+CVE-2025-38363 [drm/tegra: Fix a possible null pointer dereference]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/780351a5f61416ed2ba1199cc57e4a076fca644d (6.16-rc1)
+CVE-2025-38362 [drm/amd/display: Add null pointer check for get_first_active_display()]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/c3e9826a22027a21d998d3e64882fa377b613006 (6.16-rc1)
+CVE-2025-38361 [drm/amd/display: Check dce_hwseq before dereferencing it]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/b669507b637eb6b1aaecf347f193efccc65d756e (6.16-rc3)
+CVE-2025-38360 [drm/amd/display: Add more checks for DSC / HUBP ONO guarantees]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/0d57dd1765d311111d9885346108c4deeae1deb4 (6.16-rc3)
+CVE-2025-38359 [s390/mm: Fix in_atomic() handling in do_secure_storage_access()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/11709abccf93b08adde95ef313c300b0d4bc28f1 (6.16-rc1)
+CVE-2025-38358 [btrfs: fix race between async reclaim worker and close_ctree()]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a26bf338cdad3643a6e7c3d78a172baadba15c1a (6.16-rc4)
+CVE-2025-38357 [fuse: fix runtime warning on truncate_folio_batch_exceptionals()]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/befd9a71d859ea625eaa84dae1b243efb3df3eca (6.16-rc4)
+CVE-2025-38356 [drm/xe/guc: Explicitly exit CT safe mode on unwind]
+	- linux 6.12.37-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ad40098da5c3b43114d860a5b5740e7204158534 (6.16-rc4)
+CVE-2025-38355 [drm/xe: Process deferred GGTT node removals on device unwind]
+	- linux 6.12.37-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/af2b588abe006bd55ddd358c4c3b87523349c475 (6.16-rc4)
+CVE-2025-38354 [drm/msm/gpu: Fix crash when throttling GPU immediately during boot]
+	- linux 6.12.37-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/b71717735be48d7743a34897e9e44a0b53e30c0e (6.16-rc1)
+CVE-2025-38353 [drm/xe: Fix taking invalid lock on wedge]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/1e1981b16bb1bbe2fafa57ed439b45cb5b34e32d (6.16-rc1)
 CVE-2025-8137 (A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521  ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2025-8136 (A vulnerability, which was classified as critical, was found in TOTOLI ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/171e5fc5b0b04c6bccfe7f72223fd9cb88130487

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/171e5fc5b0b04c6bccfe7f72223fd9cb88130487
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250725/3cb55d61/attachment-0001.htm>