[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Fri Jul 25 14:36:48 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
37719a86 by Salvatore Bonaccorso at 2025-07-25T15:36:23+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,128 @@
+CVE-2025-38402 [idpf: return 0 size for RSS key if not supported]
+	- linux 6.12.37-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f77bf1ebf8ff6301ccdbc346f7b52db928f9cbf8 (6.16-rc5)
+CVE-2025-38401 [mtk-sd: Prevent memory corruption from DMA map failure]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/f5de469990f19569627ea0dd56536ff5a13beaa3 (6.16-rc5)
+CVE-2025-38400 [nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/e8d6f3ab59468e230f3253efe5cb63efa35289f7 (6.16-rc5)
+CVE-2025-38399 [scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/d8ab68bdb294b09a761e967dad374f2965e1913f (6.16-rc3)
+CVE-2025-38398 [spi: spi-qpic-snand: reallocate BAM transactions]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d85d0380292a7e618915069c3579ae23c7c80339 (6.16-rc5)
+CVE-2025-38397 [nvme-multipath: fix suspicious RCU usage warning]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d6811074203b13f715ce2480ac64c5b1c773f2a5 (6.16-rc5)
+CVE-2025-38396 [fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass]
+	- linux 6.12.37-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/cbe4134ea4bc493239786220bd69cb8a13493190 (6.16-rc5)
+CVE-2025-38395 [regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/c9764fd88bc744592b0604ccb6b6fc1a5f76b4e3 (6.16-rc5)
+CVE-2025-38394 [HID: appletb-kbd: fix memory corruption of input_handler_list]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c80f2b047d5cc42fbd2dff9d1942d4ba7545100f (6.16-rc5)
+CVE-2025-38393 [NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/c01776287414ca43412d1319d2877cbad65444ac (6.16-rc5)
+CVE-2025-38392 [idpf: convert control queue mutex to a spinlock]
+	- linux 6.12.37-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/b2beb5bb2cd90d7939e470ed4da468683f41baa3 (6.16-rc5)
+CVE-2025-38391 [usb: typec: altmodes/displayport: do not index invalid pin_assignments]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/af4db5a35a4ef7a68046883bfd12468007db38f1 (6.16-rc5)
+CVE-2025-38390 [firmware: arm_ffa: Fix memory leak by freeing notifier callback node]
+	- linux 6.12.37-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a833d31ad867103ba72a0b73f3606f4ab8601719 (6.16-rc5)
+CVE-2025-38389 [drm/i915/gt: Fix timeline left held on VMA alloc error]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/a5aa7bc1fca78c7fa127d9e33aa94a0c9066c1d6 (6.16-rc5)
+CVE-2025-38388 [firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context]
+	- linux 6.12.37-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9ca7a421229bbdfbe2e1e628cff5cfa782720a10 (6.16-rc5)
+CVE-2025-38387 [RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/8edab8a72d67742f87e9dc2e2b0cdfddda5dc29a (6.16-rc5)
+CVE-2025-38386 [ACPICA: Refuse to evaluate a method if arguments are missing]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/6fcab2791543924d438e7fa49276d0998b0a069f (6.16-rc3)
+CVE-2025-38385 [net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect]
+	- linux 6.12.37-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/6c7ffc9af7186ed79403a3ffee9a1e5199fc7450 (6.16-rc5)
+CVE-2025-38384 [mtd: spinand: fix memory leak of ECC engine conf]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/6463cbe08b0cbf9bba8763306764f5fd643023e1 (6.16-rc3)
+CVE-2025-38383 [mm/vmalloc: fix data race in show_numa_info()]
+	- linux 6.12.37-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/5c5f0468d172ddec2e333d738d2a1f85402cf0bc (6.16-rc1)
+CVE-2025-38382 [btrfs: fix iteration of extrefs during log replay]
+	- linux 6.12.37-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/54a7081ed168b72a8a2d6ef4ba3a1259705a2926 (6.16-rc5)
+CVE-2025-38381 [Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt()]
+	- linux 6.12.37-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4cf65845fdd09d711fc7546d60c9abe010956922 (6.16-rc5)
+CVE-2025-38380 [i2c/designware: Fix an initialization issue]
+	- linux 6.12.37-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3d30048958e0d43425f6d4e76565e6249fa71050 (6.16-rc5)
+CVE-2025-38379 [smb: client: fix warning when reconnecting channel]
+	- linux 6.12.37-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3bbe46716092d8ef6b0df4b956f585c5cd0fc78e (6.16-rc5)
+CVE-2025-38378 [HID: appletb-kbd: fix slab use-after-free bug in appletb_kbd_probe]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/38224c472a038fa9ccd4085511dd9f3d6119dbf9 (6.16-rc5)
+CVE-2025-38377 [rose: fix dangling neighbour pointers in rose_rt_device_down()]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/34a500caf48c47d5171f4aa1f237da39b07c6157 (6.16-rc5)
+CVE-2025-38376 [usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume]
+	- linux 6.12.37-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/31a6afbe86e8e9deba9ab53876ec49eafc7fd901 (6.16-rc5)
+CVE-2025-38375 [virtio-net: ensure the received length does not exceed allocated size]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/315dbdd7cdf6aa533829774caaf4d25f1fd20e73 (6.16-rc5)
+CVE-2025-38374 [optee: ffa: fix sleep in atomic context]
+	- linux 6.12.37-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/312d02adb959ea199372f375ada06e0186f651e4 (6.16-rc5)
+CVE-2025-38373 [IB/mlx5: Fix potential deadlock in MR deregistration]
+	- linux 6.12.37-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/2ed25aa7f7711f508b6120e336f05cd9d49943c0 (6.16-rc5)
+CVE-2025-38372 [RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling]
+	- linux 6.12.37-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/2c6b640ea08bff1a192bf87fa45246ff1e40767c (6.16-rc5)
+CVE-2025-38371 [drm/v3d: Disable interrupts before resetting the GPU]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/226862f50a7a88e4e4de9abbf36c64d19acd6fd0 (6.16-rc5)
+CVE-2025-38370 [btrfs: fix failure to rebuild free space tree using multiple transactions]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/1e6ed33cabba8f06f532f2e5851a102602823734 (6.16-rc5)
 CVE-2025-38369 [dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using]
 	- linux 6.12.37-1
 	NOTE: https://git.kernel.org/linus/17502e7d7b7113346296f6758324798d536c31fd (6.16-rc1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37719a8606cdf3d426ac22ba655d4ec3b5f6ba49

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37719a8606cdf3d426ac22ba655d4ec3b5f6ba49
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250725/cc6d1749/attachment.htm>
