[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Fri Jul 25 15:08:37 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
040f7d98 by Salvatore Bonaccorso at 2025-07-25T16:07:02+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2025-38413 [virtio-net: xsk: rx: fix the frame's length check]
+	- linux 6.12.37-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/5177373c31318c3c6a190383bfd232e6cf565c36 (6.16-rc5)
+CVE-2025-38412 [platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks]
+	- linux 6.12.37-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/eb617dd25ca176f3fee24f873f0fd60010773d67 (6.16-rc5)
+CVE-2025-38411 [netfs: Fix double put of request]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9df7b5ebead649b00bf9a53a798e4bf83a1318fd (6.16-rc5)
+CVE-2025-38410 [drm/msm: Fix a fence leak in submit error path]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/5d319f75ccf7f0927425a7545aa1a22b3eedc189 (6.16-rc3)
+CVE-2025-38409 [drm/msm: Fix another leak in the submit error path]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/f681c2aa8676a890eacc84044717ab0fd26e058f (6.16-rc3)
+CVE-2025-38408 [genirq/irq_sim: Initialize work context pointers properly]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/8a2277a3c9e4cc5398f80821afe7ecbe9bdf2819 (6.16-rc3)
+CVE-2025-38407 [riscv: cpu_ops_sbi: Use static array for boot_data]
+	- linux 6.12.37-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/2b29be967ae456fc09c320d91d52278cf721be1e (6.16-rc5)
+CVE-2025-38406 [wifi: ath6kl: remove WARN on bad firmware input]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/e7417421d89358da071fd2930f91e67c7128fbff (6.16-rc3)
+CVE-2025-38405 [nvmet: fix memory leak of bio integrity]
+	- linux 6.12.37-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/190f4c2c863af7cc5bb354b70e0805f06419c038 (6.16-rc5)
+CVE-2025-38404 [usb: typec: displayport: Fix potential deadlock]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/099cf1fbb8afc3771f408109f62bdec66f85160e (6.16-rc5)
+CVE-2025-38403 [vsock/vmci: Clear the vmci transport packet properly when initializing it]
+	- linux 6.12.37-1
+	NOTE: https://git.kernel.org/linus/223e2288f4b8c262a864e2c03964ffac91744cd5 (6.16-rc5)
 CVE-2025-38402 [idpf: return 0 size for RSS key if not supported]
 	- linux 6.12.37-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/040f7d98df77fb1829d4db6d714a6ca05d623517

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/040f7d98df77fb1829d4db6d714a6ca05d623517
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250725/3dfc7c9a/attachment.htm>
