[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jul 28 18:05:40 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
67e68614 by Salvatore Bonaccorso at 2025-07-28T19:05:30+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,104 @@
+CVE-2025-38497 [usb: gadget: configfs: Fix OOB read on empty string write]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/3014168731b7930300aab656085af784edc861f6 (6.16-rc7)
+CVE-2025-38496 [dm-bufio: fix sched in atomic context]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/b1bf1a782fdf5c482215c0c661b5da98b8e75773 (6.16-rc7)
+CVE-2025-38495 [HID: core: ensure the allocated report buffer can contain the reserved report ID]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/4f15ee98304b96e164ff2340e1dfd6181c3f42aa (6.16-rc7)
+CVE-2025-38494 [HID: core: do not bypass hid_hw_raw_request]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/c2ca42f190b6714d6c481dfd3d9b62ea091c946b (6.16-rc7)
+CVE-2025-38493 [tracing/osnoise: Fix crash in timerlat_dump_stack()]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/85a3bce695b361d85fc528e6fbb33e4c8089c806 (6.16-rc7)
+CVE-2025-38492 [netfs: Fix race between cache write completion and ALL_QUEUED being set]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/89635eae076cd8eaa5cb752f66538c9dc6c9fdc3 (6.16-rc7)
+CVE-2025-38491 [mptcp: make fallback action and fallback decision atomic]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/f8a1d9b18c5efc76784f5a326e905f641f839894 (6.16-rc7)
+CVE-2025-38490 [net: libwx: remove duplicate page_pool_put_full_page()]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/1b7e585c04cd5f0731dd25ffd396277e55fae0e6 (6.16-rc7)
+CVE-2025-38489 [s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/6a5abf8cf182f577c7ae6c62f14debc9754ec986 (6.16-rc7)
+CVE-2025-38488 [smb: client: fix use-after-free in crypt_message when using async crypto]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/b220bed63330c0e1733dc06ea8e75d5b9962b6b6 (6.16-rc7)
+CVE-2025-38487 [soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/56448e78a6bb4e1a8528a0e2efe94eff0400c247 (6.16-rc7)
+CVE-2025-38486 [soundwire: Revert "soundwire: qcom: Add set_channel_map api support"]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/834bce6a715ae9a9c4dce7892454a19adf22b013 (6.16-rc7)
+CVE-2025-38485 [iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/1fe16dc1a2f5057772e5391ec042ed7442966c9a (6.16-rc7)
+CVE-2025-38484 [iio: backend: fix out-of-bound write]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/da9374819eb3885636934c1006d450c3cb1a02ed (6.16-rc7)
+CVE-2025-38483 [comedi: das16m1: Fix bit shift out of bounds]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/ed93c6f68a3be06e4e0c331c6e751f462dee3932 (6.16-rc7)
+CVE-2025-38482 [comedi: das6402: Fix bit shift out of bounds]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/70f2b28b5243df557f51c054c20058ae207baaac (6.16-rc7)
+CVE-2025-38481 [comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/08ae4b20f5e82101d77326ecab9089e110f224cc (6.16-rc7)
+CVE-2025-38480 [comedi: Fix use of uninitialized data in insn_rw_emulate_bits()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/e9cb26291d009243a4478a7ffb37b3a9175bfce9 (6.16-rc7)
+CVE-2025-38478 [comedi: Fix initialization of data for instructions that write to subdevice]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/46d8c744136ce2454aa4c35c138cc06817f92b8e (6.16-rc7)
+CVE-2025-38477 [net/sched: sch_qfq: Fix race condition on qfq_aggregate]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/5e28d5a3f774f118896aec17a3a20a9c5c9dfc64 (6.16-rc7)
+CVE-2025-38476 [rpl: Fix use-after-free in rpl_do_srh_inline().]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/b640daa2822a39ff76e70200cb2b7b892b896dce (6.16-rc7)
+CVE-2025-38475 [smc: Fix various oops due to inet_sock type confusion.]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/60ada4fe644edaa6c2da97364184b0425e8aeaf5 (6.16-rc7)
+CVE-2025-38474 [usb: net: sierra: check for no status endpoint]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/4c4ca3c46167518f8534ed70f6e3b4bf86c4d158 (6.16-rc7)
+CVE-2025-38473 [Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/a0075accbf0d76c2dad1ad3993d2e944505d99a0 (6.16-rc7)
+CVE-2025-38472 [netfilter: nf_conntrack: fix crash due to removal of uninitialised entry]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/2d72afb340657f03f7261e9243b44457a9228ac7 (6.16-rc7)
+CVE-2025-38471 [tls: always refresh the queue when reading sock]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4ab26bce3969f8fd925fe6f6f551e4d1a508c68b (6.16-rc7)
+CVE-2025-38470 [net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/579d4f9ca9a9a605184a9b162355f6ba131f678d (6.16-rc7)
+CVE-2025-38469 [KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/5a53249d149f48b558368c5338b9921b76a12f8c (6.16)
 CVE-2025-38468 [net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree]
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/0e1d5d9b5c5966e2e42e298670808590db5ed628 (6.16-rc7)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67e68614c3fdc9896599d77295c6af8d6c77db4c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67e68614c3fdc9896599d77295c6af8d6c77db4c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250728/f32f7b3f/attachment.htm>

More information about the debian-security-tracker-commits mailing list