[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 7 19:36:00 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
343b3aa2 by Salvatore Bonaccorso at 2025-03-07T20:35:07+01:00
Merge Linux CVEs from kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,38 @@
+CVE-2025-21843 [drm/panthor: avoid garbage value in panthor_ioctl_dev_query()]
+ - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/3b32b7f638fe61e9d29290960172f4e360e38233 (6.14-rc3)
+CVE-2025-21842 [amdkfd: properly free gang_ctx_bo when failed to init user queue]
+ - linux 6.12.16-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/a33f7f9660705fb2ecf3467b2c48965564f392ce (6.14-rc3)
+CVE-2025-21841 [cpufreq/amd-pstate: Fix cpufreq_policy ref counting]
+ - linux 6.12.16-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/3ace20038e19f23fe73259513f1f08d4bf1a3c83 (6.14-rc2)
+CVE-2025-21840 [thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header]
+ - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/c195b9c6ab9c383d7aa3f4a65879b3ca90cb378b (6.14-rc3)
+CVE-2025-21839 [KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop]
+ - linux 6.12.16-1
+ NOTE: https://git.kernel.org/linus/c2fee09fc167c74a64adb08656cb993ea475197e (6.14-rc3)
+CVE-2025-21838 [usb: gadget: core: flush gadget workqueue after device removal]
+ - linux 6.12.16-1
+ NOTE: https://git.kernel.org/linus/399a45e5237ca14037120b1b895bd38a3b4492ea (6.14-rc3)
+CVE-2025-21837 [io_uring/uring_cmd: unconditionally copy SQEs at prep time]
+ - linux <unfixed>
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/d6211ebbdaa541af197b50b8dd8f22642ce0b87f (6.14-rc3)
+CVE-2025-21836 [io_uring/kbuf: reallocate buf lists on upgrade]
+ - linux 6.12.16-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/8802766324e1f5d414a81ac43365c20142e85603 (6.14-rc3)
+CVE-2025-21835 [usb: gadget: f_midi: fix MIDI Streaming descriptor lengths]
+ - linux 6.12.16-1
+ [bookworm] - linux 6.1.129-1
+ NOTE: https://git.kernel.org/linus/da1668997052ed1cb00322e1f3b63702615c9429 (6.14-rc3)
CVE-2025-26865
NOT-FOR-US: Apache OFBiz
CVE-2025-XXXX [RUSTSEC-2025-0009]
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/343b3aa260f48a7dfb43234af165b92c166f8e57
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/343b3aa260f48a7dfb43234af165b92c166f8e57
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250307/c40d8df0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list