[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Mar 12 10:19:50 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b637e6aa by Salvatore Bonaccorso at 2025-03-12T11:18:48+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,97 @@
+CVE-2025-21866 [powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC]
+	- linux 6.12.17-1
+	NOTE: https://git.kernel.org/linus/d262a192d38e527faa5984629aabda2e0d1c4f54 (6.14-rc4)
+CVE-2025-21865 [gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().]
+	- linux 6.12.17-1
+	NOTE: https://git.kernel.org/linus/4ccacf86491d33d2486b62d4d44864d7101b299d (6.14-rc4)
+CVE-2025-21864 [tcp: drop secpath at the same time as we currently drop dst]
+	- linux 6.12.17-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9b6412e6979f6f9e0632075f8f008937b5cd4efd (6.14-rc4)
+CVE-2025-21863 [io_uring: prevent opcode speculation]
+	- linux 6.12.17-1
+	NOTE: https://git.kernel.org/linus/1e988c3fe1264708f4f92109203ac5b1d65de50b (6.14-rc4)
+CVE-2025-21862 [drop_monitor: fix incorrect initialization order]
+	- linux 6.12.17-1
+	NOTE: https://git.kernel.org/linus/07b598c0e6f06a0f254c88dafb4ad50f8a8c6eea (6.14-rc4)
+CVE-2025-21861 [mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize()]
+	- linux 6.12.17-1
+	NOTE: https://git.kernel.org/linus/41cddf83d8b00f29fd105e7a0777366edc69a5cf (6.14-rc4)
+CVE-2025-21860 [mm/zswap: fix inconsistency when zswap_store_page() fails]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/63895d20d63b446f5049a963983489319c2ea3e2 (6.14-rc4)
+CVE-2025-21859 [USB: gadget: f_midi: f_midi_complete to call queue_work]
+	- linux 6.12.17-1
+	NOTE: https://git.kernel.org/linus/4ab37fcb42832cdd3e9d5e50653285ca84d6686f (6.14-rc3)
+CVE-2025-21858 [geneve: Fix use-after-free in geneve_find_dev().]
+	- linux 6.12.17-1
+	NOTE: https://git.kernel.org/linus/9593172d93b9f91c362baec4643003dc29802929 (6.14-rc4)
+CVE-2025-21857 [net/sched: cls_api: fix error handling causing NULL dereference]
+	- linux 6.12.17-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/071ed42cff4fcdd89025d966d48eabef59913bf2 (6.14-rc4)
+CVE-2025-21856 [s390/ism: add release function for struct device]
+	- linux 6.12.17-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/915e34d5ad35a6a9e56113f852ade4a730fb88f0 (6.14-rc4)
+CVE-2025-21855 [ibmvnic: Don't reference skb after sending to VIOS]
+	- linux 6.12.17-1
+	NOTE: https://git.kernel.org/linus/bdf5d13aa05ec314d4385b31ac974d6c7e0997c9 (6.14-rc4)
+CVE-2025-21854 [sockmap, vsock: For connectible sockets allow only connected]
+	- linux 6.12.17-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8fb5bb169d17cdd12c2dcc2e96830ed487d77a0f (6.14-rc4)
+CVE-2025-21853 [bpf: avoid holding freeze_mutex during mmap operation]
+	- linux 6.12.17-1
+	NOTE: https://git.kernel.org/linus/bc27c52eea189e8f7492d40739b7746d67b65beb (6.14-rc4)
+CVE-2025-21852 [net: Add rx_skb of kfree_skb to raw_tp_null_args[].]
+	- linux 6.12.17-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/5da7e15fb5a12e78de974d8908f348e279922ce9 (6.14-rc4)
+CVE-2025-21851 [bpf: Fix softlockup in arena_map_free on 64k page kernel]
+	- linux 6.12.17-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/517e8a7835e8cfb398a0aeb0133de50e31cae32b (6.14-rc4)
+CVE-2025-21850 [nvmet: Fix crash when a namespace is disabled]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4082326807072b71496501b6a0c55ffe8d5092a5 (6.14-rc4)
+CVE-2025-21849 [drm/i915/gt: Use spin_lock_irqsave() in interruptible context]
+	- linux 6.12.17-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/e49477f7f78598295551d486ecc7f020d796432e (6.14-rc4)
+CVE-2025-21848 [nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()]
+	- linux 6.12.17-1
+	NOTE: https://git.kernel.org/linus/878e7b11736e062514e58f3b445ff343e6705537 (6.14-rc4)
+CVE-2025-21847 [ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()]
+	- linux 6.12.17-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d8d99c3b5c485f339864aeaa29f76269cc0ea975 (6.14-rc4)
+CVE-2025-21846 [acct: perform last write from workqueue]
+	- linux 6.12.17-1
+	NOTE: https://git.kernel.org/linus/56d5f3eba3f5de0efdd556de4ef381e109b973a9 (6.14-rc4)
+CVE-2025-21845 [mtd: spi-nor: sst: Fix SST write failure]
+	- linux 6.12.17-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/539bd20352832b9244238a055eb169ccf1c41ff6 (6.14-rc4)
+CVE-2025-21844 [smb: client: Add check for next_buffer in receive_encrypted_standard()]
+	- linux 6.12.17-1
+	NOTE: https://git.kernel.org/linus/860ca5e50f73c2a1cef7eefc9d39d04e275417f7 (6.14-rc4)
+CVE-2024-58089 [btrfs: fix double accounting race when btrfs_run_delalloc_range() failed]
+	- linux 6.12.17-1
+	NOTE: https://git.kernel.org/linus/72dad8e377afa50435940adfb697e070d3556670 (6.14-rc1)
+CVE-2024-58088 [bpf: Fix deadlock when freeing cgroup storage]
+	- linux 6.12.17-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c78f4afbd962f43a3989f45f3ca04300252b19b5 (6.14-rc4)
 CVE-2025-2233 (Samsung SmartThings Improper Verification of Cryptographic Signature A ...)
 	TODO: check
 CVE-2025-2220 (A vulnerability was found in Odyssey CMS up to 10.34. It has been clas ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b637e6aaa6825745b6cbcaf9f47f9c2ed7218cdf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b637e6aaa6825745b6cbcaf9f47f9c2ed7218cdf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250312/becd77d6/attachment.htm>

More information about the debian-security-tracker-commits mailing list