[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 27 19:09:30 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6637cc4e by Salvatore Bonaccorso at 2025-03-27T20:09:07+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,94 @@
+CVE-2025-21892 [RDMA/mlx5: Fix the recovery flow of the UMR QP]
+	- linux 6.12.19-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d97505baea64d93538b16baf14ce7b8c1fbad746 (6.14-rc5)
+CVE-2025-21891 [ipvlan: ensure network headers are in skb linear part]
+	- linux 6.12.19-1
+	NOTE: https://git.kernel.org/linus/27843ce6ba3d3122b65066550fe33fb8839f8aef (6.14-rc5)
+CVE-2025-21890 [idpf: fix checksums set in idpf_rx_rsc()]
+	- linux 6.12.19-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/674fcb4f4a7e3e277417a01788cc6daae47c3804 (6.14-rc5)
+CVE-2025-21889 [perf/core: Add RCU read lock protection to perf_iterate_ctx()]
+	- linux 6.12.19-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/0fe8813baf4b2e865d3b2c735ce1a15b86002c74 (6.14-rc5)
+CVE-2025-21888 [RDMA/mlx5: Fix a WARN during dereg_mr for DM type]
+	- linux 6.12.19-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/abc7b3f1f056d69a8f11d6dceecc0c9549ace770 (6.14-rc5)
+CVE-2025-21887 [ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up]
+	- linux 6.12.19-1
+	NOTE: https://git.kernel.org/linus/c84e125fff2615b4d9c259e762596134eddd2f27 (6.14-rc5)
+CVE-2025-21886 [RDMA/mlx5: Fix implicit ODP hang on parent deregistration]
+	- linux 6.12.19-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3d8c6f26893d55fab218ad086719de1fc9bb86ba (6.14-rc5)
+CVE-2025-21885 [RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers]
+	- linux 6.12.19-1
+	NOTE: https://git.kernel.org/linus/b66535356a4834a234f99e16a97eb51f2c6c5a7d (6.14-rc5)
+CVE-2025-21884 [net: better track kernel sockets lifetime]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/5c70eb5c593d64d93b178905da215a9fd288a4b5 (6.14-rc5)
+CVE-2025-21883 [ice: Fix deinitializing VF in error path]
+	- linux 6.12.19-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/79990cf5e7aded76d0c092c9f5ed31eb1c75e02c (6.14-rc5)
+CVE-2025-21882 [net/mlx5: Fix vport QoS cleanup on error]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/7f3528f7d2f98b70e19a6bb7b130fc82c079ac54 (6.14-rc5)
+CVE-2025-21881 [uprobes: Reject the shared zeropage in uprobe_write_opcode()]
+	- linux 6.12.19-1
+	NOTE: https://git.kernel.org/linus/bddf10d26e6e5114e7415a0e442ec6f51a559468 (6.14-rc5)
+CVE-2025-21880 [drm/xe/userptr: fix EFAULT handling]
+	- linux 6.12.19-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a9f4fa3a7efa65615ff7db13023ac84516e99e21 (6.14-rc5)
+CVE-2025-21879 [btrfs: fix use-after-free on inode when scanning root during em shrinking]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/59f37036bb7ab3d554c24abc856aabca01126414 (6.14-rc5)
+CVE-2025-21878 [i2c: npcm: disable interrupt enable bit before devm_request_irq]
+	- linux 6.12.19-1
+	NOTE: https://git.kernel.org/linus/dd1998e243f5fa25d348a384ba0b6c84d980f2b2 (6.14-rc5)
+CVE-2025-21877 [usbnet: gl620a: fix endpoint checking in genelink_bind()]
+	- linux 6.12.19-1
+	NOTE: https://git.kernel.org/linus/1cf9631d836b289bd5490776551961c883ae8a4f (6.14-rc5)
+CVE-2025-21876 [iommu/vt-d: Fix suspicious RCU usage]
+	- linux 6.12.19-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/b150654f74bf0df8e6a7936d5ec51400d9ec06d8 (6.14-rc5)
+CVE-2025-21875 [mptcp: always handle address removal under msk socket lock]
+	- linux 6.12.19-1
+	NOTE: https://git.kernel.org/linus/f865c24bc55158313d5779fc81116023a6940ca3 (6.14-rc5)
+CVE-2025-21874 [dm-integrity: Avoid divide by zero in table status in Inline mode]
+	- linux 6.12.19-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/7fb39882b20c98a9a393c244c86b56ef6933cff8 (6.14-rc5)
+CVE-2025-21873 [scsi: ufs: core: bsg: Fix crash when arpmb command fails]
+	- linux 6.12.19-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f27a95845b01e86d67c8b014b4f41bd3327daa63 (6.14-rc5)
+CVE-2025-21872 [efi: Don't map the entire mokvar table to determine its size]
+	- linux 6.12.19-1
+	NOTE: https://git.kernel.org/linus/2b90e7ace79774a3540ce569e000388f8d22c9e0 (6.14-rc5)
+CVE-2024-58091 [drm/fbdev-dma: Add shadow buffering for deferred I/O]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3603996432997f7c88da37a97062a46cda01ac9d (6.14-rc5)
+CVE-2024-58090 [sched/core: Prevent rescheduling when interrupts are disabled]
+	- linux 6.12.19-1
+	NOTE: https://git.kernel.org/linus/82c387ef7568c0d96a918a5a78d9cad6256cfa15 (6.14-rc5)
 CVE-2025-21871 [tee: optee: Fix supplicant wait loop]
 	- linux 6.12.17-1
 	NOTE: https://git.kernel.org/linus/70b0d6b0a199c5a3ee6c72f5e61681ed6f759612 (6.14-rc4)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6637cc4eacc42839150bfdcd186403086dd8b047

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6637cc4eacc42839150bfdcd186403086dd8b047
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250327/7840f792/attachment.htm>

More information about the debian-security-tracker-commits mailing list