[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 8 08:50:10 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7739e9c4 by Salvatore Bonaccorso at 2025-05-08T09:49:44+02:00
Merge Linux CVEs from kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,148 @@
+CVE-2025-37834 [mm/vmscan: don't try to reclaim hwpoison folio]
+ - linux 6.12.27-1
+ NOTE: https://git.kernel.org/linus/1b0449544c6482179ac84530b61fc192a6527bfd (6.15-rc1)
+CVE-2025-37833 [net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads]
+ - linux 6.12.27-1
+ NOTE: https://git.kernel.org/linus/fbb429ddff5c8e479edcc7dde5a542c9295944e6 (6.15-rc3)
+CVE-2025-37832 [cpufreq: sun50i: prevent out-of-bounds access]
+ - linux 6.12.27-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/14c8a418159e541d70dbf8fc71225d1623beaf0f (6.15-rc4)
+CVE-2025-37831 [cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate()]
+ - linux 6.12.27-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9992649f6786921873a9b89dafa5e04d8c5fef2b (6.15-rc4)
+CVE-2025-37830 [cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()]
+ - linux 6.12.27-1
+ [bookworm] - linux 6.1.137-1
+ NOTE: https://git.kernel.org/linus/484d3f15cc6cbaa52541d6259778e715b2c83c54 (6.15-rc4)
+CVE-2025-37829 [cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()]
+ - linux 6.12.27-1
+ [bookworm] - linux 6.1.137-1
+ NOTE: https://git.kernel.org/linus/73b24dc731731edf762f9454552cb3a5b7224949 (6.15-rc4)
+CVE-2025-37828 [scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort()]
+ - linux 6.12.27-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/4c324085062919d4e21c69e5e78456dcec0052fe (6.15-rc4)
+CVE-2025-37827 [btrfs: zoned: return EIO on RAID1 block group write pointer mismatch]
+ - linux 6.12.27-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b0c26f47992672661340dd6ea931240213016609 (6.15-rc4)
+CVE-2025-37826 [scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()]
+ - linux 6.12.27-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/08a966a917fe3d92150fa3cc15793ad5e57051eb (6.15-rc4)
+CVE-2025-37825 [nvmet: fix out-of-bounds access in nvmet_enable_port]
+ - linux <unfixed>
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/3d7aa0c7b4e96cd460826d932e44710cdeb3378b (6.15-rc4)
+CVE-2025-37824 [tipc: fix NULL pointer dereference in tipc_mon_reinit_self()]
+ - linux 6.12.27-1
+ [bookworm] - linux 6.1.137-1
+ NOTE: https://git.kernel.org/linus/d63527e109e811ef11abb1c2985048fdb528b4cb (6.15-rc4)
+CVE-2025-37823 [net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too]
+ - linux 6.12.27-1
+ [bookworm] - linux 6.1.137-1
+ NOTE: https://git.kernel.org/linus/6ccbda44e2cc3d26fd22af54c650d6d5d801addf (6.15-rc4)
+CVE-2025-37822 [riscv: uprobes: Add missing fence.i after building the XOL buffer]
+ - linux 6.12.27-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/7d1d19a11cfbfd8bae1d89cc010b2cc397cd0c48 (6.15-rc4)
+CVE-2025-37821 [sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash]
+ - linux <unfixed>
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/bbce3de72be56e4b5f68924b7da9630cc89aa1a8 (6.15-rc4)
+CVE-2025-37820 [xen-netfront: handle NULL returned by xdp_convert_buff_to_frame()]
+ - linux 6.12.27-1
+ [bookworm] - linux 6.1.137-1
+ NOTE: https://git.kernel.org/linus/cc3628dcd851ddd8d418bf0c897024b4621ddc92 (6.15-rc4)
+CVE-2025-37819 [irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()]
+ - linux 6.12.27-1
+ NOTE: https://git.kernel.org/linus/3318dc299b072a0511d6dfd8367f3304fb6d9827 (6.15-rc4)
+CVE-2025-37818 [LoongArch: Return NULL from huge_pte_offset() for invalid PMD]
+ - linux 6.12.27-1
+ [bookworm] - linux 6.1.137-1
+ NOTE: https://git.kernel.org/linus/bd51834d1cf65a2c801295d230c220aeebf87a73 (6.15-rc4)
+CVE-2025-37817 [mcb: fix a double free bug in chameleon_parse_gdd()]
+ - linux 6.12.27-1
+ [bookworm] - linux 6.1.137-1
+ NOTE: https://git.kernel.org/linus/7c7f1bfdb2249f854a736d9b79778c7e5a29a150 (6.15-rc4)
+CVE-2025-37816 [mei: vsc: Fix fortify-panic caused by invalid counted_by() use]
+ - linux 6.12.27-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/00f1cc14da0f06d2897b8c528df7c7dcf1b8da50 (6.15-rc4)
+CVE-2025-37815 [misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration]
+ - linux 6.12.27-1
+ [bookworm] - linux 6.1.137-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/18eb77c75ed01439f96ae5c0f33461eb5134b907 (6.15-rc4)
+CVE-2025-37814 [tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT]
+ - linux 6.12.27-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ee6a44da3c87cf64d67dd02be8c0127a5bf56175 (6.15-rc4)
+CVE-2025-37813 [usb: xhci: Fix invalid pointer dereference in Etron workaround]
+ - linux 6.12.27-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/1ea050da5562af9b930d17cbbe9632d30f5df43a (6.15-rc4)
+CVE-2025-37812 [usb: cdns3: Fix deadlock when using NCM gadget]
+ - linux 6.12.27-1
+ [bookworm] - linux 6.1.137-1
+ NOTE: https://git.kernel.org/linus/a1059896f2bfdcebcdc7153c3be2307ea319501f (6.15-rc4)
+CVE-2025-37811 [usb: chipidea: ci_hdrc_imx: fix usbmisc handling]
+ - linux 6.12.27-1
+ [bookworm] - linux 6.1.137-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/4e28f79e3dffa52d327b46d1a78dac16efb5810b (6.15-rc4)
+CVE-2025-37810 [usb: dwc3: gadget: check that event count does not exceed event buffer length]
+ - linux 6.12.27-1
+ [bookworm] - linux 6.1.137-1
+ NOTE: https://git.kernel.org/linus/63ccd26cd1f6600421795f6ca3e625076be06c9f (6.15-rc4)
+CVE-2025-37809 [usb: typec: class: Fix NULL pointer access]
+ - linux 6.12.27-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ec27386de23a511008c53aa2f3434ad180a3ca9a (6.15-rc4)
+CVE-2025-37808 [crypto: null - Use spin lock instead of mutex]
+ - linux 6.12.27-1
+ [bookworm] - linux 6.1.137-1
+ NOTE: https://git.kernel.org/linus/dcc47a028c24e793ce6d6efebfef1a1e92f80297 (6.15-rc1)
+CVE-2025-37807 [bpf: Fix kmemleak warning for percpu hashmap]
+ - linux 6.12.27-1
+ NOTE: https://git.kernel.org/linus/11ba7ce076e5903e7bdc1fd1498979c331b3c286 (6.15-rc1)
+CVE-2025-37806 [fs/ntfs3: Keep write operations atomic]
+ - linux 6.12.27-1
+ NOTE: https://git.kernel.org/linus/285cec318bf5a7a6c8ba999b2b6ec96f9a20590f (6.15-rc1)
+CVE-2025-37805 [sound/virtio: Fix cancel_sync warnings on uninitialized work_structs]
+ - linux 6.12.27-1
+ [bookworm] - linux 6.1.137-1
+ NOTE: https://git.kernel.org/linus/3c7df2e27346eb40a0e86230db1ccab195c97cfe (6.15-rc1)
+CVE-2025-37804 [io_uring: always do atomic put from iowq]
+ - linux 6.12.27-1
+ NOTE: https://git.kernel.org/linus/390513642ee6763c7ada07f0a1470474986e6c1c (6.15-rc1)
+CVE-2025-37803 [udmabuf: fix a buf size overflow issue during udmabuf creation]
+ - linux 6.7.7-1
+ [bookworm] - linux 6.1.137-1
+ NOTE: https://git.kernel.org/linus/021ba7f1babd029e714d13a6bf2571b08af96d0f (6.15-rc2)
+CVE-2025-37802 [ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING"]
+ - linux 6.12.27-1
+ NOTE: https://git.kernel.org/linus/1df0d4c616138784e033ad337961b6e1a6bcd999 (6.15-rc3)
+CVE-2025-37801 [spi: spi-imx: Add check for spi_imx_setupxfer()]
+ - linux 6.12.27-1
+ [bookworm] - linux 6.1.137-1
+ NOTE: https://git.kernel.org/linus/951a04ab3a2db4029debfa48d380ef834b93207e (6.15-rc3)
+CVE-2025-37800 [driver core: fix potential NULL pointer dereference in dev_uevent()]
+ - linux 6.12.27-1
+ NOTE: https://git.kernel.org/linus/18daa52418e7e4629ed1703b64777294209d2622 (6.15-rc4)
CVE-2025-XXXX [ZDI-CAN-26752]
- gimp <unfixed>
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/13910
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7739e9c4b9c1d5bd1beaa111bb32593436e920ef
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7739e9c4b9c1d5bd1beaa111bb32593436e920ef
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250508/c962253a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list