[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 9 10:20:39 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eac76c6f by Salvatore Bonaccorso at 2025-05-09T11:20:15+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,104 @@
+CVE-2025-37862 [HID: pidff: Fix null pointer dereference in pidff_find_fields]
+	- linux 6.12.25-1
+	[bookworm] - linux 6.1.135-1
+	NOTE: https://git.kernel.org/linus/22a05462c3d0eee15154faf8d13c49e6295270a5 (6.15-rc1)
+CVE-2025-37861 [scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue]
+	- linux 6.12.25-1
+	NOTE: https://git.kernel.org/linus/f195fc060c738d303a21fae146dbf85e1595fb4c (6.15-rc1)
+CVE-2025-37859 [page_pool: avoid infinite loop to schedule delayed worker]
+	- linux 6.12.25-1
+	[bookworm] - linux 6.1.135-1
+	NOTE: https://git.kernel.org/linus/43130d02baa137033c25297aaae95fd0edc41654 (6.15-rc1)
+CVE-2025-37858 [fs/jfs: Prevent integer overflow in AG size calculation]
+	- linux 6.12.25-1
+	[bookworm] - linux 6.1.135-1
+	NOTE: https://git.kernel.org/linus/7fcbf789629cdb9fbf4e2172ce31136cfed11e5e (6.15-rc1)
+CVE-2025-37857 [scsi: st: Fix array overflow in st_setup()]
+	- linux 6.12.25-1
+	[bookworm] - linux 6.1.135-1
+	NOTE: https://git.kernel.org/linus/a018d1cf990d0c339fe0e29b762ea5dc10567d67 (6.15-rc1)
+CVE-2025-37856 [btrfs: harden block_group::bg_list against list_del() races]
+	- linux 6.12.25-1
+	NOTE: https://git.kernel.org/linus/7511e29cf1355b2c47d0effb39e463119913e2f6 (6.15-rc1)
+CVE-2025-37855 [drm/amd/display: Guard Possible Null Pointer Dereference]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/c87d202692de34ee71d1fd4679a549a29095658a (6.15-rc1)
+CVE-2025-37854 [drm/amdkfd: Fix mode1 reset crash issue]
+	- linux 6.12.25-1
+	[bookworm] - linux 6.1.135-1
+	NOTE: https://git.kernel.org/linus/f0b4440cdc1807bb6ec3dce0d6de81170803569b (6.15-rc1)
+CVE-2025-37853 [drm/amdkfd: debugfs hang_hws skip GPU with MES]
+	- linux 6.12.25-1
+	NOTE: https://git.kernel.org/linus/fe9d0061c413f8fb8c529b18b592b04170850ded (6.15-rc1)
+CVE-2025-37852 [drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create()]
+	- linux 6.12.25-1
+	[bookworm] - linux 6.1.135-1
+	NOTE: https://git.kernel.org/linus/1435e895d4fc967d64e9f5bf81e992ac32f5ac76 (6.15-rc1)
+CVE-2025-37851 [fbdev: omapfb: Add 'plane' value check]
+	- linux 6.12.25-1
+	[bookworm] - linux 6.1.135-1
+	NOTE: https://git.kernel.org/linus/3e411827f31db7f938a30a3c7a7599839401ec30 (6.15-rc1)
+CVE-2025-37850 [pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()]
+	- linux 6.12.25-1
+	[bookworm] - linux 6.1.135-1
+	NOTE: https://git.kernel.org/linus/7ca59947b5fcf94e7ea4029d1bd0f7c41500a161 (6.15-rc2)
+CVE-2025-37849 [KVM: arm64: Tear down vGIC on failed vCPU creation]
+	- linux 6.12.25-1
+	[bookworm] - linux 6.1.135-1
+	NOTE: https://git.kernel.org/linus/250f25367b58d8c65a1b060a2dda037eea09a672 (6.15-rc1)
+CVE-2025-37848 [accel/ivpu: Fix PM related deadlocks in MS IOCTLs]
+	- linux 6.12.25-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d893da85e06edf54737bb80648bb58ba8fd56d9f (6.15-rc2)
+CVE-2025-37847 [accel/ivpu: Fix deadlock in ivpu_ms_cleanup()]
+	- linux 6.12.25-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9a6f56762d23a1f3af15e67901493c927caaf882 (6.15-rc2)
+CVE-2025-37846 [arm64: mops: Do not dereference src reg for a set operation]
+	- linux 6.12.25-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a13bfa4fe0d6949cea14718df2d1fe84c38cd113 (6.15-rc1)
+CVE-2025-37845 [tracing: fprobe events: Fix possible UAF on modules]
+	- linux 6.12.25-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/dd941507a9486252d6fcf11814387666792020f3 (6.15-rc2)
+CVE-2025-37844 [cifs: avoid NULL pointer dereference in dbg call]
+	- linux 6.12.25-1
+	[bookworm] - linux 6.1.135-1
+	NOTE: https://git.kernel.org/linus/b4885bd5935bb26f0a414ad55679a372e53f9b9b (6.15-rc1)
+CVE-2025-37843 [PCI: pciehp: Avoid unnecessary device replacement check]
+	- linux 6.12.25-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/e3260237aaadc9799107ccb940c6688195c4518d (6.15-rc1)
+CVE-2025-37842 [spi: fsl-qspi: use devm function instead of driver remove]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/40369bfe717e96e26650eeecfa5a6363563df6e4 (6.15-rc1)
+CVE-2025-37841 [pm: cpupower: bench: Prevent NULL dereference on malloc failure]
+	- linux 6.12.25-1
+	[bookworm] - linux 6.1.135-1
+	NOTE: https://git.kernel.org/linus/208baa3ec9043a664d9acfb8174b332e6b17fb69 (6.15-rc1)
+CVE-2025-37840 [mtd: rawnand: brcmnand: fix PM resume warning]
+	- linux 6.12.25-1
+	[bookworm] - linux 6.1.135-1
+	NOTE: https://git.kernel.org/linus/ddc210cf8b8a8be68051ad958bf3e2cef6b681c2 (6.15-rc1)
+CVE-2025-37839 [jbd2: remove wrong sb->s_sequence check]
+	- linux 6.12.25-1
+	[bookworm] - linux 6.1.135-1
+	NOTE: https://git.kernel.org/linus/e6eff39dd0fe4190c6146069cc16d160e71d1148 (6.15-rc1)
+CVE-2025-37837 [iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent()]
+	- linux 6.12.25-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/767e22001dfce64cc03b7def1562338591ab6031 (6.15-rc2)
+CVE-2025-37836 [PCI: Fix reference leak in pci_register_host_bridge()]
+	- linux 6.12.25-1
+	[bookworm] - linux 6.1.137-1
+	NOTE: https://git.kernel.org/linus/804443c1f27883926de94c849d91f5b7d7d696e9 (6.15-rc1)
 CVE-2025-37835 [smb: client: Fix netns refcount imbalance causing leaks and use-after-free]
 	- linux 6.12.25-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eac76c6f2f8b7d21362dfea4a19431449045df54

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eac76c6f2f8b7d21362dfea4a19431449045df54
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250509/67a00ebf/attachment.htm>

More information about the debian-security-tracker-commits mailing list