[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
03644ac1 by Salvatore Bonaccorso at 2025-05-09T11:28:18+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2025-37888 [net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table()]
+	- linux 6.12.27-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/91037037ee3d611ce17f39d75f79c7de394b122a (6.15-rc4)
+CVE-2025-37887 [pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result]
+	- linux 6.12.27-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/2567daad69cd1107fc0ec29b1615f110d7cf7385 (6.15-rc4)
+CVE-2025-37886 [pds_core: make wait_context part of q_info]
+	- linux 6.12.27-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3f77c3dfffc7063428b100c4945ca2a7a8680380 (6.15-rc4)
+CVE-2025-37885 [KVM: x86: Reset IRTE to host control if *new* route isn't postable]
+	- linux 6.12.27-1
+	[bookworm] - linux 6.1.137-1
+	NOTE: https://git.kernel.org/linus/9bcac97dc42d2f4da8229d18feb0fe2b1ce523a2 (6.15-rc4)
+CVE-2025-37884 [bpf: Fix deadlock between rcu_tasks_trace and event_mutex.]
+	- linux 6.12.27-1
+	[bookworm] - linux 6.1.137-1
+	NOTE: https://git.kernel.org/linus/4580f4e0ebdf8dc8d506ae926b88510395a0c1d1 (6.15-rc1)
+CVE-2025-37883 [s390/sclp: Add check for get_zeroed_page()]
+	- linux 6.12.27-1
+	[bookworm] - linux 6.1.137-1
+	NOTE: https://git.kernel.org/linus/3db42c75a921854a99db0a2775814fef97415bac (6.15-rc1)
+CVE-2025-37882 [usb: xhci: Fix isochronous Ring Underrun/Overrun event handling]
+	- linux 6.12.27-1
+	NOTE: https://git.kernel.org/linus/906dec15b9b321b546fd31a3c99ffc13724c7af4 (6.15-rc1)
+CVE-2025-37881 [usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()]
+	- linux 6.12.27-1
+	[bookworm] - linux 6.1.137-1
+	NOTE: https://git.kernel.org/linus/8c75f3e6a433d92084ad4e78b029ae680865420f (6.15-rc1)
+CVE-2025-37880 [um: work around sched_yield not yielding in time-travel mode]
+	- linux 6.12.27-1
+	NOTE: https://git.kernel.org/linus/887c5c12e80c8424bd471122d2e8b6b462e12874 (6.15-rc1)
+CVE-2025-37879 [9p/net: fix improper handling of bogus negative read/write replies]
+	- linux 6.12.27-1
+	[bookworm] - linux 6.1.137-1
+	NOTE: https://git.kernel.org/linus/d0259a856afca31d699b706ed5e2adf11086c73b (6.15-rc1)
+CVE-2025-37878 [perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init]
+	- linux 6.12.27-1
+	NOTE: https://git.kernel.org/linus/0ba3a4ab76fd3367b9cb680cad70182c896c795c (6.15-rc2)
+CVE-2025-37877 [iommu: Clear iommu-dma ops on cleanup]
+	- linux 6.12.27-1
+	NOTE: https://git.kernel.org/linus/280e5a30100578106a4305ce0118e0aa9b866f12 (6.15-rc2)
+CVE-2025-37876 [netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS]
+	- linux 6.12.27-1
+	NOTE: https://git.kernel.org/linus/40cb48eba3b4b79e110c1a35d33a48cac54507a2 (6.15-rc3)
 CVE-2025-37875 [igc: fix PTM cycle trigger logic]
 	- linux 6.12.25-1
 	[bookworm] - linux 6.1.135-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03644ac13cac3e33f6a5ce1f50f040444cb678c4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03644ac13cac3e33f6a5ce1f50f040444cb678c4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250509/5d23dc40/attachment.htm>