[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Tue May 20 20:53:08 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a2785e0c by Salvatore Bonaccorso at 2025-05-20T21:52:26+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,80 @@
+CVE-2025-37964 [x86/mm: Eliminate window where TLB flushes may be inadvertently skipped]
+	- linux 6.12.29-1
+	[bookworm] - linux 6.1.139-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/fea4e317f9e7e1f449ce90dedc27a2d2a95bee5a (6.15-rc6)
+CVE-2025-37963 [arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users]
+	- linux 6.12.29-1
+	[bookworm] - linux 6.1.139-1
+	NOTE: https://git.kernel.org/linus/f300769ead032513a68e4a02e806393402e626f8 (6.15-rc7)
+CVE-2025-37962 [ksmbd: fix memory leak in parse_lease_state()]
+	- linux 6.12.29-1
+	[bookworm] - linux 6.1.139-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/eb4447bcce915b43b691123118893fca4f372a8f (6.15-rc6)
+CVE-2025-37961 [ipvs: fix uninit-value for saddr in do_output_route4]
+	- linux 6.12.29-1
+	[bookworm] - linux 6.1.139-1
+	NOTE: https://git.kernel.org/linus/e34090d7214e0516eb8722aee295cb2507317c07 (6.15-rc6)
+CVE-2025-37960 [memblock: Accept allocated memory before use in memblock_double_array()]
+	- linux 6.12.29-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/da8bf5daa5e55a6af2b285ecda460d6454712ff4 (6.15-rc6)
+CVE-2025-37959 [bpf: Scrub packet on bpf_redirect_peer]
+	- linux 6.12.29-1
+	[bookworm] - linux 6.1.139-1
+	NOTE: https://git.kernel.org/linus/c4327229948879814229b46aa26a750718888503 (6.15-rc6)
+CVE-2025-37958 [mm/huge_memory: fix dereferencing invalid pmd migration entry]
+	- linux 6.12.29-1
+	NOTE: https://git.kernel.org/linus/be6e843fc51a584672dfd9c4a6a24c8cb81d5fb7 (6.15-rc6)
+CVE-2025-37957 [KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception]
+	- linux 6.12.29-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a2620f8932fa9fdabc3d78ed6efb004ca409019f (6.15-rc6)
+CVE-2025-37956 [ksmbd: prevent rename with empty string]
+	- linux 6.12.29-1
+	NOTE: https://git.kernel.org/linus/53e3e5babc0963a92d856a5ec0ce92c59f54bc12 (6.15-rc6)
+CVE-2025-37955 [virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable()]
+	- linux 6.12.29-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4397684a292a71fbc1e815c3e283f7490ddce5ae (6.15-rc6)
+CVE-2025-37954 [smb: client: Avoid race in open_cached_dir with lease breaks]
+	- linux 6.12.29-1
+	NOTE: https://git.kernel.org/linus/3ca02e63edccb78ef3659bebc68579c7224a6ca2 (6.15-rc6)
+CVE-2025-37953 [sch_htb: make htb_deactivate() idempotent]
+	- linux 6.12.29-1
+	[bookworm] - linux 6.1.139-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3769478610135e82b262640252d90f6efb05be71 (6.15-rc6)
+CVE-2025-37952 [ksmbd: Fix UAF in __close_file_table_ids]
+	- linux 6.12.29-1
+	NOTE: https://git.kernel.org/linus/36991c1ccde2d5a521577c448ffe07fcccfe104d (6.15-rc6)
+CVE-2025-37951 [drm/v3d: Add job to pending list if the reset was skipped]
+	- linux 6.12.29-1
+	[bookworm] - linux 6.1.139-1
+	NOTE: https://git.kernel.org/linus/35e4079bf1a2570abffce6ababa631afcf8ea0e5 (6.15-rc6)
+CVE-2025-37950 [ocfs2: fix panic in failed foilio allocation]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/31d4cd4eb2f8d9b87ebfa6a5e443a59e3b3d7b8c (6.15-rc6)
+CVE-2025-37949 [xenbus: Use kref to track req lifetime]
+	- linux 6.12.29-1
+	[bookworm] - linux 6.1.139-1
+	NOTE: https://git.kernel.org/linus/1f0304dfd9d217c2f8b04a9ef4b3258a66eedd27 (6.15-rc6)
+CVE-2025-37948 [arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs]
+	- linux 6.12.29-1
+	[bookworm] - linux 6.1.139-1
+	NOTE: https://git.kernel.org/linus/0dfefc2ea2f29ced2416017d7e5b1253a54c2735 (6.15-rc7)
+CVE-2025-37947 [ksmbd: prevent out-of-bounds stream writes by validating *pos]
+	- linux 6.12.29-1
+	[bookworm] - linux 6.1.139-1
+	NOTE: https://git.kernel.org/linus/0ca6df4f40cf4c32487944aaf48319cb6c25accc (6.15-rc6)
+CVE-2025-37946 [s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs]
+	- linux 6.12.29-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/05a2538f2b48500cf4e8a0a0ce76623cc5bafcf1 (6.15-rc6)
 CVE-2025-37945 [net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY]
 	- linux 6.12.25-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2785e0c381d3b944d7f6e4c3b464b9c6d5a68bf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2785e0c381d3b944d7f6e4c3b464b9c6d5a68bf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250520/9a31d411/attachment.htm>
