[Git][security-tracker-team/security-tracker][master] Merge more Linux CVEs from kernel-sec

Tue May 20 20:59:40 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c6ecf6bc by Salvatore Bonaccorso at 2025-05-20T21:59:16+02:00
Merge more Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,123 @@
+CVE-2025-37991 [parisc: Fix double SIGFPE crash]
+	- linux 6.12.29-1
+	[bookworm] - linux 6.1.139-1
+	NOTE: https://git.kernel.org/linus/de3629baf5a33af1919dec7136d643b0662e85ef (6.15-rc5)
+CVE-2025-37990 [wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()]
+	- linux 6.12.29-1
+	[bookworm] - linux 6.1.139-1
+	NOTE: https://git.kernel.org/linus/8e089e7b585d95122c8122d732d1d5ef8f879396 (6.15-rc5)
+CVE-2025-37989 [net: phy: leds: fix memory leak]
+	- linux 6.12.27-1
+	[bookworm] - linux 6.1.137-1
+	[bullseye] - linux 5.10.237-1
+	NOTE: https://git.kernel.org/linus/b7f0ee992adf601aa00c252418266177eb7ac2bc (6.15-rc4)
+CVE-2025-37988 [fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount()]
+	- linux 6.12.27-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/0d039eac6e5950f9d1ecc9e410c2fd1feaeab3b6 (6.15-rc4)
+CVE-2025-37987 [pds_core: Prevent possible adminq overflow/stuck condition]
+	- linux 6.12.27-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d9e2f070d8af60f2c8c02b2ddf0a9e90b4e9220c (6.15-rc4)
+CVE-2025-37986 [usb: typec: class: Invalidate USB device pointers on partner unregistration]
+	- linux 6.12.27-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/66e1a887273c6b89f09bc11a40d0a71d5a081a8e (6.15-rc4)
+CVE-2025-37985 [USB: wdm: close race between wdm_open and wdm_wwan_port_stop]
+	- linux 6.12.27-1
+	[bookworm] - linux 6.1.137-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c1846ed4eb527bdfe6b3b7dd2c78e2af4bf98f4f (6.15-rc4)
+CVE-2025-37984 [crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/b16510a530d1e6ab9683f04f8fb34f2e0f538275 (6.15-rc1)
+CVE-2025-37983 [qibfs: fix _another_ leak]
+	- linux 6.12.27-1
+	[bookworm] - linux 6.1.137-1
+	[bullseye] - linux 5.10.237-1
+	NOTE: https://git.kernel.org/linus/bdb43af4fdb39f844ede401bdb1258f67a580a27 (6.15-rc1)
+CVE-2025-37982 [wifi: wl1251: fix memory leak in wl1251_tx_work]
+	- linux 6.12.25-1
+	[bookworm] - linux 6.1.135-1
+	[bullseye] - linux 5.10.237-1
+	NOTE: https://git.kernel.org/linus/a0f0dc96de03ffeefc2a177b7f8acde565cb77f4 (6.15-rc3)
+CVE-2025-37981 [scsi: smartpqi: Use is_kdump_kernel() to check for kdump]
+	- linux 6.12.25-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a2d5a0072235a69749ceb04c1a26dc75df66a31a (6.15-rc3)
+CVE-2025-37980 [block: fix resource leak in blk_register_queue() error path]
+	- linux 6.12.25-1
+	NOTE: https://git.kernel.org/linus/40f2eb9b531475dd01b683fdaf61ca3cfd03a51e (6.15-rc3)
+CVE-2025-37979 [ASoC: qcom: Fix sc7280 lpass potential buffer overflow]
+	- linux 6.12.25-1
+	[bookworm] - linux 6.1.137-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a31a4934b31faea76e735bab17e63d02fcd8e029 (6.15-rc3)
+CVE-2025-37978 [block: integrity: Do not call set_page_dirty_lock()]
+	- linux 6.12.25-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/39e160505198ff8c158f11bce2ba19809a756e8b (6.15-rc3)
+CVE-2025-37977 [scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set]
+	- linux 6.12.27-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f92bb7436802f8eb7ee72dc911a33c8897fde366 (6.15-rc3)
+CVE-2025-37976 [wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/0c1015493f0e3979bcbd3a12ebc0977578c87f21 (6.14.3)
+CVE-2025-37975 [riscv: module: Fix out-of-bounds relocation access]
+	- linux 6.12.25-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/0b4cce68efb93e31a8e51795d696df6e379cb41c (6.15-rc3)
+CVE-2025-37974 [s390/pci: Fix missing check for zpci_create_device() error return]
+	- linux 6.12.29-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/42420c50c68f3e95e90de2479464f420602229fc (6.15-rc6)
+CVE-2025-37973 [wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation]
+	- linux 6.12.29-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/023c1f2f0609218103cbcb48e0104b144d4a16dc (6.15-rc6)
+CVE-2025-37972 [Input: mtk-pmic-keys - fix possible null pointer dereference]
+	- linux 6.12.29-1
+	[bookworm] - linux 6.1.139-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/11cdb506d0fbf5ac05bf55f5afcb3a215c316490 (6.15-rc6)
+CVE-2025-37971 [staging: bcm2835-camera: Initialise dev in v4l2_dev]
+	- linux 6.12.29-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/98698ca0e58734bc5c1c24e5bbc7429f981cd186 (6.15-rc6)
+CVE-2025-37970 [iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo]
+	- linux 6.12.29-1
+	[bookworm] - linux 6.1.139-1
+	NOTE: https://git.kernel.org/linus/159ca7f18129834b6f4c7eae67de48e96c752fc9 (6.15-rc6)
+CVE-2025-37969 [iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo]
+	- linux 6.12.29-1
+	[bookworm] - linux 6.1.139-1
+	NOTE: https://git.kernel.org/linus/8114ef86e2058e2554111b793596f17bee23fa15 (6.15-rc6)
+CVE-2025-37968 [iio: light: opt3001: fix deadlock due to concurrent flag access]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/f063a28002e3350088b4577c5640882bf4ea17ea (6.15-rc6)
+CVE-2025-37967 [usb: typec: ucsi: displayport: Fix deadlock]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/364618c89d4c57c85e5fc51a2446cd939bf57802 (6.15-rc6)
+CVE-2025-37966 [riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ae08d55807c099357c047dba17624b09414635dd (6.15-rc6)
+CVE-2025-37965 [drm/amd/display: Fix invalid context error in dml helper]
+	- linux 6.12.29-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9984db63742099ee3f3cff35cf71306d10e64356 (6.15-rc6)
 CVE-2025-37964 [x86/mm: Eliminate window where TLB flushes may be inadvertently skipped]
 	- linux 6.12.29-1
 	[bookworm] - linux 6.1.139-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6ecf6bc8dff9ac49a3c90b7898bfbc6a5d5d3b0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6ecf6bc8dff9ac49a3c90b7898bfbc6a5d5d3b0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250520/59690683/attachment.htm>
