[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Thu May 29 19:43:12 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a5c2c60e by Salvatore Bonaccorso at 2025-05-29T20:41:23+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,32 @@
+CVE-2025-37999 [fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio()]
+	- linux 6.12.29-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/bbfe756dc3062c1e934f06e5ba39c239aa953b92 (6.15-rc6)
+CVE-2025-37998 [openvswitch: Fix unsafe attribute parsing in output_userspace()]
+	- linux 6.12.29-1
+	[bookworm] - linux 6.1.139-1
+	NOTE: https://git.kernel.org/linus/6beb6835c1fbb3f676aebb51a5fee6b77fed9308 (6.15-rc6)
+CVE-2025-37997 [netfilter: ipset: fix region locking in hash types]
+	- linux 6.12.29-1
+	[bookworm] - linux 6.1.139-1
+	NOTE: https://git.kernel.org/linus/8478a729c0462273188263136880480729e9efca (6.15-rc6)
+CVE-2025-37996 [KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort()]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/157dbc4a321f5bb6f8b6c724d12ba720a90f1a7c (6.15-rc6)
+CVE-2025-37995 [module: ensure that kobject_put() is safe for module type kobjects]
+	- linux 6.12.29-1
+	[bookworm] - linux 6.1.139-1
+	NOTE: https://git.kernel.org/linus/a6aeb739974ec73e5217c75a7c008a688d3d5cf1 (6.15-rc6)
+CVE-2025-37994 [usb: typec: ucsi: displayport: Fix NULL pointer access]
+	- linux 6.12.29-1
+	[bookworm] - linux 6.1.139-1
+	NOTE: https://git.kernel.org/linus/312d79669e71283d05c05cc49a1a31e59e3d9e0e (6.15-rc6)
+CVE-2025-37993 [can: m_can: m_can_class_allocate_dev(): initialize spin lock on device probe]
+	- linux 6.12.29-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/dcaeeb8ae84c5506ebc574732838264f3887738c (6.15-rc6)
 CVE-2025-4598
 	- systemd <unfixed>
 	NOTE: https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5c2c60ea9956d9691bb60bc384ccc79721bfd3d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5c2c60ea9956d9691bb60bc384ccc79721bfd3d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250529/08875519/attachment.htm>
