[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 12 20:13:09 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7446f1e7 by security tracker role at 2025-11-12T20:12:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,320 +1,460 @@
-CVE-2025-40177 [accel/qaic: Fix bootlog initialization ordering]
+CVE-2025-9316 (N-central < 2025.4 can generate sessionIDs for unauthenticated users ...)
+ TODO: check
+CVE-2025-8485 (An improper permissions vulnerability was reported in Lenovo App Store ...)
+ TODO: check
+CVE-2025-8421 (An improper default permission vulnerability was reported in Lenovo Do ...)
+ TODO: check
+CVE-2025-65002 (Fujitsu iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if ...)
+ TODO: check
+CVE-2025-65001 (Fujitsu fbiosdrv.sys before 2.5.0.0 allows an attacker to potentially ...)
+ TODO: check
+CVE-2025-64407 (Apache OpenOffice documents can contain links. A missing Authorization ...)
+ TODO: check
+CVE-2025-64406 (An out-of-bounds Write vulnerability in Apache OpenOffice could allow ...)
+ TODO: check
+CVE-2025-64405 (Apache OpenOffice documents can contain links. A missing Authorization ...)
+ TODO: check
+CVE-2025-64404 (Apache OpenOffice documents can contain links to other files. A missin ...)
+ TODO: check
+CVE-2025-64403 (Apache OpenOffice Calc spreadsheet can contain links to other files, i ...)
+ TODO: check
+CVE-2025-64402 (Apache OpenOffice documents can contain links. A missing Authorization ...)
+ TODO: check
+CVE-2025-64401 (Apache OpenOffice documents can contain links. A missing Authorization ...)
+ TODO: check
+CVE-2025-64293 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-64281 (An Authentication Bypass issue in CentralSquare Community Development ...)
+ TODO: check
+CVE-2025-64280 (A SQL Injection Vulnerability in CentralSquare Community Development 1 ...)
+ TODO: check
+CVE-2025-64117 (Tuleap is an Open Source Suite to improve management of software devel ...)
+ TODO: check
+CVE-2025-64099 (Open Access Management (OpenAM) is an access management solution. In v ...)
+ TODO: check
+CVE-2025-63929 (A null pointer dereference vulnerability exists in airpig2011 IEC104 t ...)
+ TODO: check
+CVE-2025-63927 (A heap-use-after-free vulnerability exists in airpig2011 IEC104 thru C ...)
+ TODO: check
+CVE-2025-63811 (An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allow ...)
+ TODO: check
+CVE-2025-63679 (free5gc v4.1.0 and before is vulnerable to Buffer Overflow. When AMF r ...)
+ TODO: check
+CVE-2025-63667 (Incorrect access control in SIMICAM v1.16.41-20250725, KEVIEW v1.14.92 ...)
+ TODO: check
+CVE-2025-63666 (Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that ex ...)
+ TODO: check
+CVE-2025-63419 (Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The We ...)
+ TODO: check
+CVE-2025-63353 (A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the devic ...)
+ TODO: check
+CVE-2025-63289 (Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in ...)
+ TODO: check
+CVE-2025-62876 (A Execution with Unnecessary Privileges vulnerability in lightdm-kde-g ...)
+ TODO: check
+CVE-2025-61667 (The Datadog Agent collects events and metrics from hosts and sends the ...)
+ TODO: check
+CVE-2025-61623 (Reflected cross-site scripting vulnerability in Apache OFBiz. This is ...)
+ TODO: check
+CVE-2025-60646 (A stored cross-site scripting (XSS) in the Business Line Management mo ...)
+ TODO: check
+CVE-2025-60645 (A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers ...)
+ TODO: check
+CVE-2025-59491 (Cross Site Scripting vulnerability in CentralSquare Community Developm ...)
+ TODO: check
+CVE-2025-59118 (Unrestricted Upload of File with Dangerous Type vulnerability in Apach ...)
+ TODO: check
+CVE-2025-59089 (If an attacker causes kdcproxy to connect to an attacker-controlled KD ...)
+ TODO: check
+CVE-2025-59088 (If kdcproxy receives a request for a realm which does not have server ...)
+ TODO: check
+CVE-2025-57812 (CUPS is a standards-based, open-source printing system, and `libcupsfi ...)
+ TODO: check
+CVE-2025-57310 (A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Fa ...)
+ TODO: check
+CVE-2025-56385 (A SQL injection vulnerability exists in the login functionality of Wel ...)
+ TODO: check
+CVE-2025-52331 (Cross-site scripting (XSS) vulnerability in the generate report functi ...)
+ TODO: check
+CVE-2025-46428 (Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain a ...)
+ TODO: check
+CVE-2025-37734 (Origin Validation Error in Kibana can lead to Server-Side Request Forg ...)
+ TODO: check
+CVE-2025-27368 (IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of s ...)
+ TODO: check
+CVE-2025-25236 (Omnissa Workspace ONE UEM contains an observable response discrepancy ...)
+ TODO: check
+CVE-2025-20379 (In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 an ...)
+ TODO: check
+CVE-2025-20378 (In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and S ...)
+ TODO: check
+CVE-2025-13058 (A security flaw has been discovered in soerennb eXtplorer up to 2.1.15 ...)
+ TODO: check
+CVE-2025-13057 (A vulnerability was identified in Campcodes School Fees Payment Manage ...)
+ TODO: check
+CVE-2025-12998 (Improper Authentication vulnerability in TYPO3 Extension "Modules" cod ...)
+ TODO: check
+CVE-2025-12903 (The Payment Plugins Braintree For WooCommerce plugin for WordPress is ...)
+ TODO: check
+CVE-2025-12732 (The WP Import \u2013 Ultimate CSV XML Importer for WordPress plugin fo ...)
+ TODO: check
+CVE-2025-12382 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-12152
+ REJECTED
+CVE-2025-12068
+ REJECTED
+CVE-2025-12048 (An arbitrary file upload vulnerability was reported in the Lenovo Scan ...)
+ TODO: check
+CVE-2025-12047 (A vulnerability was reported in the Lenovo Scanner pro application dur ...)
+ TODO: check
+CVE-2025-11994 (The Easy Email Subscription plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2025-11962 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-11797 (A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, ...)
+ TODO: check
+CVE-2025-11795 (A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, ...)
+ TODO: check
+CVE-2025-11700 (N-central versions < 2025.4 are vulnerable to an XML External Entities ...)
+ TODO: check
+CVE-2025-11567 (CWE-276: Incorrect Default Permissions vulnerability exists that could ...)
+ TODO: check
+CVE-2025-11566 (CWE-307: Improper Restriction of Excessive Authentication Attempts vul ...)
+ TODO: check
+CVE-2025-11565 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory (' ...)
+ TODO: check
+CVE-2025-11454 (The Specific Content For Mobile \u2013 Customize the mobile version wi ...)
+ TODO: check
+CVE-2025-11367 (The N-central Software Probe < 2025.4 is vulnerable to Remote Code Exe ...)
+ TODO: check
+CVE-2025-11366 (N-central < 2025.4 is vulnerable to authentication bypass via path tra ...)
+ TODO: check
+CVE-2025-10495 (A potential vulnerability was reported in the Lenovo PC Manager, Lenov ...)
+ TODO: check
+CVE-2024-48829 (Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an ...)
+ TODO: check
+CVE-2024-47866 (Ceph is a distributed object, block, and file storage platform. In ver ...)
+ TODO: check
+CVE-2024-45301 (Mintty is a terminal emulator for Cygwin, MSYS, and WSL. In versions 2 ...)
+ TODO: check
+CVE-2025-40177 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fd6e385528d8f85993b7bfc6430576136bb14c65 (6.18-rc2)
-CVE-2025-40176 [tls: wait for pending async decryptions if tls_strp_msg_hold fails]
+CVE-2025-40176 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b8a6ff84abbcbbc445463de58704686011edc8e1 (6.18-rc2)
-CVE-2025-40175 [idpf: cleanup remaining SKBs in PTP flows]
+CVE-2025-40175 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.17.6-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a3f8c0a273120fd2638f03403e786c3de2382e72 (6.18-rc2)
-CVE-2025-40174 [x86/mm: Fix SMP ordering in switch_mm_irqs_off()]
+CVE-2025-40174 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.17.6-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/83b0177a6c4889b3a6e865da5e21b2c9d97d0551 (6.18-rc2)
-CVE-2025-40173 [net/ip6_tunnel: Prevent perpetual tunnel growth]
+CVE-2025-40173 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE: https://git.kernel.org/linus/21f4d45eba0b2dcae5dbc9e5e0ad08735c993f16 (6.18-rc2)
-CVE-2025-40172 [accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages()]
+CVE-2025-40172 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/11f08c30a3e4157305ba692f1d44cca5fc9a8fca (6.18-rc2)
-CVE-2025-40171 [nvmet-fc: move lsop put work to nvmet_fc_ls_req_op]
+CVE-2025-40171 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/db5a5406fb7e5337a074385c7a3e53c77f2c1bd3 (6.18-rc1)
-CVE-2025-40170 [net: use dst_dev_rcu() in sk_setup_caps()]
+CVE-2025-40170 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.17.6-1
NOTE: https://git.kernel.org/linus/99a2ace61b211b0be861b07fbaa062fca4b58879 (6.18-rc1)
-CVE-2025-40169 [bpf: Reject negative offsets for ALU ops]
+CVE-2025-40169 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/55c0ced59fe17dee34e9dfd5f7be63cbab207758 (6.18-rc1)
-CVE-2025-40168 [smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().]
+CVE-2025-40168 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.17.6-1
NOTE: https://git.kernel.org/linus/235f81045c008169cc4e1955b4a64e118eebe61b (6.18-rc1)
-CVE-2025-40167 [ext4: detect invalid INLINE_DATA + EXTENTS flag combination]
+CVE-2025-40167 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE: https://git.kernel.org/linus/1d3ad183943b38eec2acf72a0ae98e635dc8456b (6.18-rc2)
-CVE-2025-40166 [drm/xe/guc: Check GuC running state before deregistering exec queue]
+CVE-2025-40166 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9f64b3cd051b825de0a2a9f145c8e003200cedd5 (6.18-rc2)
-CVE-2025-40165 [media: nxp: imx8-isi: m2m: Fix streaming cleanup on release]
+CVE-2025-40165 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/178aa3360220231dd91e7dbc2eb984525886c9c1 (6.18-rc1)
-CVE-2025-40164 [usbnet: Fix using smp_processor_id() in preemptible code warnings]
+CVE-2025-40164 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.17.6-1
NOTE: https://git.kernel.org/linus/327cd4b68b4398b6c24f10eb2b2533ffbfc10185 (6.18-rc2)
-CVE-2025-40163 [sched/deadline: Stop dl_server before CPU goes offline]
+CVE-2025-40163 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ee6e44dfe6e50b4a5df853d933a96bdff5309e6e (6.18-rc2)
-CVE-2025-40162 [ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails]
+CVE-2025-40162 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5726b68473f7153a7f6294185e5998b7e2a230a2 (6.18-rc2)
-CVE-2025-40161 [mailbox: zynqmp-ipi: Fix SGI cleanup on unbind]
+CVE-2025-40161 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/bb160e791ab15b89188a7a19589b8e11f681bef3 (6.18-rc1)
-CVE-2025-40160 [xen/events: Return -EEXIST for bound VIRQs]
+CVE-2025-40160 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
NOTE: https://git.kernel.org/linus/07ce121d93a5e5fb2440a24da3dbf408fcee978e (6.18-rc1)
-CVE-2025-40159 [xsk: Harden userspace-supplied xdp_desc validation]
+CVE-2025-40159 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/07ca98f906a403637fc5e513a872a50ef1247f3b (6.18-rc1)
-CVE-2025-40158 [ipv6: use RCU in ip6_output()]
+CVE-2025-40158 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.17.6-1
NOTE: https://git.kernel.org/linus/11709573cc4e48dc34c80fc7ab9ce5b159e29695 (6.18-rc1)
-CVE-2025-40157 [EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller]
+CVE-2025-40157 (In the Linux kernel, the following vulnerability has been resolved: E ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2e6fe1bbefd9c059c3787d1c620fe67343a94dff (6.18-rc1)
-CVE-2025-40156 [PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe()]
+CVE-2025-40156 (In the Linux kernel, the following vulnerability has been resolved: P ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fc33bf0e097c6834646b98a7b3da0ae5b617f0f9 (6.18-rc1)
-CVE-2025-40155 [iommu/vt-d: debugfs: Fix legacy mode page table dump logic]
+CVE-2025-40155 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fbe6070c73badca726e4ff7877320e6c62339917 (6.18-rc1)
-CVE-2025-40154 [ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping]
+CVE-2025-40154 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE: https://git.kernel.org/linus/fba404e4b4af4f4f747bb0e41e9fff7d03c7bcc0 (6.18-rc1)
-CVE-2025-40153 [mm: hugetlb: avoid soft lockup when mprotect to large memory area]
+CVE-2025-40153 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE: https://git.kernel.org/linus/f52ce0ea90c83a28904c7cc203a70e6434adfecb (6.18-rc1)
-CVE-2025-40152 [drm/msm: Fix bootup splat with separate_gpu_drm modparam]
+CVE-2025-40152 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f028bcafb6dfb4c2bb656cbff9e6a66222d3d3d7 (6.18-rc1)
-CVE-2025-40151 [LoongArch: BPF: No support of struct argument in trampoline programs]
+CVE-2025-40151 (In the Linux kernel, the following vulnerability has been resolved: L ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e82406c7cbdd368c5459b8a45e118811d2ba0794 (6.18-rc1)
-CVE-2025-40150 [f2fs: fix to avoid migrating empty section]
+CVE-2025-40150 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.17.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d625a2b08c089397d3a03bff13fa8645e4ec7a01 (6.18-rc1)
-CVE-2025-40149 [tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().]
+CVE-2025-40149 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.17.6-1
NOTE: https://git.kernel.org/linus/c65f27b9c3be2269918e1cbad6d8884741f835c5 (6.18-rc1)
-CVE-2025-40148 [drm/amd/display: Add NULL pointer checks in dc_stream cursor attribute functions]
+CVE-2025-40148 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.17.6-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/bf4e4b97d0fdc66f04fc19d807e24dd8421b8f11 (6.18-rc1)
-CVE-2025-40147 [blk-throttle: fix access race during throttle policy activation]
+CVE-2025-40147 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.17.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/bd9fd5be6bc0836820500f68fff144609fbd85a9 (6.18-rc1)
-CVE-2025-40146 [blk-mq: fix potential deadlock while nr_requests grown]
+CVE-2025-40146 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.17.6-1
NOTE: https://git.kernel.org/linus/b86433721f46d934940528f28d49c1dedb690df1 (6.18-rc1)
-CVE-2025-40145 [PCI/pwrctrl: Fix double cleanup on devm_add_action_or_reset() failure]
+CVE-2025-40145 (In the Linux kernel, the following vulnerability has been resolved: P ...)
- linux 6.17.6-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ab81f2f79c683c94bac622aafafbe8232e547159 (6.18-rc1)
-CVE-2025-40144 [nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe()]
+CVE-2025-40144 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a9e6aa994917ee602798bbb03180a194b37865bb (6.18-rc1)
-CVE-2025-40143 [bpf: dont report verifier bug for missing bpf_scc_visit on speculative path]
+CVE-2025-40143 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a3c73d629ea1373af3c0c954d41fd1af555492e3 (6.18-rc1)
-CVE-2025-40142 [ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT]
+CVE-2025-40142 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9fc4a3da9a0259a0500848b5d8657918efde176b (6.18-rc1)
-CVE-2025-40141 [Bluetooth: ISO: Fix possible UAF on iso_conn_free]
+CVE-2025-40141 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9950f095d6c875dbe0c9ebfcf972ec88fdf26fc8 (6.18-rc1)
-CVE-2025-40140 [net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast]
+CVE-2025-40140 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE: https://git.kernel.org/linus/958baf5eaee394e5fd976979b0791a875f14a179 (6.18-rc1)
-CVE-2025-40139 [smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().]
+CVE-2025-40139 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.17.6-1
NOTE: https://git.kernel.org/linus/935d783e5de9b64587f3adb25641dd8385e64ddb (6.18-rc1)
-CVE-2025-40138 [f2fs: fix to avoid NULL pointer dereference in f2fs_check_quota_consistency()]
+CVE-2025-40138 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/930a9a6ee8e7ffa20af4bffbfc2bbd21d83bf81c (6.18-rc1)
-CVE-2025-40137 [f2fs: fix to truncate first page in error path of f2fs_truncate()]
+CVE-2025-40137 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
NOTE: https://git.kernel.org/linus/9251a9e6e871cb03c4714a18efa8f5d4a8818450 (6.18-rc1)
-CVE-2025-40136 [crypto: hisilicon/qm - request reserved interrupt for virtual function]
+CVE-2025-40136 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.17.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9228facb308157ac0bdd264b873187896f7a9c7a (6.18-rc1)
-CVE-2025-40135 [ipv6: use RCU in ip6_xmit()]
+CVE-2025-40135 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.17.6-1
NOTE: https://git.kernel.org/linus/9085e56501d93af9f2d7bd16f7fcfacdde47b99c (6.18-rc1)
-CVE-2025-40134 [dm: fix NULL pointer dereference in __dm_suspend()]
+CVE-2025-40134 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE: https://git.kernel.org/linus/8d33a030c566e1f105cd5bf27f37940b6367f3be (6.18-rc1)
-CVE-2025-40133 [mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable().]
+CVE-2025-40133 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/893c49a78d9f85e4b8081b908fb7c407d018106a (6.18-rc1)
-CVE-2025-40132 [ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback]
+CVE-2025-40132 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/87cab86925b7fa4c1c977bc191ac549a3b23f0ea (6.18-rc1)
-CVE-2025-40131 [wifi: ath12k: Fix peer lookup in ath12k_dp_mon_rx_deliver_msdu()]
+CVE-2025-40131 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.17.6-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7ca61ed8b3f3fc9a7decd68039cb1d7d1238c566 (6.18-rc1)
-CVE-2025-40130 [scsi: ufs: core: Fix data race in CPU latency PM QoS request handling]
+CVE-2025-40130 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.17.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/79dde5f7dc7c038eec903745dc1550cd4139980e (6.18-rc1)
-CVE-2025-40129 [sunrpc: fix null pointer dereference on zero-length checksum]
+CVE-2025-40129 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6df164e29bd4e6505c5a2e0e5f1e1f6957a16a42 (6.18-rc1)
-CVE-2025-40128 [btrfs: fix symbolic link reading when bs > ps]
+CVE-2025-40128 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/67378b754608a3524d125bfa5744508a49fe48be (6.18-rc1)
-CVE-2025-40127 [hwrng: ks-sa - fix division by zero in ks_sa_rng_init]
+CVE-2025-40127 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE: https://git.kernel.org/linus/612b1dfeb414dfa780a6316014ceddf9a74ff5c0 (6.18-rc1)
-CVE-2025-40126 [sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC]
+CVE-2025-40126 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE: https://git.kernel.org/linus/4fba1713001195e59cfc001ff1f2837dab877efb (6.18-rc1)
-CVE-2025-40125 [blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx]
+CVE-2025-40125 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE: https://git.kernel.org/linus/4c7ef92f6d4d08a27d676e4c348f4e2922cab3ed (6.18-rc1)
-CVE-2025-40124 [sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III]
+CVE-2025-40124 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE: https://git.kernel.org/linus/47b49c06eb62504075f0f2e2227aee2e2c2a58b3 (6.18-rc1)
-CVE-2025-40123 [bpf: Enforce expected_attach_type for tailcall compatibility]
+CVE-2025-40123 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE: https://git.kernel.org/linus/4540aed51b12bc13364149bf95f6ecef013197c0 (6.18-rc1)
-CVE-2025-40122 [perf/x86/intel: Fix IA32_PMC_x_CFG_B MSRs access error]
+CVE-2025-40122 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.17.6-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/43796f30507802d93ead2dc44fc9637f34671a89 (6.18-rc1)
-CVE-2025-40121 [ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping]
+CVE-2025-40121 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE: https://git.kernel.org/linus/4336efb59ef364e691ef829a73d9dbd4d5ed7c7b (6.18-rc1)
-CVE-2025-40120 [net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock]
+CVE-2025-40120 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3d3c4cd5c62f24bb3cb4511b7a95df707635e00a (6.18-rc1)
-CVE-2025-40119 [ext4: fix potential null deref in ext4_mb_init()]
+CVE-2025-40119 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3c3fac6bc0a9c00dbe65d8dc0d3a282afe4d3188 (6.18-rc1)
-CVE-2025-40118 [scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod]
+CVE-2025-40118 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE: https://git.kernel.org/linus/251be2f6037fb7ab399f68cd7428ff274133d693 (6.18-rc1)
-CVE-2025-40117 [misc: pci_endpoint_test: Fix array underflow in pci_endpoint_test_ioctl()]
+CVE-2025-40117 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1ad82f9db13d85667366044acdfb02009d576c5a (6.18-rc1)
-CVE-2025-40116 [usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup]
+CVE-2025-40116 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE: https://git.kernel.org/linus/186e8f2bdba551f3ae23396caccd452d985c23e3 (6.18-rc1)
-CVE-2025-40115 [scsi: mpt3sas: Fix crash in transport port remove by using ioc_info()]
+CVE-2025-40115 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE: https://git.kernel.org/linus/1703fe4f8ae50d1fb6449854e1fcaed1053e3a14 (6.18-rc1)
-CVE-2025-40113 [remoteproc: qcom: pas: Shutdown lite ADSP DTB on X1E]
+CVE-2025-40113 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.17.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/142964960c7c35de5c5f7bdd61c32699de693630 (6.18-rc1)
-CVE-2025-40112 [sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara]
+CVE-2025-40112 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.17.6-1
[trixie] - linux 6.12.57-1
[bookworm] - linux 6.1.158-1
NOTE: https://git.kernel.org/linus/0b67c8fc10b13a9090340c5f8a37d308f4e1571c (6.18-rc1)
-CVE-2025-13042
+CVE-2025-13042 (Inappropriate implementation in V8 in Google Chrome prior to 142.0.744 ...)
- chromium 142.0.7444.162-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-64531 (Substance3D - Stager versions 3.1.5 and earlier are affected by a Use ...)
@@ -50541,7 +50681,7 @@ CVE-2025-24919 (A deserialization of untrusted input vulnerability exists in the
NOT-FOR-US: Dell
CVE-2025-24311 (An out-of-bounds read vulnerability exists in the cv_send_blockdata f ...)
NOT-FOR-US: Dell
-CVE-2025-2843
+CVE-2025-2843 (A flaw was found in the Observability Operator. The Operator creates a ...)
NOT-FOR-US: Red Hat Observability observability-operator
CVE-2025-6052 (A flaw was found in how GLib\u2019s GString manages memory when adding ...)
- glib2.0 2.84.3-1 (bug #1107797; unimportant)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7446f1e73e7c09dfa63ff5f32d70325bb3278bd4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7446f1e73e7c09dfa63ff5f32d70325bb3278bd4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251112/aa7520cb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list