[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Thu Nov 13 08:43:06 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e18b8047 by Salvatore Bonaccorso at 2025-11-13T09:42:42+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,168 @@
+CVE-2025-40208 [media: iris: fix module removal if firmware download failed]
+	- linux 6.17.6-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/fde38008fc4f43db8c17869491870df24b501543 (6.18-rc1)
+CVE-2025-40207 [media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try()]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	[bookworm] - linux 6.1.158-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f37df9a0eb5e43fcfe02cbaef076123dc0d79c7e (6.18-rc1)
+CVE-2025-40206 [netfilter: nft_objref: validate objref and objrefmap expressions]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	NOTE: https://git.kernel.org/linus/f359b809d54c6e3dd1d039b97e0b68390b0e53e4 (6.18-rc1)
+CVE-2025-40205 [btrfs: avoid potential out-of-bounds in btrfs_encode_fh()]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	[bookworm] - linux 6.1.158-1
+	NOTE: https://git.kernel.org/linus/dff4f9ff5d7f289e4545cc936362e01ed3252742 (6.18-rc1)
+CVE-2025-40204 [sctp: Fix MAC comparison to be constant-time]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	[bookworm] - linux 6.1.158-1
+	NOTE: https://git.kernel.org/linus/dd91c79e4f58fbe2898dac84858033700e0e99fb (6.18-rc1)
+CVE-2025-40203 [listmount: don't call path_put() under namespace semaphore]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c1f86d0ac322c7e77f6f8dbd216c65d39358ffc0 (6.18-rc1)
+CVE-2025-40202 [ipmi: Rework user message limit handling]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	[bookworm] - linux 6.1.158-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/b52da4054ee0bf9ecb44996f2c83236ff50b3812 (6.18-rc1)
+CVE-2025-40201 [kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	[bookworm] - linux 6.1.158-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a15f37a40145c986cdf289a4b88390f35efdecc4 (6.18-rc1)
+CVE-2025-40200 [Squashfs: reject negative file sizes in squashfs_read_inode()]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	[bookworm] - linux 6.1.158-1
+	NOTE: https://git.kernel.org/linus/9f1c14c1de1bdde395f6cc893efa4f80a2ae3b2b (6.18-rc1)
+CVE-2025-40199 [page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/95920c2ed02bde551ab654e9749c2ca7bc3100e0 (6.18-rc1)
+CVE-2025-40198 [ext4: avoid potential buffer over-read in parse_apply_sb_mount_options()]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	[bookworm] - linux 6.1.158-1
+	NOTE: https://git.kernel.org/linus/8ecb790ea8c3fc69e77bace57f14cf0d7c177bd8 (6.18-rc1)
+CVE-2025-40197 [media: mc: Clear minor number before put device]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	[bookworm] - linux 6.1.158-1
+	NOTE: https://git.kernel.org/linus/8cfc8cec1b4da88a47c243a11f384baefd092a50 (6.18-rc1)
+CVE-2025-40196 [fs: quota: create dedicated workqueue for quota_release_work]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	NOTE: https://git.kernel.org/linus/72b7ceca857f38a8ca7c5629feffc63769638974 (6.18-rc1)
+CVE-2025-40195 [mount: handle NULL values in mnt_ns_release()]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	NOTE: https://git.kernel.org/linus/6c7ca6a02f8f9549a438a08a23c6327580ecf3d6 (6.18-rc1)
+CVE-2025-40194 [cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	[bookworm] - linux 6.1.158-1
+	NOTE: https://git.kernel.org/linus/69e5d50fcf4093fb3f9f41c4f931f12c2ca8c467 (6.18-rc1)
+CVE-2025-40193 [xtensa: simdisk: add input size check in proc_write_simdisk]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	[bookworm] - linux 6.1.158-1
+	NOTE: https://git.kernel.org/linus/5d5f08fd0cd970184376bee07d59f635c8403f63 (6.18-rc1)
+CVE-2025-40192 [Revert "ipmi: fix msg stack when IPMI is disconnected"]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/5d09ee1bec870263f4ace439402ea840503b503b (6.18-rc1)
+CVE-2025-40191 [drm/amdkfd: Fix kfd process ref leaking when userptr unmapping]
+	- linux 6.17.6-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/58e6fc2fb94f0f409447e5d46cf6a417b6397fbc (6.18-rc1)
+CVE-2025-40190 [ext4: guard against EA inode refcount underflow in xattr update]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	[bookworm] - linux 6.1.158-1
+	NOTE: https://git.kernel.org/linus/57295e835408d8d425bef58da5253465db3d6888 (6.18-rc1)
+CVE-2025-40189 [net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom]
+	- linux 6.17.6-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/49bdb63ff64469a6de8ea901aef123c75be9bbe7 (6.18-rc1)
+CVE-2025-40188 [pwm: berlin: Fix wrong register in suspend/resume]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	[bookworm] - linux 6.1.158-1
+	NOTE: https://git.kernel.org/linus/3a4b9d027e4061766f618292df91760ea64a1fcc (6.18-rc1)
+CVE-2025-40187 [net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	[bookworm] - linux 6.1.158-1
+	NOTE: https://git.kernel.org/linus/2f3119686ef50319490ccaec81a575973da98815 (6.18-rc1)
+CVE-2025-40186 [tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request().]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	[bookworm] - linux 6.1.158-1
+	NOTE: https://git.kernel.org/linus/2e7cbbbe3d61c63606994b7ff73c72537afe2e1c (6.18-rc1)
+CVE-2025-40185 [ice: ice_adapter: release xa entry on adapter allocation failure]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/2db687f3469dbc5c59bc53d55acafd75d530b497 (6.18-rc1)
+CVE-2025-40184 [KVM: arm64: Fix debug checking for np-guests using huge mappings]
+	- linux 6.17.6-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/2ba972bf71cb71d2127ec6c3db1ceb6dd0c73173 (6.18-rc1)
+CVE-2025-40183 [bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6}]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	[bookworm] - linux 6.1.158-1
+	NOTE: https://git.kernel.org/linus/23f3770e1a53e6c7a553135011f547209e141e72 (6.18-rc1)
+CVE-2025-40182 [crypto: skcipher - Fix reqsize handling]
+	- linux 6.17.6-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/229c586b5e86979badb7cb0d38717b88a9e95ddd (6.18-rc1)
+CVE-2025-40181 [x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/0dccbc75e18df85399a71933d60b97494110f559 (6.18-rc1)
+CVE-2025-40180 [mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	NOTE: https://git.kernel.org/linus/0aead8197fc1a85b0a89646e418feb49a564b029 (6.18-rc1)
+CVE-2025-40179 [ext4: verify orphan file size is not too big]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	[bookworm] - linux 6.1.158-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/0a6ce20c156442a4ce2a404747bb0fb05d54eeb3 (6.18-rc1)
+CVE-2025-40178 [pid: Add a judgment for ns null in pid_nr_ns]
+	- linux 6.17.6-1
+	[trixie] - linux 6.12.57-1
+	[bookworm] - linux 6.1.158-1
+	NOTE: https://git.kernel.org/linus/006568ab4c5ca2309ceb36fa553e390b4aa9c0c7 (6.18-rc1)
 CVE-2025-9316 (N-central < 2025.4 can generate sessionIDs for unauthenticated users   ...)
 	NOT-FOR-US: N-central
 CVE-2025-8485 (An improper permissions vulnerability was reported in Lenovo App Store ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e18b80474e3b042790c2e9479370eecce704625c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e18b80474e3b042790c2e9479370eecce704625c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251113/30c148b8/attachment.htm>
