[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 1 11:44:20 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
133fdb38 by Salvatore Bonaccorso at 2025-10-01T12:43:48+02:00
Merge Linux CVEs from kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2025-39903 [of_numa: fix uninitialized memory nodes causing kernel panic]
+ - linux 6.16.6-1
+ [trixie] - linux 6.12.48-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ee4d098cbc9160f573b5c1b5a51d6158efdb2896 (6.17-rc5)
+CVE-2025-39902 [mm/slub: avoid accessing metadata when pointer is invalid in object_err()]
+ - linux 6.16.6-1
+ [trixie] - linux 6.12.48-1
+ [bookworm] - linux 6.1.153-1
+ [bullseye] - linux 5.10.244-1
+ NOTE: https://git.kernel.org/linus/b4efccec8d06ceb10a7d34d7b1c449c569d53770 (6.17-rc5)
+CVE-2025-39901 [i40e: remove read access to debugfs files]
+ - linux 6.16.6-1
+ [trixie] - linux 6.12.48-1
+ NOTE: https://git.kernel.org/linus/9fcdb1c3c4ba134434694c001dbff343f1ffa319 (6.17-rc5)
+CVE-2025-39900 [net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y]
+ - linux 6.16.6-1
+ [trixie] - linux 6.12.48-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9f74c0ea9b26d1505d55b61e36b1623dd347e1d1 (6.17-rc5)
+CVE-2025-39899 [mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE]
+ - linux 6.16.6-1
+ [trixie] - linux 6.12.48-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9614d8bee66387501f48718fa306e17f2aa3f2f3 (6.17-rc5)
+CVE-2025-39898 [e1000e: fix heap overflow in e1000_set_eeprom]
+ - linux 6.16.6-1
+ [trixie] - linux 6.12.48-1
+ [bookworm] - linux 6.1.153-1
+ [bullseye] - linux 5.10.244-1
+ NOTE: https://git.kernel.org/linus/90fb7db49c6dbac961c6b8ebfd741141ffbc8545 (6.17-rc5)
+CVE-2025-39897 [net: xilinx: axienet: Add error handling for RX metadata pointer retrieval]
+ - linux 6.16.6-1
+ [trixie] - linux 6.12.48-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/8bbceba7dc5090c00105e006ce28d1292cfda8dd (6.17-rc5)
+CVE-2025-39896 [accel/ivpu: Prevent recovery work from being queued during device removal]
+ - linux 6.16.6-1
+ [trixie] - linux 6.12.48-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/69a79ada8eb034ce016b5b78fb7d08d8687223de (6.17-rc5)
+CVE-2025-39895 [sched: Fix sched_numa_find_nth_cpu() if mask offline]
+ - linux 6.16.6-1
+ [trixie] - linux 6.12.48-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/5ebf512f335053a42482ebff91e46c6dc156bf8c (6.17-rc5)
+CVE-2025-39894 [netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm]
+ - linux 6.16.6-1
+ [trixie] - linux 6.12.48-1
+ [bookworm] - linux 6.1.153-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/479a54ab92087318514c82428a87af2d7af1a576 (6.17-rc5)
+CVE-2025-39893 [spi: spi-qpic-snand: unregister ECC engine on probe error and device remove]
+ - linux 6.16.6-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/1991a458528588ff34e98b6365362560d208710f (6.17-rc5)
+CVE-2025-39892 [ASoC: soc-core: care NULL dirver name on snd_soc_lookup_component_nolocked()]
+ - linux 6.16.6-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/168873ca1799d3f23442b9e79eae55f907b9b126 (6.17-rc5)
+CVE-2025-39891 [wifi: mwifiex: Initialize the chan_stats array to zero]
+ - linux 6.16.6-1
+ [trixie] - linux 6.12.48-1
+ [bookworm] - linux 6.1.153-1
+ [bullseye] - linux 5.10.244-1
+ NOTE: https://git.kernel.org/linus/0e20450829ca3c1dbc2db536391537c57a40fe0b (6.17-rc5)
CVE-2025-8877 (The AffiliateWP plugin for WordPress is vulnerable to SQL Injection vi ...)
NOT-FOR-US: WordPress plugin
CVE-2025-8122 (Improper neutralization of input provided by an authorized user in art ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/133fdb38ce39a425a31c4b8e12e0843fc7a683cc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/133fdb38ce39a425a31c4b8e12e0843fc7a683cc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251001/5c39596f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list