[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Oct 1 11:48:50 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a3583028 by Salvatore Bonaccorso at 2025-10-01T12:48:19+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2025-39917 [bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt]
+	- linux 6.16.8-1
+	[trixie] - linux 6.12.48-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f9bb6ffa7f5ad0f8ee0f53fc4a10655872ee4a14 (6.17-rc6)
+CVE-2025-39916 [mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters()]
+	- linux 6.16.8-1
+	[trixie] - linux 6.12.48-1
+	[bookworm] - linux 6.1.153-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/e6b543ca9806d7bced863f43020e016ee996c057 (6.17-rc6)
+CVE-2025-39915 [net: phy: transfer phy_config_inband() locking responsibility to phylink]
+	- linux 6.16.8-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/e2a10daba84968f6b5777d150985fd7d6abc9c84 (6.17-rc6)
+CVE-2025-39914 [tracing: Silence warning when chunk allocation fails in trace_pid_write]
+	- linux 6.16.8-1
+	[trixie] - linux 6.12.48-1
+	[bookworm] - linux 6.1.153-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/cd4453c5e983cf1fd5757e9acb915adb1e4602b6 (6.17-rc6)
+CVE-2025-39913 [tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork.]
+	- linux 6.16.8-1
+	[trixie] - linux 6.12.48-1
+	[bookworm] - linux 6.1.153-1
+	NOTE: https://git.kernel.org/linus/a3967baad4d533dc254c31e0d221e51c8d223d58 (6.17-rc6)
+CVE-2025-39912 [nfs/localio: restore creds before releasing pageio data]
+	- linux 6.16.8-1
+	[trixie] - linux 6.12.48-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/992203a1fba51b025c60ec0c8b0d9223343dea95 (6.17-rc6)
+CVE-2025-39911 [i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path]
+	- linux 6.16.8-1
+	[trixie] - linux 6.12.48-1
+	[bookworm] - linux 6.1.153-1
+	NOTE: https://git.kernel.org/linus/915470e1b44e71d1dd07ee067276f003c3521ee3 (6.17-rc6)
+CVE-2025-39910 [mm/vmalloc, mm/kasan: respect gfp mask in kasan_populate_vmalloc()]
+	- linux 6.16.8-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/79357cd06d41d0f5a11b17d7c86176e395d10ef2 (6.17-rc6)
+CVE-2025-39909 [mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters()]
+	- linux 6.16.8-1
+	[trixie] - linux 6.12.48-1
+	[bookworm] - linux 6.1.153-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/711f19dfd783ffb37ca4324388b9c4cb87e71363 (6.17-rc6)
+CVE-2025-39908 [net: dev_ioctl: take ops lock in hwtstamp lower paths]
+	- linux 6.16.8-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/686cab5a18e443e1d5f2abb17bed45837836425f (6.17-rc6)
+CVE-2025-39907 [mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer]
+	- linux 6.16.8-1
+	[trixie] - linux 6.12.48-1
+	[bookworm] - linux 6.1.153-1
+	NOTE: https://git.kernel.org/linus/513c40e59d5a414ab763a9c84797534b5e8c208d (6.17-rc6)
+CVE-2025-39906 [drm/amd/display: remove oem i2c adapter on finish]
+	- linux 6.16.8-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/1dfd2864a1c4909147663e5a27c055f50f7c2796 (6.17-rc6)
+CVE-2025-39905 [net: phylink: add lock for serializing concurrent pl->phydev writes with resolver]
+	- linux 6.16.8-1
+	NOTE: https://git.kernel.org/linus/0ba5b2f2c381dbec9ed9e4ab3ae5d3e667de0dc3 (6.17-rc6)
+CVE-2025-39904 [arm64: kexec: initialize kexec_buf struct in load_other_segments()]
+	- linux 6.16.8-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/04d3cd43700a2d0fe4bfb1012a8ec7f2e34a3507 (6.17-rc6)
 CVE-2025-39903 [of_numa: fix uninitialized memory nodes causing kernel panic]
 	- linux 6.16.6-1
 	[trixie] - linux 6.12.48-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a358302814ddfa82310e8b8166398abfc57f8719

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a358302814ddfa82310e8b8166398abfc57f8719
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251001/d4dc2494/attachment.htm>

More information about the debian-security-tracker-commits mailing list