[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cf5c3c25 by Salvatore Bonaccorso at 2025-10-30T14:41:25+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2025-40105 [vfs: Don't leak disconnected dentries on umount]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/56094ad3eaa21e6621396cc33811d8f72847a834 (6.18-rc2)
+CVE-2025-40104 [ixgbevf: fix mailbox API compatibility by negotiating supported features]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/a7075f501bd33c93570af759b6f4302ef0175168 (6.18-rc2)
+CVE-2025-40103 [smb: client: Fix refcount leak for cifs_sb_tlink]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/c2b77f42205ef485a647f62082c442c1cd69d3fc (6.18-rc2)
+CVE-2025-40102 [KVM: arm64: Prevent access to vCPU events before init]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/0aa1b76fe1429629215a7c79820e4b96233ac4a3 (6.18-rc2)
+CVE-2025-40101 [btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/fec9b9d3ced39f16be8d7afdf81f4dd2653da319 (6.18-rc2)
+CVE-2025-40100 [btrfs: do not assert we found block group item when creating free space tree]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/a5a51bf4e9b7354ce7cd697e610d72c1b33fd949 (6.18-rc2)
+CVE-2025-40099 [cifs: parse_dfs_referrals: prevent oob on malformed input]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/6447b0e355562a1ff748c4a2ffb89aae7e84d2c9 (6.18-rc2)
+CVE-2025-40098 [ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state()]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8527bbb33936340525a3504a00932b2f8fd75754 (6.18-rc2)
+CVE-2025-40097 [ALSA: hda: Fix missing pointer check in hda_component_manager_init function]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/1cf11d80db5df805b538c942269e05a65bcaf5bc (6.18-rc2)
+CVE-2025-40096 [drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/5801e65206b065b0b2af032f7f1eef222aa2fd83 (6.18-rc2)
+CVE-2025-40095 [usb: gadget: f_rndis: Refactor bind path to use __free()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/08228941436047bdcd35a612c1aec0912a29d8cd (6.18-rc1)
+CVE-2025-40094 [usb: gadget: f_acm: Refactor bind path to use __free()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/47b2116e54b4a854600341487e8b55249e926324 (6.18-rc1)
+CVE-2025-40093 [usb: gadget: f_ecm: Refactor bind path to use __free()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/42988380ac67c76bb9dff8f77d7ef3eefd50b7b5 (6.18-rc1)
+CVE-2025-40092 [usb: gadget: f_ncm: Refactor bind path to use __free()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/75a5b8d4ddd4eb6b16cb0b475d14ff4ae64295ef (6.18-rc1)
+CVE-2025-40091 [ixgbe: fix too early devlink_free() in ixgbe_remove()]
+	- linux <unfixed>
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/5feef67b646d8f5064bac288e22204ffba2b9a4a (6.18-rc2)
+CVE-2025-40090 [ksmbd: fix recursive locking in RPC handle list access]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/88f170814fea74911ceab798a43cbd7c5599bed4 (6.18-rc2)
+CVE-2025-40089 [cxl/features: Add check for no entries in cxl_feature_info]
+	- linux <unfixed>
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a375246fcf2bbdaeb1df7fa7ee5a8b884a89085e (6.18-rc2)
+CVE-2025-40088 [hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/42520df65bf67189541a425f7d36b0b3e7bd7844 (6.18-rc1)
+CVE-2025-40087 [NFSD: Define a proc_layoutcommit for the FlexFiles layout type]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/4b47a8601b71ad98833b447d465592d847b4dc77 (6.18-rc2)
+CVE-2025-40086 [drm/xe: Don't allow evicting of BOs in same VM in array of VM binds]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/7ac74613e5f2ef3450f44fd2127198662c2563a9 (6.18-rc2)
 CVE-2025-9954 (Missing Authorization vulnerability in Drupal Acquia DAM allows Forcef ...)
 	NOT-FOR-US: Drupal core and addons
 CVE-2025-62257 (Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf5c3c25fda923185bbf23592f37dae5cfec98fc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf5c3c25fda923185bbf23592f37dae5cfec98fc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251030/49be6562/attachment-0001.htm>