[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 4 21:12:57 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3541afce by security tracker role at 2025-09-04T20:12:48+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,213 +1,543 @@
-CVE-2025-38730 [io_uring/net: commit partial buffers on retry]
+CVE-2025-9636 (pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vul ...)
+ TODO: check
+CVE-2025-9616 (The PopAd plugin for WordPress is vulnerable to Cross-Site Request For ...)
+ TODO: check
+CVE-2025-8311 (dotCMS versions24.03.22 and after, identified a Boolean-based blind SQ ...)
+ TODO: check
+CVE-2025-7388 (It was possible to perform Remote Command Execution (RCE) via Java RMI ...)
+ TODO: check
+CVE-2025-7385 (Input from search query parameter in GOV CMS is not sanitized properly ...)
+ TODO: check
+CVE-2025-6984 (The langchain-ai/langchain project, specifically the EverNoteLoader co ...)
+ TODO: check
+CVE-2025-6785 (Securing externally available CAN wires can easily allow physical acce ...)
+ TODO: check
+CVE-2025-6085 (The Make Connector plugin for WordPress is vulnerable to arbitrary fil ...)
+ TODO: check
+CVE-2025-58361 (Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and ...)
+ TODO: check
+CVE-2025-58353 (Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and ...)
+ TODO: check
+CVE-2025-57576 (PHPGurukul Online Shopping Portal 2.1 is vulnerable to Cross Site Scri ...)
+ TODO: check
+CVE-2025-57263 (An authenticated SQL injection vulnerability in VX Guestbook 1.07 allo ...)
+ TODO: check
+CVE-2025-48581 (In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to ...)
+ TODO: check
+CVE-2025-48563 (In onNullBinding of RemoteFillService.java, there is a possible backgr ...)
+ TODO: check
+CVE-2025-48562 (In writeContent of RemotePrintDocument.java, there is a possible infor ...)
+ TODO: check
+CVE-2025-48561 (In multiple locations, there is a possible way to access data displaye ...)
+ TODO: check
+CVE-2025-48560 (In AndroidManifest.xml, there is a possible way for an app to monitor ...)
+ TODO: check
+CVE-2025-48559 (In multiple functions of AppOpsService.java, there is a possible add a ...)
+ TODO: check
+CVE-2025-48558 (In multiple functions of BatteryService.java, there is a possible way ...)
+ TODO: check
+CVE-2025-48556 (In multiple methods of NotificationChannel.java, there is a possible d ...)
+ TODO: check
+CVE-2025-48554 (In handlePackagesChanged of DevicePolicyManagerService.java, there is ...)
+ TODO: check
+CVE-2025-48553 (In handlePackagesChanged of DevicePolicyManagerService.java, there is ...)
+ TODO: check
+CVE-2025-48552 (In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is ...)
+ TODO: check
+CVE-2025-48551 (In multiple locations, there is a possible leak of an image across the ...)
+ TODO: check
+CVE-2025-48550 (In testGrantSlicePermission of SliceManagerTest.java, there is a possi ...)
+ TODO: check
+CVE-2025-48549 (In multiple locations, there is a possible way to record audio via a b ...)
+ TODO: check
+CVE-2025-48548 (In multiple functions of AppOpsControllerImpl.java, there is a possibl ...)
+ TODO: check
+CVE-2025-48547 (In multiple locations, there is a possible one-time permission bypass ...)
+ TODO: check
+CVE-2025-48546 (In checkPermissions of SafeActivityOptions.java, there is a possible b ...)
+ TODO: check
+CVE-2025-48545 (In isSystemUid of AccountManagerService.java, there is a possible way ...)
+ TODO: check
+CVE-2025-48544 (In multiple locations, there is a possible way to read files belonging ...)
+ TODO: check
+CVE-2025-48543 (In multiple locations, there is a possible way to escape chrome sandbo ...)
+ TODO: check
+CVE-2025-48542 (In multiple functions of AccountManagerService.java, there is a possib ...)
+ TODO: check
+CVE-2025-48541 (In onCreate of FaceSettings.java, there is a possible way to remove bi ...)
+ TODO: check
+CVE-2025-48540 (In processTransactInternal of RpcState.cpp, there is a possible local ...)
+ TODO: check
+CVE-2025-48539 (In SendPacketToPeer of acl_arbiter.cc, there is a possible out of boun ...)
+ TODO: check
+CVE-2025-48538 (In setApplicationHiddenSettingAsUser of PackageManagerService.java, th ...)
+ TODO: check
+CVE-2025-48537 (In multiple locations, there is a possible way to persistently DoS the ...)
+ TODO: check
+CVE-2025-48535 (In assertSafeToStartCustomActivity of AppRestrictionsFragment.java , t ...)
+ TODO: check
+CVE-2025-48534 (In getDefaultCBRPackageName of CellBroadcastHandler.java, there is a p ...)
+ TODO: check
+CVE-2025-48533 (In multiple locations, there is a possible way to use apps linked from ...)
+ TODO: check
+CVE-2025-48532 (In markMediaAsFavorite of MediaProvider.java, there is a possible way ...)
+ TODO: check
+CVE-2025-48531 (In getCallingPackageName of CredentialStorage, there is a possible per ...)
+ TODO: check
+CVE-2025-48530 (In multiple locations, there is a possible condition that results in O ...)
+ TODO: check
+CVE-2025-48529 (In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is ...)
+ TODO: check
+CVE-2025-48528 (In multiple locations, there is a possible way to overlay biometrics d ...)
+ TODO: check
+CVE-2025-48527 (In multiple locations, there is a possible way to leak hidden work pro ...)
+ TODO: check
+CVE-2025-48526 (In createMultiProfilePagerAdapter of ChooserActivity.java , there is a ...)
+ TODO: check
+CVE-2025-48524 (In isSystem of WifiPermissionsUtil.java, there is a possible permissio ...)
+ TODO: check
+CVE-2025-48523 (In onCreate of SelectAccountActivity.java, there is a possible way to ...)
+ TODO: check
+CVE-2025-48522 (In setDisplayName of AssociationRequest.java, there is a possible way ...)
+ TODO: check
+CVE-2025-41063 (A vulnerability has been discovered in version 4.0.5 of appRain CMF, c ...)
+ TODO: check
+CVE-2025-41062 (A vulnerability has been discovered in version 4.0.5 of appRain CMF, c ...)
+ TODO: check
+CVE-2025-41061 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41060 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41059 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41058 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41057 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41056 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41055 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41054 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41053 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41052 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41051 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41050 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41049 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41048 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41047 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41046 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41045 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41044 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41043 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41042 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41041 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41040 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41039 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41038 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41037 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41036 (A vulnerability has been discovered in appRain CMF version 4.0.5, cons ...)
+ TODO: check
+CVE-2025-41035 (A problem has been discovered in appRain CMF 4.0.5. An authenticated P ...)
+ TODO: check
+CVE-2025-41034 (An SQL injection vulnerability has been found in appRain CMF 4.0.5. Th ...)
+ TODO: check
+CVE-2025-41033 (An SQL injection vulnerability has been found in appRain CMF 4.0.5. Th ...)
+ TODO: check
+CVE-2025-41032 (An SQL injection vulnerability has been found in appRain CMF 4.0.5. Th ...)
+ TODO: check
+CVE-2025-32350 (In maybeShowDialog of ControlsSettingsDialogManager.kt, there is a pos ...)
+ TODO: check
+CVE-2025-32349 (In multiple locations, there is a possible privilege escalation due to ...)
+ TODO: check
+CVE-2025-32347 (In onStart of BiometricEnrollIntroduction.java, there is a possible wa ...)
+ TODO: check
+CVE-2025-32346 (In onActivityResult of VoicemailSettingsActivity.java, there is a poss ...)
+ TODO: check
+CVE-2025-32345 (In updateState of ContentProtectionTogglePreferenceController.java, th ...)
+ TODO: check
+CVE-2025-32333 (In startSpaActivityForApp of SpaActivity.kt, there is a possible cross ...)
+ TODO: check
+CVE-2025-32332 (In multiple locations, there is a possible memory corruption due to a ...)
+ TODO: check
+CVE-2025-32331 (In showDismissibleKeyguard of KeyguardService.java, there is a possibl ...)
+ TODO: check
+CVE-2025-32330 (In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is ...)
+ TODO: check
+CVE-2025-32327 (In multiple functions of PickerDbFacade.java, there is a possible unau ...)
+ TODO: check
+CVE-2025-32326 (In multiple functions of AppRestrictionsFragment.java, there is a poss ...)
+ TODO: check
+CVE-2025-32325 (In appendFrom of Parcel.cpp, there is a possible out of bounds write d ...)
+ TODO: check
+CVE-2025-32324 (In onCommand of ActivityManagerShellCommand.java, there is a possible ...)
+ TODO: check
+CVE-2025-32323 (In getCallingAppName of Shared.java, there is a possible way to trick ...)
+ TODO: check
+CVE-2025-32322 (In onCreate of MediaProjectionPermissionActivity.java , there is a pos ...)
+ TODO: check
+CVE-2025-32321 (In isSafeIntent of AccountTypePreferenceLoader.java, there is a possib ...)
+ TODO: check
+CVE-2025-32312 (In createIntentsList of PackageParser.java , there is a possible way t ...)
+ TODO: check
+CVE-2025-2694 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 thro ...)
+ TODO: check
+CVE-2025-2667 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 thro ...)
+ TODO: check
+CVE-2025-2411 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
+ TODO: check
+CVE-2025-26464 (In executeAppFunction of AppSearchManagerService.java, there is a poss ...)
+ TODO: check
+CVE-2025-26463 (In allowPackageAccess of multiple files, resource exhaustion is possib ...)
+ TODO: check
+CVE-2025-26462 (In AccessibilityServiceConnection.java, there is a possible background ...)
+ TODO: check
+CVE-2025-26458 (In multiple functions of LocationProviderManager.java, there is a poss ...)
+ TODO: check
+CVE-2025-26456 (In multiple functions of DexUseManagerLocal.java, there is a possible ...)
+ TODO: check
+CVE-2025-26455 (In multiple functions of NdkMediaCodec.cpp, there is a possible out of ...)
+ TODO: check
+CVE-2025-26454 (In validateUriSchemeAndPermission of DisclaimersParserImpl.java , ther ...)
+ TODO: check
+CVE-2025-26453 (In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is ...)
+ TODO: check
+CVE-2025-26452 (In loadDrawableForCookie of ResourcesImpl.java, there is a possible wa ...)
+ TODO: check
+CVE-2025-26450 (In onInputEvent of IInputMethodSessionWrapper.java, there is a possibl ...)
+ TODO: check
+CVE-2025-26449 (In multiple locations, there is a possible permanent denial of service ...)
+ TODO: check
+CVE-2025-26448 (In writeToParcel of CursorWindow.cpp, there is a possible out of bound ...)
+ TODO: check
+CVE-2025-26445 (In offerNetwork of ConnectivityService.java, there is a possible leak ...)
+ TODO: check
+CVE-2025-26444 (In onHandleForceStop of VoiceInteractionManagerService.java, there is ...)
+ TODO: check
+CVE-2025-26443 (In parseHtml of HtmlToSpannedParser.java, there is a possible way to i ...)
+ TODO: check
+CVE-2025-26442 (In onCreate of NotificationAccessConfirmationActivity.java, there is a ...)
+ TODO: check
+CVE-2025-26441 (In add_attr of sdp_discovery.cc, there is a possible out of bounds rea ...)
+ TODO: check
+CVE-2025-26440 (In multiple functions of CameraService.cpp, there is a possible way to ...)
+ TODO: check
+CVE-2025-26439 (In getComponentName of AccessibilitySettingsUtils.java, there is a pos ...)
+ TODO: check
+CVE-2025-26438 (In smp_process_secure_connection_oob_data of smp_act.cc, there is a po ...)
+ TODO: check
+CVE-2025-26437 (In CredentialManagerServiceStub of CredentialManagerService.java, ther ...)
+ TODO: check
+CVE-2025-26436 (In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a ...)
+ TODO: check
+CVE-2025-26435 (In updateState of ContentProtectionTogglePreferenceController.java, th ...)
+ TODO: check
+CVE-2025-26432 (In multiple locations, there is a possible way to persistently DoS the ...)
+ TODO: check
+CVE-2025-26431 (In setupAccessibilityServices of AccessibilityFragment.java, there is ...)
+ TODO: check
+CVE-2025-26430 (In getDestinationForApp of SpaAppBridgeActivity, there is a possible c ...)
+ TODO: check
+CVE-2025-26429 (In collectOps of AppOpsService.java, there is a possible way to cause ...)
+ TODO: check
+CVE-2025-26428 (In startLockTaskMode of LockTaskController.java, there is a possible l ...)
+ TODO: check
+CVE-2025-26427 (In multiple locations, there is a possible Android/data access due to ...)
+ TODO: check
+CVE-2025-26426 (In BroadcastController.java of registerReceiverWithFeatureTraced, ther ...)
+ TODO: check
+CVE-2025-26425 (In multiple functions of RoleService.java, there is a possible permiss ...)
+ TODO: check
+CVE-2025-26424 (In multiple functions of VpnManager.java, there is a possible cross-us ...)
+ TODO: check
+CVE-2025-26423 (In validateIpConfiguration of WifiConfigurationUtil.java, there is a p ...)
+ TODO: check
+CVE-2025-26422 (In dump of WindowManagerService.java, there is a possible way of runni ...)
+ TODO: check
+CVE-2025-26421 (In multiple locations, there is a possible lock screen bypass due to a ...)
+ TODO: check
+CVE-2025-26420 (In multiple functions of GrantPermissionsActivity.java , there is a po ...)
+ TODO: check
+CVE-2025-26419 (In initPhoneSwitch of SystemSettingsFragment.java, there is a possible ...)
+ TODO: check
+CVE-2025-25048 (IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 i ...)
+ TODO: check
+CVE-2025-23302 (NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of ...)
+ TODO: check
+CVE-2025-23301 (NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of ...)
+ TODO: check
+CVE-2025-23262 (NVIDIA ConnectX contains a vulnerability in the management interface, ...)
+ TODO: check
+CVE-2025-23261 (NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where ...)
+ TODO: check
+CVE-2025-23259 (NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver (PMD ...)
+ TODO: check
+CVE-2025-23258 (NVIDIA DOCA contains a vulnerability in the collectx-dpeserver Debian ...)
+ TODO: check
+CVE-2025-23257 (NVIDIA DOCA contains a vulnerability in the collectx-clxapidev Debian ...)
+ TODO: check
+CVE-2025-23256 (NVIDIA BlueField contains a vulnerability in the management interface, ...)
+ TODO: check
+CVE-2025-22441 (In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews. ...)
+ TODO: check
+CVE-2025-22425 (In onCreate of InstallStart.java, there is a possible permissions bypa ...)
+ TODO: check
+CVE-2025-22415 (In android_app of Android.bp, there is a possible way to launch any ac ...)
+ TODO: check
+CVE-2025-22414 (In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a p ...)
+ TODO: check
+CVE-2025-0089 (In multiple locations, there is a possible way to hijack the Launcher ...)
+ TODO: check
+CVE-2025-0087 (In onCreate of UninstallerActivity.java, there is a possible way to un ...)
+ TODO: check
+CVE-2025-0077 (In multiple functions of UserController.java, there is a possible lock ...)
+ TODO: check
+CVE-2025-0076 (In multiple locations, there is a possible way to view icons belonging ...)
+ TODO: check
+CVE-2024-49739 (In MMapVAccess of pmr_os.c, there is a possible out of bounds write du ...)
+ TODO: check
+CVE-2024-49731 (In apk-versions.txt, there is a possible corruption of telemetry opt-i ...)
+ TODO: check
+CVE-2024-49714 (In avrc_vendor_msg of avrc_opt.cc, there is a possible out of bounds w ...)
+ TODO: check
+CVE-2024-43184 (IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 i ...)
+ TODO: check
+CVE-2024-40664 (In setupAccessibilityServices of AccessibilityFragment.java , there is ...)
+ TODO: check
+CVE-2024-34598 (Improper export of component in GoodLock prior to version 2.2.04.95 al ...)
+ TODO: check
+CVE-2024-13073 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2023-35657 (In bta_av_config_ind of bta_av_aact.cc, there is a possible out of bou ...)
+ TODO: check
+CVE-2025-38730 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.16.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/41b70df5b38bc80967d2e0ed55cc3c3896bba781 (6.17-rc2)
-CVE-2025-38729 [ALSA: usb-audio: Validate UAC3 power domain descriptors, too]
+CVE-2025-38729 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/d832ccbc301fbd9e5a1d691bdcf461cdb514595f (6.17-rc2)
-CVE-2025-38728 [smb3: fix for slab out of bounds on mount to ksmbd]
+CVE-2025-38728 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/7d34ec36abb84fdfb6632a0f2cbda90379ae21fc (6.17-rc2)
-CVE-2025-38727 [netlink: avoid infinite retry looping in netlink_unicast()]
+CVE-2025-38727 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/759dfc7d04bab1b0b86113f1164dc1fec192b859 (6.17-rc1)
-CVE-2025-38726 [net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect]
+CVE-2025-38726 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e88fbc30dda1cb7438515303704ceddb3ade4ecd (6.17-rc1)
-CVE-2025-38725 [net: usb: asix_devices: add phy_mask for ax88772 mdio bus]
+CVE-2025-38725 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4faff70959d51078f9ee8372f8cff0d7045e4114 (6.17-rc2)
-CVE-2025-38724 [nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()]
+CVE-2025-38724 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/908e4ead7f757504d8b345452730636e298cbf68 (6.17-rc1)
-CVE-2025-38723 [LoongArch: BPF: Fix jump offset calculation in tailcall]
+CVE-2025-38723 (In the Linux kernel, the following vulnerability has been resolved: L ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/cd39d9e6b7e4c58fa77783e7aedf7ada51d02ea3 (6.17-rc1)
-CVE-2025-38722 [habanalabs: fix UAF in export_dmabuf()]
+CVE-2025-38722 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/33927f3d0ecdcff06326d6e4edb6166aed42811c (6.17-rc2)
-CVE-2025-38721 [netfilter: ctnetlink: fix refcount leak on table dump]
+CVE-2025-38721 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/de788b2e6227462b6dcd0e07474e72c089008f74 (6.17-rc2)
-CVE-2025-38720 [net: hibmcge: fix rtnl deadlock issue]
+CVE-2025-38720 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c875503a9b9082928d7d3fc60b5400d16fbfae4e (6.17-rc2)
-CVE-2025-38719 [net: hibmcge: fix the division by zero issue]
+CVE-2025-38719 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7004b26f0b64331143eb0b312e77a357a11427ce (6.17-rc2)
-CVE-2025-38718 [sctp: linearize cloned gso packets in sctp_rcv]
+CVE-2025-38718 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/fd60d8a086191fe33c2d719732d2482052fa6805 (6.17-rc2)
-CVE-2025-38717 [net: kcm: Fix race condition in kcm_unattach()]
+CVE-2025-38717 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/52565a935213cd6a8662ddb8efe5b4219343a25d (6.17-rc2)
-CVE-2025-38716 [hfs: fix general protection fault in hfs_find_init()]
+CVE-2025-38716 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/736a0516a16268995f4898eded49bfef077af709 (6.17-rc1)
-CVE-2025-38715 [hfs: fix slab-out-of-bounds in hfs_bnode_read()]
+CVE-2025-38715 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/a431930c9bac518bf99d6b1da526a7f37ddee8d8 (6.17-rc1)
-CVE-2025-38714 [hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()]
+CVE-2025-38714 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/c80aa2aaaa5e69d5219c6af8ef7e754114bd08d2 (6.17-rc1)
-CVE-2025-38713 [hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()]
+CVE-2025-38713 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/94458781aee6045bd3d0ad4b80b02886b9e2219b (6.17-rc1)
-CVE-2025-38712 [hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()]
+CVE-2025-38712 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/c7c6363ca186747ebc2df10c8a1a51e66e0e32d9 (6.17-rc1)
-CVE-2025-38711 [smb/server: avoid deadlock when linking with ReplaceIfExists]
+CVE-2025-38711 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/d5fc1400a34b4ea5e8f2ce296ea12bf8c8421694 (6.17-rc1)
-CVE-2025-38710 [gfs2: Validate i_depth for exhash directories]
+CVE-2025-38710 (In the Linux kernel, the following vulnerability has been resolved: g ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/557c024ca7250bb65ae60f16c02074106c2f197b (6.17-rc1)
-CVE-2025-38709 [loop: Avoid updating block size under exclusive owner]
+CVE-2025-38709 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/7e49538288e523427beedd26993d446afef1a6fb (6.17-rc1)
-CVE-2025-38708 [drbd: add missing kref_get in handle_write_conflicts]
+CVE-2025-38708 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/00c9c9628b49e368d140cfa61d7df9b8922ec2a8 (6.17-rc1)
-CVE-2025-38707 [fs/ntfs3: Add sanity check for file name]
+CVE-2025-38707 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/e841ecb139339602bc1853f5f09daa5d1ea920a2 (6.17-rc1)
-CVE-2025-38706 [ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()]
+CVE-2025-38706 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/2d91cb261cac6d885954b8f5da28b5c176c18131 (6.17-rc1)
-CVE-2025-38705 [drm/amd/pm: fix null pointer access]
+CVE-2025-38705 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/d524d40e3a6152a3ea1125af729f8cd8ca65efde (6.17-rc1)
-CVE-2025-38704 [rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access]
+CVE-2025-38704 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/1bba3900ca18bdae28d1b9fa10f16a8f8cb2ada1 (6.17-rc1)
-CVE-2025-38703 [drm/xe: Make dma-fences compliant with the safe access rules]
+CVE-2025-38703 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/6bd90e700b4285e6a7541e00f969cab0d696adde (6.17-rc1)
-CVE-2025-38702 [fbdev: fix potential buffer overflow in do_register_framebuffer()]
+CVE-2025-38702 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/523b84dc7ccea9c4d79126d6ed1cf9033cf83b05 (6.17-rc1)
-CVE-2025-38701 [ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr]
+CVE-2025-38701 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/099b847ccc6c1ad2f805d13cfbcc83f5b6d4bc42 (6.17-rc1)
-CVE-2025-38700 [scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated]
+CVE-2025-38700 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/3ea3a256ed81f95ab0f3281a0e234b01a9cae605 (6.17-rc1)
-CVE-2025-38699 [scsi: bfa: Double-free fix]
+CVE-2025-38699 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/add4c4850363d7c1b72e8fce9ccb21fdd2cf5dc9 (6.17-rc1)
-CVE-2025-38698 [jfs: Regular file corruption check]
+CVE-2025-38698 (In the Linux kernel, the following vulnerability has been resolved: j ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/2d04df8116426b6c7b9f8b9b371250f666a2a2fb (6.17-rc1)
-CVE-2025-38697 [jfs: upper bound check of tree index in dbAllocAG]
+CVE-2025-38697 (In the Linux kernel, the following vulnerability has been resolved: j ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/c214006856ff52a8ff17ed8da52d50601d54f9ce (6.17-rc1)
-CVE-2025-38696 [MIPS: Don't crash in stack_top() for tasks without ABI or vDSO]
+CVE-2025-38696 (In the Linux kernel, the following vulnerability has been resolved: M ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/e9f4a6b3421e936c3ee9d74710243897d74dbaa2 (6.17-rc1)
-CVE-2025-38695 [scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure]
+CVE-2025-38695 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/6698796282e828733cde3329c887b4ae9e5545e9 (6.17-rc1)
-CVE-2025-38694 [media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()]
+CVE-2025-38694 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/ce5cac69b2edac3e3246fee03e8f4c2a1075238b (6.17-rc1)
-CVE-2025-38693 [media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar]
+CVE-2025-38693 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/ed0234c8458b3149f15e496b48a1c9874dd24a1b (6.17-rc1)
-CVE-2025-38692 [exfat: add cluster chain loop check for dir]
+CVE-2025-38692 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/99f9a97dce39ad413c39b92c90393bbd6778f3fd (6.17-rc1)
-CVE-2025-38691 [pNFS: Fix uninited ptr deref in block/scsi layout]
+CVE-2025-38691 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/9768797c219326699778fba9cd3b607b2f1e7950 (6.17-rc1)
-CVE-2025-38690 [drm/xe/migrate: prevent infinite recursion]
+CVE-2025-38690 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9d7a1cbebbb691891671def57407ba2f8ee914e8 (6.17-rc2)
-CVE-2025-38689 [x86/fpu: Fix NULL dereference in avx512_status()]
+CVE-2025-38689 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/31cd31c9e17ece125aad27259501a2af69ccb020 (6.17-rc2)
-CVE-2025-38688 [iommufd: Prevent ALIGN() overflow]
+CVE-2025-38688 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b42497e3c0e74db061eafad41c0cd7243c46436b (6.17-rc1)
-CVE-2025-38687 [comedi: fix race between polling and detaching]
+CVE-2025-38687 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/35b6fc51c666fc96355be5cd633ed0fe4ccf68b2 (6.17-rc1)
-CVE-2025-38686 [userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry]
+CVE-2025-38686 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/aba6faec0103ed8f169be8dce2ead41fcb689446 (6.17-rc2)
-CVE-2025-38685 [fbdev: Fix vmalloc out-of-bounds write in fast_imageblit]
+CVE-2025-38685 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/af0db3c1f898144846d4c172531a199bb3ca375d (6.17-rc1)
-CVE-2025-38684 [net/sched: ets: use old 'nbands' while purging unused classes]
+CVE-2025-38684 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/87c6efc5ce9c126ae4a781bc04504b83780e3650 (6.17-rc2)
-CVE-2025-38683 [hv_netvsc: Fix panic during namespace deletion with VF]
+CVE-2025-38683 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/33caa208dba6fa639e8a92fd0c8320b652e5550c (6.17-rc2)
-CVE-2025-38682 [i2c: core: Fix double-free of fwnode in i2c_unregister_device()]
+CVE-2025-38682 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1c24e5fc0c7096e00c202a6a3e0c342c1afb47c2 (6.17-rc1)
-CVE-2025-38681 [mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()]
+CVE-2025-38681 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/59305202c67fea50378dcad0cc199dbc13a0e99a (6.17-rc1)
-CVE-2025-38680 [media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()]
+CVE-2025-38680 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/782b6a718651eda3478b1824b37a8b3185d2740c (6.17-rc1)
-CVE-2025-38679 [media: venus: Fix OOB read due to missing payload bound check]
+CVE-2025-38679 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.16.3-1
[trixie] - linux 6.12.43-1
NOTE: https://git.kernel.org/linus/06d6770ff0d8cc8dfd392329a8cc03e2a83e7289 (6.17-rc1)
@@ -301,13 +631,13 @@ CVE-2025-36906 (In ConvertReductionOp of darwinn_mlir_converter_aidl.cc, there i
NOT-FOR-US: Google devices
CVE-2025-36905 (In gxp_mapping_create of gxp_mapping.c, there is a possible privilege ...)
NOT-FOR-US: Google devices
-CVE-2025-36904 (N/A)
+CVE-2025-36904 (WLAN in Android before 2025-09-05 on Google Pixel devices allows eleva ...)
NOT-FOR-US: Google devices
CVE-2025-36903 (In lwis_io_buffer_write, there is a possible OOB read/write due to imp ...)
NOT-FOR-US: Google devices
CVE-2025-36902 (In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs.c, there is a possib ...)
NOT-FOR-US: Google devices
-CVE-2025-36901 (N/A)
+CVE-2025-36901 (WLAN in Android before 2025-09-05 on Google Pixel devices allows eleva ...)
NOT-FOR-US: Google devices
CVE-2025-36900 (In lwis_test_register_io of lwis_device_test.c, there is a possible OO ...)
NOT-FOR-US: Google devices
@@ -317,7 +647,7 @@ CVE-2025-36898 (There is a possible escalation of privilege due to a logic error
NOT-FOR-US: Google devices
CVE-2025-36897 (In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bou ...)
NOT-FOR-US: Google devices
-CVE-2025-36896 (N/A)
+CVE-2025-36896 (WLAN in Android before 2025-09-05 on Google Pixel devices allows eleva ...)
NOT-FOR-US: Google devices
CVE-2025-36895 (Information disclosure)
NOT-FOR-US: Google devices
@@ -469,7 +799,7 @@ CVE-2025-58460 (A missing permission check in Jenkins OpenTelemetry Plugin 3.154
NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-58459 (Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does ...)
NOT-FOR-US: Jenkins (core or plugin)
-CVE-2025-58458 (In Jenkins Git client Plugin 6.3.2 and earlier, Git URL field form val ...)
+CVE-2025-58458 (In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1 ...)
NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-57151 (phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site ...)
NOT-FOR-US: PHPGurukul
@@ -22499,6 +22829,7 @@ CVE-2025-23999 (Missing Authorization vulnerability in Cloudways Breeze allows E
CVE-2025-20271 (A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX ...)
NOT-FOR-US: Cisco
CVE-2025-20260 (A vulnerability in the PDF scanning processes of ClamAV could allow an ...)
+ {DLA-4292-1}
- clamav 1.4.3+dfsg-1 (bug #1108046)
[bookworm] - clamav <no-dsa> (clamav is being updated via -updates)
NOTE: https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
@@ -71439,6 +71770,7 @@ CVE-2025-20165 (A vulnerability in the SIP processing subsystem of Cisco BroadWo
CVE-2025-20156 (A vulnerability in the REST API of Cisco Meeting Management could allo ...)
NOT-FOR-US: Cisco
CVE-2025-20128 (A vulnerability in the Object Linking and Embedding 2 (OLE2) decryptio ...)
+ {DLA-4292-1}
- clamav 1.4.2+dfsg-1 (bug #1093880)
[bookworm] - clamav <no-dsa> (clamav is being updated via -updates)
NOTE: https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
@@ -256083,7 +256415,7 @@ CVE-2023-21344 (In Job Scheduler, there is a possible way to determine whether a
NOT-FOR-US: Android
CVE-2023-21343 (In ActivityStarter, there is a possible background activity launch due ...)
NOT-FOR-US: Android
-CVE-2023-21342 (In Speech, there is a possible way to bypass background activity launc ...)
+CVE-2023-21342 (In RemoteSpeechRecognitionService of RemoteSpeechRecognitionService.ja ...)
NOT-FOR-US: Android
CVE-2023-21341 (In Permission Manager, there is a possible way to bypass required perm ...)
NOT-FOR-US: Android
@@ -271910,8 +272242,8 @@ CVE-2022-39890 (Improper Authorization in Samsung Billing prior to version 5.0.5
NOT-FOR-US: Samsung
CVE-2022-39889 (Improper access control vulnerability in GalaxyWatch4Plugin prior to v ...)
NOT-FOR-US: Samsung
-CVE-2022-39888
- RESERVED
+CVE-2022-39888 (Improper access control vulnerability in retrieveExternalProxy in Misc ...)
+ TODO: check
CVE-2022-39887 (Improper access control vulnerability in clearAllGlobalProxy in MiscPo ...)
NOT-FOR-US: Samsung
CVE-2022-39886 (Improper access control vulnerability in IpcRxServiceModeBigDataInfo i ...)
@@ -346676,7 +347008,7 @@ CVE-2021-39812 (In TBD of TBD, there is a possible out of bounds read due to a u
NOT-FOR-US: Pixel
CVE-2021-39811
RESERVED
-CVE-2021-39810 (In NFC, there is a possible way to setup a default contactless payment ...)
+CVE-2021-39810 (In verifyDefaults of CardEmulationManager.java, there is a possible wa ...)
NOT-FOR-US: Android
CVE-2021-39809 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible o ...)
NOT-FOR-US: Android
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3541afce79cc9abea1b4aaa7d8013b12f66b1a92
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3541afce79cc9abea1b4aaa7d8013b12f66b1a92
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250904/e8fcd9e6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list