[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Sep 15 15:45:55 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e423d5f8 by Salvatore Bonaccorso at 2025-09-15T16:44:57+02:00
Merge Linux CVEs from kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2025-39804 [lib/crypto: arm64/poly1305: Fix register corruption in no-SIMD contexts]
+ - linux 6.16.5-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/eec76ea5a7213c48529a46eed1b343e5cee3aaab (6.17-rc1)
+CVE-2025-39803 [scsi: ufs: core: Remove WARN_ON_ONCE() call from ufshcd_uic_cmd_compl()]
+ - linux 6.16.5-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/e5203d89d59bfcbe1f348aa0d2dc4449a8ba644c (6.17-rc3)
+CVE-2025-39802 [lib/crypto: arm/poly1305: Fix register corruption in no-SIMD contexts]
+ - linux 6.16.5-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/52c3e242f4d0043186b70d65460ba1767f27494a (6.17-rc1)
+CVE-2025-39801 [usb: dwc3: Remove WARN_ON for device endpoint command timeouts]
+ - linux 6.16.5-1
+ NOTE: https://git.kernel.org/linus/45eae113dccaf8e502090ecf5b3d9e9b805add6f (6.17-rc3)
+CVE-2025-39800 [btrfs: abort transaction on unexpected eb generation at btrfs_copy_root()]
+ - linux 6.16.5-1
+ NOTE: https://git.kernel.org/linus/33e8f24b52d2796b8cfb28c19a1a7dd6476323a8 (6.17-rc1)
CVE-2025-59378 (In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors ...)
- guix <unfixed> (bug #1115303)
NOTE: https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerability-2025-2/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e423d5f8f1ade782e934c4683a12a769c0cfc653
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e423d5f8f1ade782e934c4683a12a769c0cfc653
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250915/1a787fba/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list