[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Sep 16 20:55:35 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
787f04ae by Salvatore Bonaccorso at 2025-09-16T21:54:58+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,203 @@
+CVE-2023-53334 [USB: chipidea: fix memory leak with using debugfs_lookup()]
+	- linux 6.1.20-1
+	NOTE: https://git.kernel.org/linus/ff35f3ea3baba5b81416ac02d005cfbf6dd182fa (6.3-rc1)
+CVE-2023-53333 [netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one]
+	- linux 6.4.4-1
+	[bookworm] - linux 6.1.52-1
+	[bullseye] - linux 5.10.191-1
+	NOTE: https://git.kernel.org/linus/ff0a3a7d52ff7282dbd183e7fc29a1fe386b0c30 (6.5-rc1)
+CVE-2023-53332 [genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask()]
+	- linux 6.1.20-1
+	NOTE: https://git.kernel.org/linus/feabecaff5902f896531dde90646ca5dfa9d4f7d (6.3-rc1)
+CVE-2023-53331 [pstore/ram: Check start of empty przs during init]
+	- linux 6.5.3-1
+	[bookworm] - linux 6.1.55-1
+	[bullseye] - linux 5.10.197-1
+	NOTE: https://git.kernel.org/linus/fe8c3623ab06603eb760444a032d426542212021 (6.6-rc1)
+CVE-2023-53330 [caif: fix memory leak in cfctrl_linkup_request()]
+	- linux 6.1.7-1
+	[bullseye] - linux 5.10.178-1
+	NOTE: https://git.kernel.org/linus/fe69230f05897b3de758427b574fc98025dfc907 (6.2-rc3)
+CVE-2023-53329 [workqueue: fix data race with the pwq->stats[] increment]
+	- linux 6.5.3-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/fe48ba7daefe75bbbefa2426deddc05f2d530d2d (6.6-rc1)
+CVE-2023-53328 [fs/ntfs3: Enhance sanity check while generating attr_list]
+	- linux 6.5.3-1
+	[bookworm] - linux 6.1.52-1
+	NOTE: https://git.kernel.org/linus/fdec309c7672cbee4dc0229ee4cbb33c948a1bdd (6.5-rc1)
+CVE-2023-53327 [iommufd/selftest: Catch overflow of uptr and length]
+	- linux 6.3.7-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/fd8c1a4aee973e87d890a5861e106625a33b2c4e (6.4-rc1)
+CVE-2023-53326 [powerpc: Don't try to copy PPR for task with NULL pt_regs]
+	- linux 6.1.25-1
+	[bullseye] - linux 5.10.178-1
+	NOTE: https://git.kernel.org/linus/fd7276189450110ed835eb0a334e62d2f1c4e3be (6.3-rc5)
+CVE-2023-53325 [drm/mediatek: dp: Change logging to dev for mtk_dp_aux_transfer()]
+	- linux 6.5.6-1
+	[bookworm] - linux 6.1.55-1
+	NOTE: https://git.kernel.org/linus/fd70e2019bfbcb0ed90c5e23839bf510ce6acf8f (6.6-rc1)
+CVE-2023-53324 [drm/msm/mdp5: Don't leak some plane state]
+	- linux 6.5.3-1
+	[bookworm] - linux 6.1.55-1
+	[bullseye] - linux 5.10.197-1
+	NOTE: https://git.kernel.org/linus/fd0ad3b2365c1c58aa5a761c18efc4817193beb6 (6.6-rc1)
+CVE-2023-53323 [ext2/dax: Fix ext2_setsize when len is page aligned]
+	- linux 6.4.11-1
+	[bookworm] - linux 6.1.52-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/fcced95b6ba2a507a83b8b3e0358a8ac16b13e35 (6.5-rc1)
+CVE-2023-53322 [scsi: qla2xxx: Wait for io return on terminate rport]
+	- linux 6.4.11-1
+	[bookworm] - linux 6.1.52-1
+	[bullseye] - linux 5.10.191-1
+	NOTE: https://git.kernel.org/linus/fc0cba0c7be8261a1625098bd1d695077ec621c9 (6.5-rc1)
+CVE-2023-53321 [wifi: mac80211_hwsim: drop short frames]
+	- linux 6.5.6-1
+	[bookworm] - linux 6.1.55-1
+	[bullseye] - linux 5.10.197-1
+	NOTE: https://git.kernel.org/linus/fba360a047d5eeeb9d4b7c3a9b1c8308980ce9a6 (6.6-rc1)
+CVE-2023-53320 [scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info()]
+	- linux 6.1.20-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/fb428a2005fc1260d18b989cc5199f281617f44d (6.3-rc1)
+CVE-2023-53319 [KVM: arm64: Handle kvm_arm_init failure correctly in finalize_pkvm]
+	- linux 6.4.11-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/fa729bc7c9c8c17a2481358c841ef8ca920485d3 (6.5-rc3)
+CVE-2023-53318 [recordmcount: Fix memory leaks in the uwrite function]
+	- linux 6.3.7-1
+	[bookworm] - linux 6.1.37-1
+	[bullseye] - linux 5.10.191-1
+	NOTE: https://git.kernel.org/linus/fa359d068574d29e7d2f0fdd0ebe4c6a12b5cfb9 (6.4-rc1)
+CVE-2023-53317 [ext4: fix WARNING in mb_find_extent]
+	- linux 6.3.7-1
+	[bookworm] - linux 6.1.37-1
+	[bullseye] - linux 5.10.191-1
+	NOTE: https://git.kernel.org/linus/fa08a7b61dff8a4df11ff1e84abfc214b487caf7 (6.4-rc2)
+CVE-2023-53316 [drm/msm/dp: Free resources after unregistering them]
+	- linux 6.4.4-1
+	[bookworm] - linux 6.1.52-1
+	[bullseye] - linux 5.10.191-1
+	NOTE: https://git.kernel.org/linus/fa0048a4b1fa7a50c8b0e514f5b428abdf69a6f8 (6.5-rc1)
+CVE-2023-53315 [wifi: ath11k: Fix SKB corruption in REO destination ring]
+	- linux 6.3.7-1
+	[bookworm] - linux 6.1.37-1
+	[bullseye] - linux 5.10.191-1
+	NOTE: https://git.kernel.org/linus/f9fff67d2d7ca6fa8066132003a3deef654c55b1 (6.4-rc1)
+CVE-2023-53314 [fbdev/ep93xx-fb: Do not assign to struct fb_info.dev]
+	- linux 6.5.6-1
+	[bookworm] - linux 6.1.55-1
+	[bullseye] - linux 5.10.197-1
+	NOTE: https://git.kernel.org/linus/f90a0e5265b60cdd3c77990e8105f79aa2fac994 (6.6-rc1)
+CVE-2023-53313 [md/raid10: fix wrong setting of max_corr_read_errors]
+	- linux 6.4.4-1
+	[bookworm] - linux 6.1.52-1
+	[bullseye] - linux 5.10.191-1
+	NOTE: https://git.kernel.org/linus/f8b20a405428803bd9881881d8242c9d72c6b2b2 (6.5-rc1)
+CVE-2023-53312 [net: fix net_dev_start_xmit trace event vs skb_transport_offset()]
+	- linux 6.4.4-1
+	[bookworm] - linux 6.1.52-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f88fcb1d7d961b4b402d675109726f94db87571c (6.5-rc1)
+CVE-2023-53311 [nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput]
+	- linux 6.4.11-1
+	[bookworm] - linux 6.1.52-1
+	[bullseye] - linux 5.10.191-1
+	NOTE: https://git.kernel.org/linus/f8654743a0e6909dc634cbfad6db6816f10f3399 (6.5-rc6)
+CVE-2023-53310 [power: supply: axp288_fuel_gauge: Fix external_power_changed race]
+	- linux 6.3.7-1
+	[bookworm] - linux 6.1.37-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f8319774d6f1567d6e7d03653174ab0c82c5c66d (6.4-rc4)
+CVE-2023-53309 [drm/radeon: Fix integer overflow in radeon_cs_parser_init]
+	- linux 6.4.11-1
+	[bookworm] - linux 6.1.52-1
+	[bullseye] - linux 5.10.197-1
+	NOTE: https://git.kernel.org/linus/f828b681d0cd566f86351c0b913e6cb6ed8c7b9c (6.5-rc1)
+CVE-2023-53308 [net: fec: Better handle pm_runtime_get() failing in .remove()]
+	- linux 6.3.7-1
+	[bookworm] - linux 6.1.37-1
+	[bullseye] - linux 5.10.191-1
+	NOTE: https://git.kernel.org/linus/f816b9829b19394d318e01953aa3b2721bca040d (6.4-rc3)
+CVE-2023-53307 [rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails]
+	- linux 6.1.20-1
+	[bullseye] - linux 5.10.178-1
+	NOTE: https://git.kernel.org/linus/f7c4d9b133c7a04ca619355574e96b6abf209fba (6.3-rc1)
+CVE-2023-53306 [fsdax: force clear dirty mark if CoW]
+	- linux 6.3.7-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f76b3a32879de215ced3f8c754c4077b0c2f79e3 (6.3-rc6)
+CVE-2023-53305 [Bluetooth: L2CAP: Fix use-after-free]
+	- linux 6.4.13-1
+	[bookworm] - linux 6.1.52-1
+	[bullseye] - linux 5.10.197-1
+	NOTE: https://git.kernel.org/linus/f752a0b334bb95fe9b42ecb511e0864e2768046f (6.5-rc1)
+CVE-2023-53304 [netfilter: nft_set_rbtree: fix overlap expiration walk]
+	- linux 6.4.11-1
+	[bookworm] - linux 6.1.52-1
+	[bullseye] - linux 5.10.191-1
+	NOTE: https://git.kernel.org/linus/f718863aca469a109895cb855e6b81fff4827d71 (6.5-rc4)
+CVE-2022-50352 [net: hns: fix possible memory leak in hnae_ae_register()]
+	- linux 6.0.6-1
+	[bullseye] - linux 5.10.158-1
+	NOTE: https://git.kernel.org/linus/ff2f5ec5d009844ec28f171123f9e58750cef4bf (6.1-rc2)
+CVE-2022-50351 [cifs: Fix xid leak in cifs_create()]
+	- linux 6.0.6-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/fee0fb1f15054bb6a0ede452acb42da5bef4d587 (6.1-rc2)
+CVE-2022-50350 [scsi: target: iscsi: Fix a race condition between login_work and the login thread]
+	- linux 6.1.4-1
+	NOTE: https://git.kernel.org/linus/fec1b2fa62c162d03f5dcd7b03e3c89d3116d49f (6.2-rc1)
+CVE-2022-50349 [misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()]
+	- linux 6.1.4-1
+	[bullseye] - linux 5.10.178-1
+	NOTE: https://git.kernel.org/linus/fd2c930cf6a5b9176382c15f9acb1996e76e25ad (6.2-rc1)
+CVE-2022-50348 [nfsd: Fix a memory leak in an error handling path]
+	- linux 6.0.3-1
+	[bullseye] - linux 5.10.158-1
+	NOTE: https://git.kernel.org/linus/fd1ef88049de09bc70d60b549992524cfc0e66ff (6.1-rc1)
+CVE-2022-50347 [mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()]
+	- linux 6.1.4-1
+	[bullseye] - linux 5.10.178-1
+	NOTE: https://git.kernel.org/linus/fc38a5a10e9e5a75eb9189854abeb8405b214cc9 (6.2-rc1)
+CVE-2022-50346 [ext4: init quota for 'old.inode' in 'ext4_rename']
+	- linux 6.1.4-1
+	[bullseye] - linux 5.10.178-1
+	NOTE: https://git.kernel.org/linus/fae381a3d79bb94aa2eb752170d47458d778b797 (6.2-rc1)
+CVE-2022-50345 [NFSD: Protect against send buffer overflow in NFSv3 READ]
+	- linux 6.0.3-1
+	[bullseye] - linux 5.10.221-1
+	NOTE: https://git.kernel.org/linus/fa6be9cc6e80ec79892ddf08a8c10cabab9baf38 (6.1-rc1)
+CVE-2022-50344 [ext4: fix null-ptr-deref in ext4_write_info]
+	- linux 6.0.3-1
+	[bullseye] - linux 5.10.158-1
+	NOTE: https://git.kernel.org/linus/f9c1f248607d5546075d3f731e7607d5571f2b60 (6.1-rc1)
+CVE-2022-50343 [rapidio: fix possible name leaks when rio_add_device() fails]
+	- linux 6.1.4-1
+	[bullseye] - linux 5.10.178-1
+	NOTE: https://git.kernel.org/linus/f9574cd48679926e2a569e1957a5a1bcc8a719ac (6.2-rc1)
+CVE-2022-50342 [floppy: Fix memory leak in do_floppy_init()]
+	- linux 6.1.4-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f8ace2e304c5dd8a7328db9cd2b8a4b1b98d83ec (6.2-rc1)
+CVE-2022-50341 [cifs: fix oops during encryption]
+	- linux 6.1.4-1
+	[bullseye] - linux 5.10.178-1
+	NOTE: https://git.kernel.org/linus/f7f291e14dde32a07b1f0aa06921d28f875a7b54 (6.2-rc1)
+CVE-2022-50340 [media: vimc: Fix wrong function called when vimc_init() fails]
+	- linux 6.1.4-1
+	[bullseye] - linux 5.10.178-1
+	NOTE: https://git.kernel.org/linus/f74d3f326d1d5b8951ce263c59a121ecfa65e7c0 (6.2-rc1)
+CVE-2022-50339 [Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev()]
+	- linux 6.0.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f74ca25d6d6629ffd4fd80a1a73037253b57d06b (6.1-rc1)
 CVE-2025-10537
 	- firefox <unfixed>
 	- firefox-esr <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/787f04aeea3c19ce33411443b180b90b95628136

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/787f04aeea3c19ce33411443b180b90b95628136
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250916/0b63c283/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list