[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 19 20:44:00 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
95b1f565 by Salvatore Bonaccorso at 2025-09-19T21:43:00+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,123 @@
+CVE-2025-39866 [fs: writeback: fix use-after-free in __mark_inode_dirty()]
+	- linux 6.16.6-1
+	NOTE: https://git.kernel.org/linus/d02d2c98d25793902f65803ab853b592c7a96b29 (6.17-rc3)
+CVE-2025-39865 [tee: fix NULL pointer dereference in tee_shm_put]
+	- linux 6.16.6-1
+	NOTE: https://git.kernel.org/linus/e4a718a3a47e89805c3be9d46a84de1949a98d5d (6.17-rc5)
+CVE-2025-39864 [wifi: cfg80211: fix use-after-free in cmp_bss()]
+	- linux 6.16.6-1
+	NOTE: https://git.kernel.org/linus/26e84445f02ce6b2fe5f3e0e28ff7add77f35e08 (6.17-rc5)
+CVE-2025-39863 [wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work]
+	- linux 6.16.6-1
+	NOTE: https://git.kernel.org/linus/9cb83d4be0b9b697eae93d321e0da999f9cdfcfc (6.17-rc5)
+CVE-2025-39862 [wifi: mt76: mt7915: fix list corruption after hardware restart]
+	- linux 6.16.6-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/065c79df595af21d6d1b27d642860faa1d938774 (6.17-rc5)
+CVE-2025-39861 [Bluetooth: vhci: Prevent use-after-free by removing debugfs files early]
+	- linux 6.16.6-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/28010791193a4503f054e8d69a950ef815deb539 (6.17-rc5)
+CVE-2025-39860 [Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()]
+	- linux 6.16.6-1
+	NOTE: https://git.kernel.org/linus/862c628108562d8c7a516a900034823b381d3cba (6.17-rc5)
+CVE-2025-39859 [ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog]
+	- linux 6.16.6-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8bf935cf789872350b04c1a6468b0a509f67afb2 (6.17-rc5)
+CVE-2025-39858 [eth: mlx4: Fix IS_ERR() vs NULL check bug in mlx4_en_create_rx_ring]
+	- linux 6.16.6-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/e580beaf43d563aaf457f1c7f934002355ebfe7b (6.17-rc5)
+CVE-2025-39857 [net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync()]
+	- linux 6.16.6-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ba1e9421cf1a8369d25c3832439702a015d6b5f9 (6.17-rc5)
+CVE-2025-39856 [net: ethernet: ti: am65-cpsw-nuss: Fix null pointer dereference for ndev]
+	- linux 6.16.6-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a6099f263e1f408bcc7913c9df24b0677164fc5d (6.17-rc5)
+CVE-2025-39855 [ice: fix NULL access of tx->in_use in ice_ptp_ts_irq]
+	- linux 6.16.6-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/403bf043d9340196e06769065169df7444b91f7a (6.17-rc5)
+CVE-2025-39854 [ice: fix NULL access of tx->in_use in ice_ll_ts_intr]
+	- linux 6.16.6-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f6486338fde3f04ed0ec59fe67a69a208c32734f (6.17-rc5)
+CVE-2025-39853 [i40e: Fix potential invalid access when MAC list is empty]
+	- linux 6.16.6-1
+	NOTE: https://git.kernel.org/linus/a556f06338e1d5a85af0e32ecb46e365547f92b9 (6.17-rc5)
+CVE-2025-39852 [net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6]
+	- linux 6.16.6-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/fa390321aba0a54d0f7ae95ee4ecde1358bb9234 (6.17-rc5)
+CVE-2025-39851 [vxlan: Fix NPD when refreshing an FDB entry with a nexthop object]
+	- linux 6.16.6-1
+	NOTE: https://git.kernel.org/linus/6ead38147ebb813f08be6ea8ef547a0e4c09559a (6.17-rc5)
+CVE-2025-39850 [vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects]
+	- linux 6.16.6-1
+	NOTE: https://git.kernel.org/linus/1f5d2fd1ca04a23c18b1bde9a43ce2fa2ffa1bce (6.17-rc5)
+CVE-2025-39849 [wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result()]
+	- linux 6.16.6-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/62b635dcd69c4fde7ce1de4992d71420a37e51e3 (6.17-rc5)
+CVE-2025-39848 [ax25: properly unshare skbs in ax25_kiss_rcv()]
+	- linux 6.16.6-1
+	NOTE: https://git.kernel.org/linus/8156210d36a43e76372312c87eb5ea3dbb405a85 (6.17-rc5)
+CVE-2025-39847 [ppp: fix memory leak in pad_compress_skb]
+	- linux 6.16.6-1
+	NOTE: https://git.kernel.org/linus/4844123fe0b853a4982c02666cb3fd863d701d50 (6.17-rc5)
+CVE-2025-39846 [pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region()]
+	- linux 6.16.6-1
+	NOTE: https://git.kernel.org/linus/44822df89e8f3386871d9cad563ece8e2fd8f0e7 (6.17-rc5)
+CVE-2025-39845 [x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings()]
+	- linux 6.16.6-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/6659d027998083fbb6d42a165b0c90dc2e8ba989 (6.17-rc5)
+CVE-2025-39844 [mm: move page table sync declarations to linux/pgtable.h]
+	- linux 6.16.6-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/7cc183f2e67d19b03ee5c13a6664b8c6cc37ff9d (6.17-rc5)
+CVE-2025-39843 [mm: slub: avoid wake up kswapd in set_track_prepare]
+	- linux 6.16.6-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/850470a8413a8a78e772c4f6bd9fe81ec6bd5b0f (6.17-rc5)
+CVE-2025-39842 [ocfs2: prevent release journal inode after journal shutdown]
+	- linux 6.16.6-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f46e8ef8bb7b452584f2e75337b619ac51a7cadf (6.17-rc5)
+CVE-2025-39841 [scsi: lpfc: Fix buffer free/clear order in deferred receive path]
+	- linux 6.16.6-1
+	NOTE: https://git.kernel.org/linus/9dba9a45c348e8460da97c450cddf70b2056deb3 (6.17-rc5)
+CVE-2025-39840 [audit: fix out-of-bounds read in audit_compare_dname_path()]
+	- linux 6.16.6-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4540f1d23e7f387880ce46d11b5cd3f27248bf8d (6.17-rc5)
+CVE-2025-39839 [batman-adv: fix OOB read/write in network-coding decode]
+	- linux 6.16.6-1
+	NOTE: https://git.kernel.org/linus/d77b6ff0ce35a6d0b0b7b9581bc3f76d041d4087 (6.17-rc5)
+CVE-2025-39838 [cifs: prevent NULL pointer dereference in UTF16 conversion]
+	- linux 6.16.6-1
+	NOTE: https://git.kernel.org/linus/70bccd9855dae56942f2b18a08ba137bb54093a0 (6.17-rc5)
+CVE-2025-39837 [platform/x86: asus-wmi: Fix racy registrations]
+	- linux 6.16.6-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/5549202b9c02c2ecbc8634768a3da8d9e82d548d (6.17-rc5)
 CVE-2025-9909
 	NOT-FOR-US: Red Hat Ansible Automation Platform
 CVE-2025-9908



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95b1f56592d0340e199676c9c8d4be913476884e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95b1f56592d0340e199676c9c8d4be913476884e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250919/c1a80971/attachment.htm>

More information about the debian-security-tracker-commits mailing list