[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 2 13:02:57 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
707bfc4a by Salvatore Bonaccorso at 2026-04-02T14:02:41+02:00
Merge Linux CVEs from kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,34 @@
+CVE-2026-23417 [bpf: Fix constant blinding for PROBE_MEM32 stores]
+ - linux <unfixed>
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/2321a9596d2260310267622e0ad8fbfa6f95378f (7.0-rc5)
+CVE-2026-23416 [mm/mseal: update VMA end correctly on merge]
+ - linux <unfixed>
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/2697dd8ae721db4f6a53d4f4cbd438212a80f8dc (7.0-rc6)
+CVE-2026-23415 [futex: Fix UaF between futex_key_to_node_opt() and vma_replace_policy()]
+ - linux <unfixed>
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/190a8c48ff623c3d67cb295b4536a660db2012aa (7.0-rc6)
+CVE-2026-23414 [tls: Purge async_hold in tls_decrypt_async_wait()]
+ - linux <unfixed>
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/84a8335d8300576f1b377ae24abca1d9f197807f (7.0-rc6)
+CVE-2026-23413 [clsact: Fix use-after-free in init/destroy rollback asymmetry]
+ - linux 6.19.10-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/a0671125d4f55e1e98d9bde8a0b671941987e208 (7.0-rc5)
+CVE-2026-23412 [netfilter: bpf: defer hook memory release until rcu readers are done]
+ - linux 6.19.10-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/24f90fa3994b992d1a09003a3db2599330a5232a (7.0-rc5)
CVE-2026-5325 (A vulnerability was determined in SourceCodester Simple Customer Relat ...)
NOT-FOR-US: SourceCodester
CVE-2026-5323 (A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vul ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/707bfc4abdffb1ed20d4b79434a01bd1567b90b5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/707bfc4abdffb1ed20d4b79434a01bd1567b90b5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260402/f29e376e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list