[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Fri Apr 3 19:49:36 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2a4dc429 by Salvatore Bonaccorso at 2026-04-03T20:49:09+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,48 @@
+CVE-2026-23425 [KVM: arm64: Fix ID register initialization for non-protected pKVM guests]
+	- linux 6.19.8-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/7e7c2cf0024d89443a7af52e09e47b1fe634ab17 (7.0-rc2)
+CVE-2026-23424 [accel/amdxdna: Validate command buffer payload count]
+	- linux 6.19.8-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/901ec3470994006bc8dd02399e16b675566c3416 (7.0-rc2)
+CVE-2026-23423 [btrfs: free pages on error in btrfs_uring_read_extent()]
+	- linux 6.19.8-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3f501412f2079ca14bf68a18d80a2b7a823f1f64 (7.0-rc3)
+CVE-2026-23421 [drm/xe/configfs: Free ctx_restore_mid_bb in release]
+	- linux 6.19.8-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/e377182f0266f46f02d01838e6bde67b9dac0d66 (7.0-rc3)
+CVE-2026-23418 [drm/xe/reg_sr: Fix leak on xa_store failure]
+	- linux 6.19.8-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3091723785def05ebfe6a50866f87a044ae314ba (7.0-rc3)
+CVE-2026-23426 [drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()]
+	- linux 6.19.8-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207 (7.0-rc2)
+CVE-2026-23422 [dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler]
+	- linux 6.19.8-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/74badb9c20b1a9c02a95c735c6d3cd6121679c93 (7.0-rc3)
+CVE-2026-23420 [wifi: wlcore: Fix a locking bug]
+	- linux 6.19.8-1
+	NOTE: https://git.kernel.org/linus/72c6df8f284b3a49812ce2ac136727ace70acc7c (7.0-rc3)
+CVE-2026-23419 [net/rds: Fix circular locking dependency in rds_tcp_tune]
+	- linux 6.19.8-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/6a877ececd6daa002a9a0002cd0fbca6592a9244 (7.0-rc3)
 CVE-2026-5463 (Command injection vulnerability in console.run_module_with_output() in ...)
 	NOT-FOR-US: pymetasploit3
 CVE-2026-5457 (A security flaw has been discovered in PropertyGuru AgentNet Singapore ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a4dc429d152500ad810bca3b59510b44fc3a20d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a4dc429d152500ad810bca3b59510b44fc3a20d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260403/98f1ceb5/attachment-0001.htm>
