[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 3 19:57:13 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
714e18a6 by Salvatore Bonaccorso at 2026-04-03T20:56:43+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,276 @@
+CVE-2026-31404 [NFSD: Defer sub-object cleanup in export put callbacks]
+	- linux 6.19.10-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/48db892356d6cb80f6942885545de4a6dd8d2a29 (7.0-rc5)
+CVE-2026-31398 [mm/rmap: fix incorrect pte restoration for lazyfree folios]
+	- linux 6.19.10-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/29f40594a28114b9a9bc87f6cf7bbee9609628f2 (7.0-rc5)
+CVE-2026-31397 [mm/huge_memory: fix use of NULL folio in move_pages_huge_pmd()]
+	- linux 6.19.10-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/fae654083bfa409bb2244f390232e2be47f05bfc (7.0-rc5)
+CVE-2026-31395 [bnxt_en: fix OOB access in DBG_BUF_PRODUCER async event handler]
+	- linux 6.19.10-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/64dcbde7f8f870a4f2d9daf24ffb06f9748b5dd3 (7.0-rc5)
+CVE-2026-31390 [drm/xe: Fix memory leak in xe_vm_madvise_ioctl]
+	- linux 6.19.10-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/0cfe9c4838f1147713f6b5c02094cd4dc0c598fa (7.0-rc3)
+CVE-2026-23467 [drm/i915/dmc: Fix an unlikely NULL pointer deference at probe]
+	- linux 6.19.10-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ac57eb3b7d2ad649025b5a0fa207315f755ac4f6 (7.0-rc5)
+CVE-2026-23453 [net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode]
+	- linux 6.19.10-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/719d3e71691db7c4f1658ba5a6d1472928121594 (7.0-rc5)
+CVE-2026-23451 [bonding: prevent potential infinite loop in bond_header_parse()]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/b7405dcf7385445e10821777143f18c3ce20fa04 (7.0-rc5)
+CVE-2026-23443 [ACPI: processor: Fix previous acpi_processor_errata_piix4() fix]
+	- linux 6.19.10-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/bf504b229cb8d534eccbaeaa23eba34c05131e25 (7.0-rc5)
+CVE-2026-23437 [net: shaper: protect late read accesses to the hierarchy]
+	- linux 6.19.10-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/0f9ea7141f365b4f27226898e62220fb98ef8dc6 (7.0-rc5)
+CVE-2026-23436 [net: shaper: protect from late creation of hierarchy]
+	- linux 6.19.10-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d75ec7e8ba1979a1eb0b9211d94d749cdce849c8 (7.0-rc5)
+CVE-2026-23435 [perf/x86: Move event pointer setup earlier in x86_pmu_enable()]
+	- linux 6.19.10-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8d5fae6011260de209aaf231120e8146b14bc8e0 (7.0-rc5)
+CVE-2026-23433 [arm_mpam: Fix null pointer dereference when restoring bandwidth counters]
+	- linux 6.19.10-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4ad79c874e53ebb7fe3b8ae7ac6c858a2121f415 (7.0-rc5)
+CVE-2026-23432 [mshv: Fix use-after-free in mshv_map_user_memory error path]
+	- linux 6.19.10-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/6922db250422a0dfee34de322f86b7a73d713d33 (7.0-rc5)
+CVE-2026-23431 [spi: amlogic-spisg: Fix memory leak in aml_spisg_probe()]
+	- linux 6.19.10-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/b8db9552997924b750e727a625a30eaa4603bbb9 (7.0-rc5)
+CVE-2026-23430 [drm/vmwgfx: Don't overwrite KMS surface dirty tracker]
+	- linux 6.19.10-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c6cb77c474a32265e21c4871c7992468bf5e7638 (7.0-rc5)
+CVE-2026-23429 [iommu/sva: Fix crash in iommu_sva_unbind_device()]
+	- linux 6.19.10-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/06e14c36e20b48171df13d51b89fe67c594ed07a (7.0-rc5)
+CVE-2026-31403 [NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/e7fcf179b82d3a3730fd8615da01b087cc654d0b (7.0-rc5)
+CVE-2026-31402 [nfsd: fix heap overflow in NFSv4.0 LOCK replay cache]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/5133b61aaf437e5f25b1b396b14242a6bb0508e2 (7.0-rc5)
+CVE-2026-31401 [HID: bpf: prevent buffer overflow in hid_hw_request]
+	- linux 6.19.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/2b658c1c442ec1cd9eec5ead98d68662c40fe645 (7.0-rc5)
+CVE-2026-31400 [sunrpc: fix cache_request leak in cache_release]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/17ad31b3a43b72aec3a3d83605891e1397d0d065 (7.0-rc5)
+CVE-2026-31399 [nvdimm/bus: Fix potential use after free in asynchronous initialization]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/a8aec14230322ed8f1e8042b6d656c1631d41163 (7.0-rc5)
+CVE-2026-31396 [net: macb: fix use-after-free access to PTP clock]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/8da13e6d63c1a97f7302d342c89c4a56a55c7015 (7.0-rc5)
+CVE-2026-31394 [mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/672e5229e1ecfc2a3509b53adcb914d8b024a853 (7.0-rc5)
+CVE-2026-31393 [Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/dd815e6e3918dc75a49aaabac36e4f024d675101 (7.0-rc5)
+CVE-2026-31392 [smb: client: fix krb5 mount with username option]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/12b4c5d98cd7ca46d5035a57bcd995df614c14e1 (7.0-rc5)
+CVE-2026-31391 [crypto: atmel-sha204a - Fix OOM ->tfm_count leak]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/d240b079a37e90af03fd7dfec94930eb6c83936e (7.0-rc3)
+CVE-2026-31389 [spi: fix use-after-free on controller registration failure]
+	- linux 6.19.10-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8634e05b08ead636e926022f4a98416e13440df9 (7.0-rc5)
+CVE-2026-23475 [spi: fix statistics allocation]
+	- linux 6.19.10-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/dee0774bbb2abb172e9069ce5ffef579b12b3ae9 (7.0-rc5)
+CVE-2026-23474 [mtd: Avoid boot crash in RedBoot partition table parser]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/8e2f8020270af7777d49c2e7132260983e4fc566 (7.0-rc5)
+CVE-2026-23473 [io_uring/poll: fix multishot recv missing EOF on wakeup race]
+	- linux 6.19.10-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a68ed2df72131447d131531a08fe4dfcf4fa4653 (7.0-rc5)
+CVE-2026-23472 [serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/455ce986fa356ff43a43c0d363ba95fa152f21d5 (7.0-rc5)
+CVE-2026-23471 [drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/6bee098b91417654703e17eb5c1822c6dfd0c01d (7.0-rc5)
+CVE-2026-23470 [drm/imagination: Fix deadlock in soft reset sequence]
+	- linux 6.19.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a55c2a5c8d680156495b7b1e2a9f5a3e313ba524 (7.0-rc5)
+CVE-2026-23469 [drm/imagination: Synchronize interrupts before suspending the GPU]
+	- linux 6.19.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/2d7f05cddf4c268cc36256a2476946041dbdd36d (7.0-rc5)
+CVE-2026-23468 [drm/amdgpu: Limit BO list entry count to prevent resource exhaustion]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/6270b1a5dab94665d7adce3dc78bc9066ed28bdd (7.0-rc5)
+CVE-2026-23466 [drm/xe: Open-code GGTT MMIO access protection]
+	- linux 6.19.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/01f2557aa684e514005541e71a3d01f4cd45c170 (7.0-rc5)
+CVE-2026-23465 [btrfs: log new dentries when logging parent dir of a conflicting inode]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/9573a365ff9ff45da9222d3fe63695ce562beb24 (7.0-rc5)
+CVE-2026-23464 [soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe()]
+	- linux 6.19.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/5a741f8cc6fe62542f955cd8d24933a1b6589cbd (7.0-rc5)
+CVE-2026-23463 [soc: fsl: qbman: fix race condition in qman_destroy_fq]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/014077044e874e270ec480515edbc1cadb976cf2 (7.0-rc5)
+CVE-2026-23462 [Bluetooth: HIDP: Fix possible UAF]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/dbf666e4fc9bdd975a61bf682b3f75cb0145eedd (7.0-rc5)
+CVE-2026-23461 [Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user]
+	- linux 6.19.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/752a6c9596dd25efd6978a73ff21f3b592668f4a (7.0-rc5)
+CVE-2026-23460 [net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/e1f0a18c9564cdb16523c802e2c6fe5874e3d944 (7.0-rc5)
+CVE-2026-23459 [ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS]
+	- linux 6.19.10-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8431c602f551549f082bbfa67f3003f2d8e3e132 (7.0-rc5)
+CVE-2026-23458 [netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct()]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/5cb81eeda909dbb2def209dd10636b51549a3f8a (7.0-rc5)
+CVE-2026-23457 [netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp()]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/fbce58e719a17aa215c724473fd5baaa4a8dc57c (7.0-rc5)
+CVE-2026-23456 [netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/1e3a3593162c96e8a8de48b1e14f60c3b57fca8a (7.0-rc5)
+CVE-2026-23455 [netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/f173d0f4c0f689173f8cdac79991043a4a89bf66 (7.0-rc5)
+CVE-2026-23454 [net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown]
+	- linux 6.19.10-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/fa103fc8f56954a60699a29215cb713448a39e87 (7.0-rc5)
+CVE-2026-23452 [PM: runtime: Fix a race condition related to device removal]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/29ab768277617452d88c0607c9299cdc63b6e9ff (7.0-rc5)
+CVE-2026-23450 [net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock()]
+	- linux 6.19.10-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/6d5e4538364b9ceb1ac2941a4deb86650afb3538 (7.0-rc5)
+CVE-2026-23449 [net/sched: teql: Fix double-free in teql_master_xmit]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/66360460cab63c248ca5b1070a01c0c29133b960 (7.0-rc5)
+CVE-2026-23448 [net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/2aa8a4fa8d5b7d0e1ebcec100e1a4d80a1f4b21a (7.0-rc5)
+CVE-2026-23447 [net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/77914255155e68a20aa41175edeecf8121dac391 (7.0-rc5)
+CVE-2026-23446 [net: usb: aqc111: Do not perform PM inside suspend callback]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/069c8f5aebe4d5224cf62acc7d4b3486091c658a (7.0-rc5)
+CVE-2026-23445 [igc: fix page fault in XDP TX timestamps handling]
+	- linux 6.19.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/45b33e805bd39f615d9353a7194b2da5281332df (7.0-rc5)
+CVE-2026-23444 [wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/d5ad6ab61cbd89afdb60881f6274f74328af3ee9 (7.0-rc5)
+CVE-2026-23442 [ipv6: add NULL checks for idev in SRv6 paths]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/06413793526251870e20402c39930804f14d59c0 (7.0-rc5)
+CVE-2026-23441 [net/mlx5e: Prevent concurrent access to IPSec ASO context]
+	- linux 6.19.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/99b36850d881e2d65912b2520a1c80d0fcc9429a (7.0-rc5)
+CVE-2026-23440 [net/mlx5e: Fix race condition during IPSec ESN update]
+	- linux 6.19.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/beb6e2e5976a128b0cccf10d158124422210c5ef (7.0-rc5)
+CVE-2026-23439 [udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/b3a6df291fecf5f8a308953b65ca72b7fc9e015d (7.0-rc5)
+CVE-2026-23438 [net: mvpp2: guard flow control update with global_tx_fc in buffer switching]
+	- linux 6.19.10-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8a63baadf08453f66eb582fdb6dd234f72024723 (7.0-rc5)
+CVE-2026-23434 [mtd: rawnand: serialize lock/unlock against other NAND operations]
+	- linux 6.19.10-1
+	NOTE: https://git.kernel.org/linus/bab2bc6e850a697a23b9e5f0e21bb8c187615e95 (7.0-rc5)
+CVE-2026-23428 [ksmbd: fix use-after-free of share_conf in compound request]
+	- linux 6.19.10-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c33615f995aee80657b9fdfbc4ee7f49c2bd733d (7.0-rc5)
+CVE-2026-23427 [ksmbd: fix use-after-free in durable v2 replay of active file handles]
+	- linux 6.19.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/b425e4d0eb321a1116ddbf39636333181675d8f4 (7.0-rc5)
 CVE-2026-23425 [KVM: arm64: Fix ID register initialization for non-protected pKVM guests]
 	- linux 6.19.8-1
 	[trixie] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/714e18a6e634725ed73421886c289ebfe5923717

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/714e18a6e634725ed73421886c289ebfe5923717
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260403/bc7ba9a9/attachment.htm>

More information about the debian-security-tracker-commits mailing list