[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Sat Feb 14 15:40:01 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e7bf8454 by Salvatore Bonaccorso at 2026-02-14T16:39:36+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,117 @@
+CVE-2026-23131 [platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names]
+	- linux 6.18.8-1
+	[trixie] - linux 6.12.69-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/fdee1b09721605f532352628d0a24623e7062efb (6.19-rc7)
+CVE-2026-23130 [wifi: ath12k: fix dead lock while flushing management frames]
+	- linux 6.18.8-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f88e9fc30a261d63946ddc6cc6a33405e6aa27c3 (6.19-rc7)
+CVE-2026-23129 [dpll: Prevent duplicate registrations]
+	- linux 6.18.8-1
+	[trixie] - linux 6.12.69-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f3ddbaaaaf4d0633b40482f471753f9c71294a4a (6.19-rc7)
+CVE-2026-23127 [perf: Fix refcount warning on event->mmap_count increment]
+	- linux 6.18.8-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d06bf78e55d5159c1b00072e606ab924ffbbad35 (6.19-rc7)
+CVE-2026-23125 [sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT]
+	- linux 6.18.8-1
+	[trixie] - linux 6.12.69-1
+	[bookworm] - linux 6.1.162-1
+	[bullseye] - linux 5.10.249-1
+	NOTE: https://git.kernel.org/linus/a80c9d945aef55b23b54838334345f20251dad83 (6.19-rc7)
+CVE-2026-23124 [ipv6: annotate data-race in ndisc_router_discovery()]
+	- linux 6.18.8-1
+	[trixie] - linux 6.12.69-1
+	[bookworm] - linux 6.1.162-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9a063f96d87efc3a6cc667f8de096a3d38d74bb5 (6.19-rc7)
+CVE-2026-23123 [interconnect: debugfs: initialize src_node and dst_node to empty strings]
+	- linux 6.18.8-1
+	[trixie] - linux 6.12.69-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8cc27f5c6dd17dd090f3a696683f04336c162ff5 (6.19-rc7)
+CVE-2026-23122 [igc: Reduce TSN TX packet buffer from 7KB to 5KB per queue]
+	- linux 6.18.8-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8ad1b6c1e63d25f5465b7a8aa403bdcee84b86f9 (6.19-rc7)
+CVE-2026-23121 [mISDN: annotate data-race around dev->work]
+	- linux 6.18.8-1
+	[trixie] - linux 6.12.69-1
+	[bookworm] - linux 6.1.162-1
+	[bullseye] - linux 5.10.249-1
+	NOTE: https://git.kernel.org/linus/8175dbf174d487afab81e936a862a8d9b8a1ccb6 (6.19-rc7)
+CVE-2026-23120 [l2tp: avoid one data-race in l2tp_tunnel_del_work()]
+	- linux 6.18.8-1
+	[trixie] - linux 6.12.69-1
+	[bookworm] - linux 6.1.162-1
+	[bullseye] - linux 5.10.249-1
+	NOTE: https://git.kernel.org/linus/7a29f6bf60f2590fe5e9c4decb451e19afad2bcf (6.19-rc7)
+CVE-2026-23119 [bonding: provide a net pointer to __skb_flow_dissect()]
+	- linux 6.18.8-1
+	[trixie] - linux 6.12.69-1
+	[bookworm] - linux 6.1.162-1
+	[bullseye] - linux 5.10.249-1
+	NOTE: https://git.kernel.org/linus/5f9b329096596b7e53e07d041d7fca4cbe1be752 (6.19-rc7)
+CVE-2026-23117 [ice: add missing ice_deinit_hw() in devlink reinit path]
+	- linux 6.18.8-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/42fb5f3deb582cb96440e4683745017dbabb83d6 (6.19-rc7)
+CVE-2026-23116 [pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu]
+	- linux 6.18.8-1
+	[trixie] - linux 6.12.69-1
+	[bookworm] - linux 6.1.162-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3de49966499634454fd59e0e6fecd50baab7febd (6.19-rc7)
+CVE-2026-23115 [serial: Fix not set tty->port race condition]
+	- linux 6.18.8-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/32f37e57583f869140cff445feedeea8a5fea986 (6.19-rc7)
+CVE-2026-23114 [arm64/fpsimd: ptrace: Fix SVE writes on !SME systems]
+	- linux 6.18.8-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/128a7494a9f15aad60cc6b7e3546bf481ac54a13 (6.19-rc7)
+CVE-2025-71200 [mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode]
+	- linux 6.18.8-1
+	[trixie] - linux 6.12.69-1
+	[bookworm] - linux 6.1.162-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3009738a855cf938bbfc9078bec725031ae623a4 (6.19-rc7)
+CVE-2026-23128 [arm64: Set __nocfi on swsusp_arch_resume()]
+	- linux 6.18.8-1
+	[trixie] - linux 6.12.69-1
+	[bookworm] - linux 6.1.162-1
+	NOTE: https://git.kernel.org/linus/e2f8216ca2d8e61a23cb6ec355616339667e0ba6 (6.19-rc7)
+CVE-2026-23126 [netdevsim: fix a race issue related to the operation on bpf_bound_progs list]
+	- linux 6.18.8-1
+	[trixie] - linux 6.12.69-1
+	[bookworm] - linux 6.1.162-1
+	NOTE: https://git.kernel.org/linus/b97d5eedf4976cc94321243be83b39efe81a0e15 (6.19-rc7)
+CVE-2026-23118 [rxrpc: Fix data-race warning and potential load/store tearing]
+	- linux 6.18.8-1
+	[trixie] - linux 6.12.69-1
+	NOTE: https://git.kernel.org/linus/5d5fe8bcd331f1e34e0943ec7c18432edfcf0e8b (6.19-rc7)
+CVE-2026-23113 [io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop]
+	- linux 6.18.8-1
+	[trixie] - linux 6.12.69-1
+	NOTE: https://git.kernel.org/linus/10dc959398175736e495f71c771f8641e1ca1907 (6.19-rc7)
 CVE-2026-2469 (Versions of the package directorytree/imapengine before 1.22.3 are vul ...)
 	TODO: check
 CVE-2026-2144 (The Magic Login Mail or QR Code plugin for WordPress is vulnerable to  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7bf84546858acc581220f42939113e8acf5f450

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7bf84546858acc581220f42939113e8acf5f450
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260214/5ebbec28/attachment-0001.htm>
