[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Wed Feb 18 15:22:08 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
02cab4ec by Salvatore Bonaccorso at 2026-02-18T16:21:39+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2026-23230 [smb: client: split cached_fid bitfields to avoid shared-byte RMW races]
+	- linux 6.18.12-1
+CVE-2026-23229 [crypto: virtio - Add spinlock protection with virtqueue notification]
+	- linux 6.18.12-1
+CVE-2026-23228 [smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()]
+	- linux 6.18.12-1
+CVE-2026-23227 [drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free]
+	- linux 6.18.12-1
+CVE-2026-23226 [ksmbd: add chann_lock to protect ksmbd_chann_list xarray]
+	- linux 6.18.12-1
+CVE-2026-23225 [sched/mmcid: Don't assume CID is CPU owned on mode switch]
+	- linux <unfixed>
+CVE-2026-23224 [erofs: fix UAF issue for file-backed mounts w/ directio option]
+	- linux 6.18.12-1
+CVE-2026-23223 [xfs: fix UAF in xchk_btree_check_block_owner]
+	- linux 6.18.12-1
+CVE-2026-23222 [crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly]
+	- linux 6.18.12-1
+CVE-2026-23221 [bus: fsl-mc: fix use-after-free in driver_override_show()]
+	- linux 6.18.12-1
+CVE-2026-23220 [ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths]
+	- linux 6.18.12-1
+CVE-2025-71237 [nilfs2: Fix potential block overflow that cause system hang]
+	- linux 6.18.12-1
+CVE-2025-71236 [scsi: qla2xxx: Validate sp before freeing associated memory]
+	- linux 6.18.12-1
+CVE-2025-71235 [scsi: qla2xxx: Delay module unload while fabric scan in progress]
+	- linux 6.18.12-1
+CVE-2025-71234 [wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add]
+	- linux 6.18.12-1
+CVE-2025-71233 [PCI: endpoint: Avoid creating sub-groups asynchronously]
+	- linux 6.18.12-1
+CVE-2025-71232 [scsi: qla2xxx: Free sp in error path to fix system crash]
+	- linux 6.18.12-1
+CVE-2025-71231 [crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode]
+	- linux 6.18.12-1
+CVE-2025-71230 [hfs: ensure sb->s_fs_info is always cleaned up]
+	- linux 6.18.12-1
+CVE-2025-71229 [wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()]
+	- linux 6.18.12-1
 CVE-2026-23219 [mm/slab: Add alloc_tagging_slab_free_hook for memcg_alloc_abort_single]
 	- linux 6.18.10-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02cab4ecc31a484c4d10dbdf95b95ff27ce53041

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02cab4ecc31a484c4d10dbdf95b95ff27ce53041
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260218/bc630ee2/attachment-0001.htm>
