[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 13 19:39:30 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f1063f92 by Salvatore Bonaccorso at 2026-01-13T20:38:41+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,206 @@
+CVE-2025-68812 [media: iris: Add sanity check for stop streaming]
+	- linux 6.18.3-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ad699fa78b59241c9d71a8cafb51525f3dab04d4 (6.19-rc1)
+CVE-2025-68807 [block: fix race between wbt_enable_default and IO submission]
+	- linux 6.18.3-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9869d3a6fed381f3b98404e26e1afc75d680cbf9 (6.19-rc2)
+CVE-2025-68805 [fuse: fix io-uring list corruption for terminated non-committed requests]
+	- linux 6.18.3-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/95c39eef7c2b666026c69ab5b30471da94ea2874 (6.19-rc1)
+CVE-2025-68793 [drm/amdgpu: fix a job->pasid access race in gpu recovery]
+	- linux 6.18.3-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/77f73253015cbc7893fca1821ac3eae9eb4bc943 (6.19-rc2)
+CVE-2025-68791 [fuse: missing copy_finish in fuse-over-io-uring argument copies]
+	- linux 6.18.3-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/6e0d7f7f4a43ac8868e98c87ecf48805aa8c24dd (6.19-rc1)
+CVE-2025-68790 [net/mlx5: Fix double unregister of HCA_PORTS component]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/6a107cfe9c99a079e578a4c5eb70038101a3599f (6.19-rc2)
+CVE-2025-68779 [net/mlx5e: Avoid unregistering PSP twice]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/35e93736f69963337912594eb3951ab320b77521 (6.19-rc2)
+CVE-2025-68823 [ublk: fix deadlock when reading partition table]
+	- linux 6.18.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c258f5c4502c9667bccf5d76fa731ab9c96687c1 (6.19-rc2)
+CVE-2025-68822 [Input: alps - fix use-after-free bugs caused by dev3_register_work]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/bf40644ef8c8a288742fa45580897ed0e0289474 (6.19-rc2)
+CVE-2025-68821 [fuse: fix readahead reclaim deadlock]
+	- linux 6.18.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/bd5603eaae0aabf527bfb3ce1bb07e979ce5bd50 (6.19-rc1)
+CVE-2025-68820 [ext4: xattr: fix null pointer deref in ext4_raw_inode()]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/b97cb7d6a051aa6ebd57906df0e26e9e36c26d14 (6.19-rc1)
+CVE-2025-68819 [media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/b91e6aafe8d356086cc621bc03e35ba2299e4788 (6.19-rc1)
+CVE-2025-68818 [scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path"]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/b57fbc88715b6d18f379463f48a15b560b087ffe (6.19-rc1)
+CVE-2025-68817 [ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/b39a1833cc4a2755b02603eec3a71a85e9dff926 (6.19-rc1)
+CVE-2025-68816 [net/mlx5: fw_tracer, Validate format string parameters]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/b35966042d20b14e2d83330049f77deec5229749 (6.19-rc2)
+CVE-2025-68815 [net/sched: ets: Remove drr class from the active list if it changes to strict]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/b1e125ae425aba9b45252e933ca8df52a843ec70 (6.19-rc2)
+CVE-2025-68814 [io_uring: fix filename leak in __io_openat_prep()]
+	- linux 6.18.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/b14fad555302a2104948feaff70503b64c80ac01 (6.19-rc3)
+CVE-2025-68813 [ipvs: fix ipv4 null-ptr-deref in route error path]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/ad891bb3d079a46a821bf2b8867854645191bab0 (6.19-rc2)
+CVE-2025-68811 [svcrdma: use rc_pageoff for memcpy byte offset]
+	- linux 6.18.3-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a8ee9099f30654917aa68f55d707b5627e1dbf77 (6.19-rc3)
+CVE-2025-68810 [KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot]
+	- linux 6.18.3-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9935df5333aa503a18de5071f53762b65c783c4c (6.19-rc2)
+CVE-2025-68809 [ksmbd: vfs: fix race on m_flags in vfs_cache]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/991f8a79db99b14c48d20d2052c82d65b9186cad (6.19-rc1)
+CVE-2025-68808 [media: vidtv: initialize local pointers upon transfer of memory ownership]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/98aabfe2d79f74613abc2b0b1cef08f97eaf5322 (6.19-rc1)
+CVE-2025-68806 [ksmbd: fix buffer validation by including null terminator size in EA length]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/95d7a890e4b03e198836d49d699408fd1867cb55 (6.19-rc2)
+CVE-2025-68804 [platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/944edca81e7aea15f83cf9a13a6ab67f711e8abd (6.19-rc1)
+CVE-2025-68803 [NFSD: NFSv4 file creation neglects setting ACL]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/913f7cf77bf14c13cfea70e89bcb6d0b22239562 (6.19-rc3)
+CVE-2025-68802 [drm/xe: Limit num_syncs to prevent oversized allocations]
+	- linux 6.18.3-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8e461304009135270e9ccf2d7e2dfe29daec9b60 (6.19-rc2)
+CVE-2025-68801 [mlxsw: spectrum_router: Fix neighbour use-after-free]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/8b0e69763ef948fb872a7767df4be665d18f5fd4 (6.19-rc2)
+CVE-2025-68800 [mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/8ac1dacec458f55f871f7153242ed6ab60373b90 (6.19-rc2)
+CVE-2025-68799 [caif: fix integer underflow in cffrml_receive()]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/8a11ff0948b5ad09b71896b7ccc850625f9878d1 (6.19-rc2)
+CVE-2025-68798 [perf/x86/amd: Check event before enable to avoid GPF]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/866cf36bfee4fba6a492d2dcc5133f857e3446b0 (6.19-rc1)
+CVE-2025-68797 [char: applicom: fix NULL pointer dereference in ac_ioctl]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/82d12088c297fa1cef670e1718b3d24f414c23f7 (6.19-rc1)
+CVE-2025-68796 [f2fs: fix to avoid updating zero-sized extent in extent cache]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/7c37c79510329cd951a4dedf3f7bf7e2b18dccec (6.19-rc1)
+CVE-2025-68795 [ethtool: Avoid overflowing userspace buffer on stats query]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/7b07be1ff1cb6c49869910518650e8d0abc7d25f (6.19-rc2)
+CVE-2025-68794 [iomap: adjust read range correctly for non-block-aligned positions]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/7aa6bc3e8766990824f66ca76c19596ce10daf3e (6.19-rc1)
+CVE-2025-68792 [tpm2-sessions: Fix out of range indexing in name_size]
+	- linux 6.18.3-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/6e9722e9a7bfe1bbad649937c811076acf86e1fd (6.19-rc1)
+CVE-2025-68789 [hwmon: (ibmpex) fix use-after-free in high/low store]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/6946c726c3f4c36f0f049e6f97e88c510b15f65d (6.19-rc2)
+CVE-2025-68788 [fsnotify: do not generate ACCESS/MODIFY events on child for special files]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/635bc4def026a24e071436f4f356ea08c0eed6ff (6.19-rc2)
+CVE-2025-68787 [netrom: Fix memory leak in nr_sendmsg()]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/613d12dd794e078be8ff3cf6b62a6b9acf7f4619 (6.19-rc2)
+CVE-2025-68786 [ksmbd: skip lock-range check on equal size to avoid size==0 underflow]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/5d510ac31626ed157d2182149559430350cf2104 (6.19-rc1)
+CVE-2025-68785 [net: openvswitch: fix middle attribute validation in push_nsh() action]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/5ace7ef87f059d68b5f50837ef3e8a1a4870c36e (6.19-rc2)
+CVE-2025-68784 [xfs: fix a UAF problem in xattr repair]
+	- linux 6.18.3-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/5990fd756943836978ad184aac980e2b36ab7e01 (6.19-rc2)
+CVE-2025-68783 [ALSA: usb-mixer: us16x08: validate meter packet indices]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/5526c1c6ba1d0913c7dfcbbd6fe1744ea7c55f1e (6.19-rc3)
+CVE-2025-68782 [scsi: target: Reset t_task_cdb pointer in error case]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/5053eab38a4c4543522d0c320c639c56a8b59908 (6.19-rc1)
+CVE-2025-68781 [usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/41ca62e3e21e48c2903b3b45e232cf4f2ff7434f (6.19-rc3)
+CVE-2025-68780 [sched/deadline: only set free_cpus for online runqueues]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/382748c05e58a9f1935f5a653c352422375566ea (6.19-rc1)
+CVE-2025-68778 [btrfs: don't log conflicting inode if it's a dir moved in the current transaction]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/266273eaf4d99475f1ae57f687b3e42bc71ec6f0 (6.19-rc2)
+CVE-2025-68777 [Input: ti_am335x_tsc - fix off-by-one error in wire_order validation]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/248d3a73a0167dce15ba100477c3e778c4787178 (6.19-rc2)
+CVE-2025-68776 [net/hsr: fix NULL pointer dereference in prp_get_untagged_frame()]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/188e0fa5a679570ea35474575e724d8211423d17 (6.19-rc2)
+CVE-2025-68775 [net/handshake: duplicate handshake cancellations leak socket]
+	- linux 6.18.3-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/15564bd67e2975002f2a8e9defee33e321d3183f (6.19-rc2)
+CVE-2025-68774 [hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/152af114287851583cf7e0abc10129941f19466a (6.19-rc1)
+CVE-2025-68773 [spi: fsl-cpm: Check length parity before switching to 16 bit mode]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/1417927df8049a0194933861e9b098669a95c762 (6.19-rc2)
+CVE-2025-68772 [f2fs: fix to avoid updating compression context during writeback]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/10b591e7fb7cdc8c1e53e9c000dc0ef7069aaa76 (6.19-rc1)
+CVE-2025-68771 [ocfs2: fix kernel BUG in ocfs2_find_victim_chain]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/039bef30e320827bac8990c9f29d2a68cd8adb5f (6.19-rc1)
+CVE-2025-68770 [bnxt_en: Fix XDP_TX path]
+	- linux 6.18.3-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/0373d5c387f24de749cc22e694a14b3a7c7eb515 (6.19-rc2)
+CVE-2025-68769 [f2fs: fix return value of f2fs_recover_fsync_data()]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/01fba45deaddcce0d0b01c411435d1acf6feab7b (6.19-rc1)
+CVE-2025-68768 [inet: frags: flush pending skbs in fqdir_pre_exit()]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/006a5035b495dec008805df249f92c22c89c3d2e (6.19-rc2)
+CVE-2025-68767 [hfsplus: Verify inode mode when loading from disk]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/005d4b0d33f6b4a23d382b7930f7a96b95b01f39 (6.19-rc1)
 CVE-2026-0892
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0892



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1063f92a152a7ff2c999cd5fb2c919a2b943ae1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1063f92a152a7ff2c999cd5fb2c919a2b943ae1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260113/34e06c63/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list