[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 14 19:30:56 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9fece063 by Salvatore Bonaccorso at 2026-01-14T20:29:08+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,78 @@
+CVE-2025-71143 [clk: samsung: exynos-clkout: Assign .num before accessing .hws]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/cf33f0b7df13685234ccea7be7bfe316b60db4db (6.19-rc1)
+CVE-2025-71142 [cpuset: fix warning when disabling remote partition]
+	- linux <unfixed>
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/aa7d3a56a20f07978d9f401e13637a6479b13bd0 (6.19-rc4)
+CVE-2025-71141 [drm/tilcdc: Fix removal actions in case of failed probe]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a585c7ef9cabda58088916baedc6573e9a5cd2a7 (6.19-rc1)
+CVE-2025-71140 [media: mediatek: vcodec: Use spinlock for context list protection lock]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a5844227e0f030d2af2d85d4aed10c5eca6ca176 (6.19-rc1)
+CVE-2025-71139 [kernel/kexec: fix IMA when allocation happens in CMA area]
+	- linux <unfixed>
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a3785ae5d334bb71d47a593d54c686a03fb9d136 (6.19-rc4)
+CVE-2025-71138 [drm/msm/dpu: Add missing NULL pointer check for pingpong interface]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/88733a0b64872357e5ecd82b7488121503cb9cc6 (6.19-rc3)
+CVE-2025-71137 [octeontx2-pf: fix "UBSAN: shift-out-of-bounds error"]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/85f4b0c650d9f9db10bda8d3acfa1af83bf78cf7 (6.19-rc4)
+CVE-2025-71136 [media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/8163419e3e05d71dcfa8fb49c8fdf8d76908fe51 (6.19-rc1)
+CVE-2025-71135 [md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt()]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/7ad6ef91d8745d04aff9cce7bdbc6320d8e05fe9 (6.19-rc4)
+CVE-2025-71134 [mm/page_alloc: change all pageblocks migrate type on coalescing]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/7838a4eb8a1d23160bd3f588ea7f2b8f7c00c55b (6.19-rc4)
+CVE-2025-71133 [RDMA/irdma: avoid invalid read in irdma_net_event]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/6f05611728e9d0ab024832a4f1abb74a5f5d0bb0 (6.19-rc4)
+CVE-2025-71132 [smc91x: fix broken irq-context in PREEMPT_RT]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/6402078bd9d1ed46e79465e1faaa42e3458f8a33 (6.19-rc4)
+CVE-2025-71131 [crypto: seqiv - Do not use req->iv after crypto_aead_encrypt]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/50fdb78b7c0bcc550910ef69c0984e751cac72fa (6.19-rc4)
+CVE-2025-71130 [drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4fe2bd195435e71c117983d87f278112c5ab364c (6.19-rc4)
+CVE-2025-71129 [LoongArch: BPF: Sign extend kfunc call arguments]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3f5a238f24d7b75f9efe324d3539ad388f58536e (6.19-rc4)
+CVE-2025-71128 [erspan: Initialize options_len before referencing options.]
+	- linux <unfixed>
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/35ddf66c65eff93fff91406756ba273600bf61a3 (6.19-rc4)
+CVE-2025-71127 [wifi: mac80211: Discard Beacon frames to non-broadcast address]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/193d18f60588e95d62e0f82b6a53893e5f2f19f8 (6.19-rc4)
 CVE-2025-71124 [drm/msm/a6xx: move preempt_prepare_postamble after error check]
 	- linux 6.18.3-1
 	[trixie] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fece06396fa0e46522dfcf68b6dd54bbabc8b50

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fece06396fa0e46522dfcf68b6dd54bbabc8b50
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260114/ff8f8a1b/attachment.htm>

More information about the debian-security-tracker-commits mailing list