[Git][security-tracker-team/security-tracker][master] Add new batch of CVEs from kernel-sec

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c938ea8d by Salvatore Bonaccorso at 2026-01-23T17:17:56+01:00
Add new batch of CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2025-71151 [cifs: Fix memory and information leak in smb3_reconfigure()]
+	- linux 6.18.3-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/cb6d5aa9c0f10074f1ad056c3e2278ad2cc7ec8d (6.19-rc3)
+CVE-2025-71150 [ksmbd: Fix refcount leak when invalid session is found on session lookup]
+	- linux 6.18.3-1
+	NOTE: https://git.kernel.org/linus/cafb57f7bdd57abba87725eb4e82bbdca4959644 (6.19-rc2)
+CVE-2025-71149 [io_uring/poll: correctly handle io_poll_add() return value on update]
+	- linux 6.18.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/84230ad2d2afbf0c44c32967e525c0ad92e26b4e (6.19-rc1)
+CVE-2025-71148 [net/handshake: restore destructor on submit failure]
+	- linux 6.18.3-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/6af2a01d65f89e73c1cbb9267f8880d83a88cee4 (6.19-rc2)
+CVE-2025-71147 [KEYS: trusted: Fix a memory leak in tpm2_load_cmd]
+	- linux 6.18.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/62cd5d480b9762ce70d720a81fa5b373052ae05f (6.19-rc1)
+CVE-2025-71146 [netfilter: nf_conncount: fix leaked ct in error paths]
+	- linux 6.18.3-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/2e2a720766886190a6d35c116794693aabd332b6 (6.19-rc2)
+CVE-2025-71145 [usb: phy: isp1301: fix non-OF device reference imbalance]
+	- linux <not-affected> (Vulnerable code not present)
 CVE-2026-24515 (In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy ...)
 	- expat <unfixed> (bug #1126277)
 	NOTE: https://github.com/libexpat/libexpat/pull/1131



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c938ea8d1f93ab457d7db2a1ba1084ed0ecf8a77

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c938ea8d1f93ab457d7db2a1ba1084ed0ecf8a77
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260123/467decf3/attachment-0001.htm>