[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jan 23 16:24:42 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
38959e2b by Salvatore Bonaccorso at 2026-01-23T17:24:11+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,98 @@
+CVE-2026-22995 [ublk: fix use-after-free in ublk_partition_scan_work]
+	- linux <unfixed>
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f0d385f6689f37a2828c686fb279121df006b4cb (6.19-rc5)
+CVE-2026-22994 [bpf: Fix reference count leak in bpf_prog_test_run_xdp()]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ec69daabe45256f98ac86c651b8ad1b2574489a7 (6.19-rc6)
+CVE-2026-22993 [idpf: Fix RSS LUT NULL ptr issue after soft reset]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ebecca5b093895da801b3eba1a55b4ec4027d196 (6.19-rc5)
+CVE-2026-22992 [libceph: return the handler error from mon_handle_auth_done()]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/e84b48d31b5008932c0a0902982809fbaa1d3b70 (6.19-rc5)
+CVE-2026-22991 [libceph: make free_choose_arg_map() resilient to partial allocation]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/e3fe30e57649c551757a02e1cad073c47e1e075e (6.19-rc5)
+CVE-2026-22990 [libceph: replace overzealous BUG_ON in osdmap_apply_incremental()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/e00c3f71b5cf75681dbd74ee3f982a99cb690c2b (6.19-rc5)
+CVE-2026-22989 [nfsd: check that server is running in unlock_filesystem]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d0424066fcd294977f310964bed6f2a487fa4515 (6.19-rc5)
+CVE-2026-22988 [arp: do not assume dev_hard_header() does not change skb->head]
+	- linux <unfixed>
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c92510f5e3f82ba11c95991824a41e59a9c5ed81 (6.19-rc5)
+CVE-2026-22987 [net/sched: act_api: avoid dereferencing ERR_PTR in tcf_idrinfo_destroy]
+	- linux <unfixed>
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/adb25a46dc0a43173f5ea5f5f58fc8ba28970c7c (6.19-rc5)
+CVE-2026-22986 [gpiolib: fix race condition for gdev->srcu]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a7ac22d53d0990152b108c3f4fe30df45fcb0181 (6.19-rc5)
+CVE-2026-22985 [idpf: Fix RSS LUT NULL pointer crash on early ethtool operations]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/83f38f210b85676f40ba8586b5a8edae19b56995 (6.19-rc5)
+CVE-2026-22984 [libceph: prevent potential out-of-bounds reads in handle_auth_done()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/818156caffbf55cb4d368f9c3cac64e458fb49c9 (6.19-rc5)
+CVE-2026-22983 [net: do not write to msg_get_inq in callee]
+	- linux <unfixed>
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/7d11e047eda5f98514ae62507065ac961981c025 (6.19-rc5)
+CVE-2026-22982 [net: mscc: ocelot: Fix crash when adding interface under a lag]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/34f3ff52cb9fa7dbf04f5c734fcc4cb6ed5d1a95 (6.19-rc5)
+CVE-2026-22981 [idpf: detach and close netdevs while handling a reset]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/2e281e1155fc476c571c0bd2ffbfe28ab829a5c3 (6.19-rc5)
+CVE-2026-22980 [nfsd: provide locking for v4_end_grace]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/2857bd59feb63fcf40fe4baf55401baea6b4feb4 (6.19-rc5)
+CVE-2026-22979 [net: fix memory leak in skb_segment_list for GRO packets]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/238e03d0466239410b72294b79494e43d4fabe77 (6.19-rc5)
+CVE-2026-22978 [wifi: avoid kernel-infoleak from struct iw_point]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/21cbf883d073abbfe09e3924466aa5e0449e7261 (6.19-rc5)
+CVE-2025-71161 [dm-verity: disable recursive forward error correction]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/d9f3e47d3fae0c101d9094bc956ed24e7a0ee801 (6.19-rc1)
+CVE-2025-71160 [netfilter: nf_tables: avoid chain re-validation if possible]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/8e1a1bc4f5a42747c08130b8242ebebd1210b32f (6.19-rc2)
+CVE-2025-71159 [btrfs: fix use-after-free warning in btrfs_get_or_create_delayed_node()]
+	- linux <unfixed>
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/83f59076a1ae6f5c6845d6f7ed3a1a373d883684 (6.19-rc5)
+CVE-2025-71158 [gpio: mpsse: ensure worker is torn down]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/179ef1127d7a4f09f0e741fa9f30b8a8e7886271 (6.19-rc1)
 CVE-2025-71155 [KVM: s390: Fix gmap_helper_zap_one_page() again]
 	- linux 6.18.5-1
 	[trixie] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38959e2b75815e327e990f37e369a93232f8e96f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38959e2b75815e327e990f37e369a93232f8e96f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260123/8ec3101b/attachment.htm>

More information about the debian-security-tracker-commits mailing list