[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Tue Jun 9 13:47:13 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af5d671e by Salvatore Bonaccorso at 2026-06-09T14:46:47+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,38 @@
+CVE-2026-46324 [netfilter: nf_tables: use list_del_rcu for netlink hooks]
+	- linux 7.0.10-1
+	NOTE: https://git.kernel.org/linus/f3224ee463f8f6f6ced7dcdf6081add4f8128527 (7.1-rc2)
+CVE-2026-46323 [net: gro: don't merge zcopy skbs]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4db79a322db8c97f7b73b8a347395ef4d685eb40 (7.1-rc5)
+CVE-2026-46322 [tun: free page on build_skb failure in tun_xdp_one()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/aa8963fdce667a42fb7f0bdd2909fadcab02f9a8 (7.1-rc6)
+CVE-2026-46321 [tun: free page on short-frame rejection in tun_xdp_one()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/f4feb1e20058e407cb00f45aff47f5b7e19a6bbf (7.1-rc6)
+CVE-2026-46320 [tap: free page on error paths in tap_get_user_xdp()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/3bcf7aec6a9d16438f2cec29f5d7c8d5b8edf9b2 (7.1-rc6)
+CVE-2026-46319 [net/sched: act_ct: Only release RCU read lock after ct_ft]
+	- linux 7.0.10-1
+	NOTE: https://git.kernel.org/linus/f462dca0c8415bf0058d0ffa476354c4476d0f09 (7.1-rc1)
+CVE-2026-46318 [Revert "mm/hugetlbfs: update hugetlbfs to use mmap_prepare"]
+	- linux <unfixed>
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/83f9efcce93f8574be2279090ee2aec58b86cda7 (7.1-rc6)
+CVE-2026-46317 [KVM: arm64: Reassign nested_mmus array behind mmu_lock]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/70543358fa08e0f7cebc3447c3b70fe97ad7aaa8 (7.1-rc7)
+CVE-2026-46316 [KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/13031fb6b8357fbbcded2a7f4cba73e4781ee594 (7.1-rc7)
 CVE-2026-46315 [io_uring/waitid: clear waitid info before copying it to userspace]
 	- linux <unfixed>
 	[bookworm] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af5d671e5189393d510df1066345e2695e0b8838

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af5d671e5189393d510df1066345e2695e0b8838
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260609/629b1802/attachment-0001.htm>
