[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 18 16:53:04 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7a0534d4 by Salvatore Bonaccorso at 2026-03-18T17:52:30+01:00
Merge Linux CVEs from kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,8 @@
CVE-2026-23248 [perf/core: Fix refcount bug and potential UAF in perf_mmap]
- linux 6.19.8-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/77de62ad3de3967818c3dbe656b7336ebee461d2 (7.0-rc2)
CVE-2026-23247 [tcp: secure_seq: add back ports to TS offset]
- linux 6.19.8-1
@@ -25,12 +28,15 @@ CVE-2026-23242 [RDMA/siw: Fix potential NULL pointer dereference in header proce
NOTE: https://git.kernel.org/linus/14ab3da122bd18920ad57428f6cf4fade8385142 (7.0-rc1)
CVE-2025-71267 [fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST]
- linux 6.19.6-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/06909b2549d631a47fcda249d34be26f7ca1711d (7.0-rc1)
CVE-2025-71266 [fs: ntfs3: check return value of indx_find to avoid infinite loop]
- linux 6.19.6-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1732053c8a6b360e2d5afb1b34fe9779398b072c (7.0-rc1)
CVE-2025-71265 [fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata]
- linux 6.19.6-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4b90f16e4bb5607fb35e7802eb67874038da4640 (7.0-rc1)
CVE-2026-4366 (A flaw was identified in Keycloak, an identity and access management s ...)
- keycloak <itp> (bug #1088287)
@@ -405,6 +411,8 @@ CVE-2026-23241 (In the Linux kernel, the following vulnerability has been resolv
NOTE: https://git.kernel.org/linus/bcb90a2834c7393c26df9609b889a3097b7700cd (7.0-rc1)
CVE-2025-71239 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.19.6-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4f493a6079b588cf1f04ce5ed6cdad45ab0d53dc (7.0-rc1)
CVE-2026-32829
- rust-lz4-flex 0.13.0-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a0534d4094c118e17c7d3ea97ce5fe4f0083c89
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a0534d4094c118e17c7d3ea97ce5fe4f0083c89
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260318/4df83326/attachment.htm>
More information about the debian-security-tracker-commits
mailing list