[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Mar 18 19:41:00 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
81e2b110 by Salvatore Bonaccorso at 2026-03-18T20:40:04+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2026-23264 [Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem"]
+	- linux 6.18.10-1
+	[trixie] - linux 6.12.73-1
+	[bookworm] - linux 6.1.164-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/243b467dea1735fed904c2e54d248a46fa417a2d (6.19)
+CVE-2026-23263 [io_uring/zcrx: fix page array leak]
+	- linux 6.18.10-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/0ae91d8ab70922fb74c22c20bedcb69459579b1c (6.19)
+CVE-2026-23262 [gve: Fix stats report corruption on queue count change]
+	- linux 6.18.10-1
+	[trixie] - linux 6.12.73-1
+	[bookworm] - linux 6.1.164-1
+	[bullseye] - linux 5.10.251-1
+	NOTE: https://git.kernel.org/linus/7b9ebcce0296e104a0d82a6b09d68564806158ff (6.19)
+CVE-2026-23258 [net: liquidio: Initialize netdev pointer before queue setup]
+	- linux 6.18.10-1
+	[trixie] - linux 6.12.73-1
+	[bookworm] - linux 6.1.164-1
+	[bullseye] - linux 5.10.251-1
+	NOTE: https://git.kernel.org/linus/926ede0c85e1e57c97d64d9612455267d597bb2c (6.19)
+CVE-2026-23257 [net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup]
+	- linux 6.18.10-1
+	[trixie] - linux 6.12.73-1
+	[bookworm] - linux 6.1.164-1
+	[bullseye] - linux 5.10.251-1
+	NOTE: https://git.kernel.org/linus/8558aef4e8a1a83049ab906d21d391093cfa7e7f (6.19)
+CVE-2026-23256 [net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup]
+	- linux 6.18.10-1
+	[trixie] - linux 6.12.73-1
+	[bookworm] - linux 6.1.164-1
+	[bullseye] - linux 5.10.251-1
+	NOTE: https://git.kernel.org/linus/6cbba46934aefdfb5d171e0a95aec06c24f7ca30 (6.19)
+CVE-2026-23254 [net: gro: fix outer network offset]
+	- linux 6.18.10-1
+	[trixie] - linux 6.12.73-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/5c2c3c38be396257a6a2e55bd601a12bb9781507 (6.19)
+CVE-2026-23261 [nvme-fc: release admin tagset if init fails]
+	- linux 6.18.10-1
+	[trixie] - linux 6.12.73-1
+	[bookworm] - linux 6.1.164-1
+	NOTE: https://git.kernel.org/linus/d1877cc7270302081a315a81a0ee8331f19f95c8 (6.19-rc6)
+CVE-2026-23260 [regmap: maple: free entry on mas_store_gfp() failure]
+	- linux 6.18.10-1
+	[trixie] - linux 6.12.73-1
+	NOTE: https://git.kernel.org/linus/f3f380ce6b3d5c9805c7e0b3d5bc28d9ec41e2e8 (6.19-rc7)
+CVE-2026-23259 [io_uring/rw: free potentially allocated iovec on cache put failure]
+	- linux 6.18.10-1
+	NOTE: https://git.kernel.org/linus/4b9748055457ac3a0710bf210c229d01ea1b01b9 (6.19-rc7)
+CVE-2026-23255 [net: add proper RCU protection to /proc/net/ptype]
+	- linux 6.18.10-1
+	NOTE: https://git.kernel.org/linus/f613e8b4afea0cd17c7168e8b00e25bc8d33175d (6.19)
+CVE-2025-71270 [LoongArch: Enable exception fixup for specific ADE subcode]
+	- linux 6.18.10-1
+	[trixie] - linux 6.12.73-1
+	[bookworm] - linux 6.1.164-1
+	NOTE: https://git.kernel.org/linus/9bdc1ab5e4ce6f066119018d8f69631a46f9c5a0 (6.19-rc4)
+CVE-2025-71269 [btrfs: do not free data reservation in fallback from inline due to -ENOSPC]
+	- linux 6.18.10-1
+	NOTE: https://git.kernel.org/linus/f8da41de0bff9eb1d774a7253da0c9f637c4470a (6.19-rc5)
+CVE-2025-71268 [btrfs: fix reservation leak in some error paths when inserting inline extent]
+	- linux 6.18.10-1
+	[trixie] - linux 6.12.73-1
+	[bookworm] - linux 6.1.164-1
+	NOTE: https://git.kernel.org/linus/c1c050f92d8f6aac4e17f7f2230160794fceef0c (6.19-rc5)
 CVE-2026-23253 [media: dvb-core: fix wrong reinitialization of ringbuffer on reopen]
 	- linux 6.19.8-1
 	NOTE: https://git.kernel.org/linus/bfbc0b5b32a8f28ce284add619bf226716a59bc0 (7.0-rc2)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81e2b110e236804fbbfae06352a91c75679ee86f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81e2b110e236804fbbfae06352a91c75679ee86f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260318/1d35b57c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list