[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 1 16:36:57 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
01d1926e by Salvatore Bonaccorso at 2026-05-01T17:36:12+02:00
Merge Linux CVEs from kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,568 @@
+CVE-2026-43057 [net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/c4336a07eb6b2526dc2b62928b5104b41a7f81f5 (7.0-rc6)
+CVE-2026-43056 [net: mana: fix use-after-free in add_adev() error path]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/c4ea7d8907cf72b259bf70bd8c2e791e1c4ff70f (7.0-rc6)
+CVE-2026-43055 [scsi: target: file: Use kzalloc_flex for aio_cmd]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/01f784fc9d0ab2a6dac45ee443620e517cb2a19b (7.0-rc6)
+CVE-2026-43054 [scsi: target: tcm_loop: Drain commands in target_reset handler]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/1333eee56cdf3f0cf67c6ab4114c2c9e0a952026 (7.0-rc6)
+CVE-2026-43044 [crypto: caam - fix DMA corruption on long hmac keys]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/5ddfdcbe10dc5f97afc4e46ca22be2be717e8caf (7.0-rc7)
+CVE-2026-43039 [net: ti: icssg-prueth: fix missing data copy and wrong recycle in ZC RX dispatch]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/5597dd284ff8c556c0b00f6a34473677426e3f81 (7.0-rc7)
+CVE-2026-43031 [net: xilinx: axienet: Fix BQL accounting for multi-BD TX packets]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/d1978d03e86785872871bff9c2623174b10740de (7.0-rc7)
+CVE-2026-43023 [Bluetooth: SCO: fix race conditions in sco_sock_connect()]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/8a5b0135d4a5d9683203a3d9a12a711ccec5936b (7.0-rc7)
+CVE-2026-43018 [Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b255531b27da336571411248c2a72a350662bd09 (7.0-rc7)
+CVE-2026-43017 [Bluetooth: MGMT: validate mesh send advertising payload length]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/bda93eec78cdbfe5cda00785cefebd443e56b88b (7.0-rc7)
+CVE-2026-43013 [net/mlx5: lag: Check for LAG device before creating debugfs]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/bf16bca6653679d8a514d6c1c5a2c67065033f14 (7.0-rc7)
+CVE-2026-43012 [net/mlx5: Fix switchdev mode rollback in case of failure]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/403186400a1a6166efe7031edc549c15fee4723f (7.0-rc7)
+CVE-2026-43008 [gpio: qixis-fpga: Fix error handling for devm_regmap_init_mmio()]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/8de4e0f44c638c66cdc5eeb4d5ab9acd61c31e4f (7.0-rc7)
+CVE-2026-43007 [accel/qaic: Handle DBC deactivation if the owner went away]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/2feec5ae5df785658924ab6bd91280dc3926507c (7.0-rc7)
+CVE-2026-43006 [io_uring/rsrc: reject zero-length fixed buffer import]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/111a12b422a8cfa93deabaef26fec48237163214 (7.0-rc7)
+CVE-2026-43005 [hwmon: (tps53679) Fix array access with zero-length block read]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/0e211f6aaa6a00fd0ee0c1eea5498f168c6725e6 (7.0-rc7)
+CVE-2026-43004 [spi: stm32-ospi: Fix resource leak in remove() callback]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/73cd1f97946ae3796544448ff12c07f399bb2881 (7.0-rc7)
+CVE-2026-31785 [drm/xe/xe_pagefault: Disallow writes to read-only VMAs]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/6d192b4f2d644d15d9a9f1d33dab05af936f6540 (7.0-rc7)
+CVE-2026-31784 [drm/xe/pxp: Clear restart flag in pxp_start after jumping back]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/76903b2057c8677c2c006e87fede15f496555dc0 (7.0-rc7)
+CVE-2026-31783 [spi: amlogic: spifc-a4: unregister ECC engine on probe failure and remove() callback]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b0dc7e7c56573e7a52080f25f3179a45f3dd7e6f (7.0-rc7)
+CVE-2026-31782 [perf/x86: Fix potential bad container_of in intel_pmu_hw_config]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/dbde07f06226438cd2cf1179745fa1bec5d8914a (7.0-rc7)
+CVE-2026-31779 [wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler()]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/744fabc338e87b95c4d1ff7c95bc8c0f834c6d99 (7.0-rc7)
+CVE-2026-31775 [ALSA: ctxfi: Don't enumerate SPDIF1 at DAIO initialization]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/75dc1980cf48826287e43dc7a49e310c6691f97e (7.0-rc7)
+CVE-2026-31774 [io_uring/net: fix slab-out-of-bounds read in io_bundle_nbufs()]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b948f9d5d3057b01188e36664e7c7604d1c8ecb5 (7.0-rc7)
+CVE-2026-31772 [Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/bc39a094730ce062fa034a529c93147c096cb488 (7.0-rc7)
+CVE-2026-31766 [drm/amdgpu: validate doorbell_offset in user queue creation]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/a018d1819f158991b7308e4f74609c6c029b670c (7.0-rc7)
+CVE-2026-31765 [drm/amdgpu: Change AMDGPU_VA_RESERVED_TRAP_SIZE to 64KB]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/4487571ef17a30d274600b3bd6965f497a881299 (7.0-rc7)
+CVE-2026-31764 [iio: imu: st_lsm6dsx: Set buffer sampling frequency for accelerometer only]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/679c04c10d65d32a3f269e696b22912ff0a001b9 (7.0-rc7)
+CVE-2026-31760 [gpib: lpvo_usb: fix memory leak on disconnect]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/5cefb52c1af6f69ea719e42788f6ec6a087eb74c (7.0-rc7)
+CVE-2026-31757 [usb: misc: usbio: Fix URB memory leak on submit failure]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/33cfe0709b6bf1a7f1a16d5e8d65d003a71b6a21 (7.0-rc7)
+CVE-2026-31756 [usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop()]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9bb4b5ed7f8c4f95cc556bdf042b0ba2fa13557a (7.0-rc7)
+CVE-2026-31753 [auxdisplay: line-display: fix NULL dereference in linedisp_release]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/7f138de156b20d9f9da6f72f90b63c01941d97d3 (7.0-rc7)
+CVE-2026-31750 [comedi: runflags cannot determine whether to reclaim chanlist]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/29f644f14b89e6c4965e3c89251929e451190a66 (7.0-rc7)
+CVE-2026-31746 [s390/zcrypt: Fix memory leak with CCA cards used as accelerator]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/c8d46f17c2fc7d25c18e60c008928aecab26184d (7.0-rc7)
+CVE-2026-31745 [reset: gpio: fix double free in reset_add_gpio_aux_device() error path]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/fbffb8c7c7bb4d38e9f65e0bee446685011de5d8 (7.0)
+CVE-2026-31744 [PM: EM: Fix NULL pointer dereference when perf domain ID is not found]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9badc2a84e688be1275bb740942d5f6f51746908 (7.0-rc7)
+CVE-2026-31743 [nvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f9b88613ff402aa6fe8fd020573cb95867ae947e (7.0-rc7)
+CVE-2026-31742 [vt: discard stale unicode buffer on alt screen exit after resize]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/40014493cece72a0be5672cd86763e53fb3ec613 (7.0-rc7)
+CVE-2026-31741 [counter: rz-mtu3-cnt: prevent counter from being toggled multiple times]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/67c3f99bed6f422ba343d2b70a2eeeccdfd91bef (7.0-rc7)
+CVE-2026-31740 [counter: rz-mtu3-cnt: do not use struct rz_mtu3_channel's dev member]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/2932095c114b98cbb40ccf34fc00d613cb17cead (7.0-rc7)
+CVE-2026-31739 [crypto: tegra - Add missing CRYPTO_ALG_ASYNC]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/4b56770d345524fc2acc143a2b85539cf7d74bc1 (7.0-rc7)
+CVE-2026-31736 [net: ethernet: mtk_ppe: avoid NULL deref when gmac0 is disabled]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/976ff48c2ac6e6b25b01428c9d7997bcd0fb2949 (7.0-rc7)
+CVE-2026-31735 [iommupt: Fix short gather if the unmap goes into a large mapping]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ee6e69d032550687a3422504bfca3f834c7b5061 (7.0-rc7)
+CVE-2026-31734 [sched_ext: Fix is_bpf_migration_disabled() false negative on non-PREEMPT_RCU]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/0c4a59df370bea245695c00aaae6ae75747139bd (7.0-rc7)
+CVE-2026-31733 [sched_ext: Fix stale direct dispatch state in ddsp_dsq_id]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/7e0ffb72de8aa3b25989c2d980e81b829c577010 (7.0-rc7)
+CVE-2026-31731 [thermal: core: Address thermal zone removal races with resume]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/45b859b0728267a6199ee5002d62e6c6f3e8c89d (7.0-rc7)
+CVE-2026-31730 [misc: fastrpc: possible double-free of cctx->remote_heap]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ba2c83167b215da30fa2aae56b140198cf8d8408 (7.0-rc7)
+CVE-2026-31727 [usb: gadget: u_ether: Fix NULL pointer deref in eth_get_drvinfo]
+ - linux 6.19.12-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/e002e92e88e12457373ed096b18716d97e7bbb20 (7.0-rc7)
+CVE-2026-43053 [xfs: close crash window in attr dabtree inactivation]
+ - linux 6.19.12-1
+ NOTE: https://git.kernel.org/linus/b854e1c4eff3473b6d3a9ae74129ac5c48bc0b61 (7.0-rc6)
+CVE-2026-43052 [wifi: mac80211: check tdls flag in ieee80211_tdls_oper]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/7d73872d949c488a1d7c308031d6a9d89b5e0a8b (7.0-rc5)
+CVE-2026-43051 [HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/2f1763f62909ccb6386ac50350fa0abbf5bb16a9 (7.0-rc5)
+CVE-2026-43050 [atm: lec: fix use-after-free in sock_def_readable()]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/922814879542c2e397b0e9641fd36b8202a8e555 (7.0-rc5)
+CVE-2026-43049 [HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/f7a4c78bfeb320299c1b641500fe7761eadbd101 (7.0-rc5)
+CVE-2026-43048 [HID: core: Mitigate potential OOB by removing bogus memset()]
+ - linux 6.19.12-1
+ NOTE: https://git.kernel.org/linus/0a3fe972a7cb1404f693d6f1711f32bc1d244b1c (7.0-rc5)
+CVE-2026-43047 [HID: multitouch: Check to ensure report responses match the request]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/e716edafedad4952fe3a4a273d2e039a84e8681a (7.0-rc5)
+CVE-2026-43046 [btrfs: reject root items with drop_progress and zero drop_level]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/b17b79ff896305fd74980a5f72afec370ee88ca4 (7.0-rc5)
+CVE-2026-43045 [mshv: Fix error handling in mshv_region_pin]
+ - linux 6.19.12-1
+ NOTE: https://git.kernel.org/linus/c0e296f257671ba10249630fe58026f29e4804d9 (7.0-rc5)
+CVE-2026-43043 [crypto: af-alg - fix NULL pointer dereference in scatterwalk]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/62397b493e14107ae82d8b80938f293d95425bcb (7.0-rc7)
+CVE-2026-43042 [mpls: add seqcount to protect the platform_label{,s} pair]
+ - linux 6.19.12-1
+ NOTE: https://git.kernel.org/linus/629ec78ef8608d955ce217880cdc3e1873af3a15 (7.0-rc7)
+CVE-2026-43041 [net: qrtr: replace qrtr_tx_flow radix_tree with xarray to fix memory leak]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/2428083101f6883f979cceffa76cd8440751ffe6 (7.0-rc7)
+CVE-2026-43040 [net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/ae05340ccaa9d347fe85415609e075545bec589f (7.0-rc7)
+CVE-2026-43038 [ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/86ab3e55673a7a49a841838776f1ab18d23a67b5 (7.0-rc7)
+CVE-2026-43037 [ip6_tunnel: clear skb2->cb[] in ip4ip6_err()]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/2edfa31769a4add828a7e604b21cb82aaaa05925 (7.0-rc7)
+CVE-2026-43036 [net: use skb_header_pointer() for TCPv4 GSO frag_off check]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/ddc748a391dd8642ba6b2e4fe22e7f2ddf84b7f0 (7.0-rc7)
+CVE-2026-43035 [net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/e6e3eb5ee89ac4c163d46429391c889a1bb5e404 (7.0-rc7)
+CVE-2026-43034 [bnxt_en: set backing store type from query type]
+ - linux 6.19.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/4ee937107d52f9e5c350e4b5e629760e328b3d9f (7.0-rc7)
+CVE-2026-43033 [crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/e02494114ebf7c8b42777c6cd6982f113bfdbec7 (7.0-rc7)
+CVE-2026-43032 [NFC: pn533: bound the UART receive buffer]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/30fe3f5f6494f827d812ff179f295a8e532709d6 (7.0-rc7)
+CVE-2026-43030 [bpf: Fix regsafe() for pointers to packet]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/a8502a79e832b861e99218cbd2d8f4312d62e225 (7.0-rc7)
+CVE-2026-43029 [mptcp: fix soft lockup in mptcp_recvmsg()]
+ - linux 6.19.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/5dd8025a49c268ab6b94d978532af3ad341132a7 (7.0-rc7)
+CVE-2026-43028 [netfilter: x_tables: ensure names are nul-terminated]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/a958a4f90ddd7de0800b33ca9d7b886b7d40f74e (7.0-rc7)
+CVE-2026-43027 [netfilter: nf_conntrack_helper: pass helper to expect cleanup]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/a242a9ae58aa46ff7dae51ce64150a93957abe65 (7.0-rc7)
+CVE-2026-43026 [netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/35177c6877134a21315f37d57a5577846225623e (7.0-rc7)
+CVE-2026-43025 [netfilter: ctnetlink: ignore explicit helper on new expectations]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/917b61fa2042f11e2af4c428e43f08199586633a (7.0-rc7)
+CVE-2026-43024 [netfilter: nf_tables: reject immediate NF_QUEUE verdict]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/da107398cbd4bbdb6bffecb2ce86d5c9384f4cec (7.0-rc7)
+CVE-2026-43022 [Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists]
+ - linux 6.19.12-1
+ NOTE: https://git.kernel.org/linus/2969554bcfccb5c609f6b6cd4a014933f3a66dd0 (7.0-rc7)
+CVE-2026-43021 [Bluetooth: hci_sync: fix leaks when hci_cmd_sync_queue_once fails]
+ - linux 6.19.12-1
+ NOTE: https://git.kernel.org/linus/aca377208e7f7322bf4e107cdec6e7d7e8aa7a88 (7.0-rc7)
+CVE-2026-43020 [Bluetooth: MGMT: validate LTK enc_size on load]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/b8dbe9648d69059cfe3a28917bfbf7e61efd7f15 (7.0-rc7)
+CVE-2026-43019 [Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/a2639a7f0f5bf7d73f337f8f077c19415c62ed2c (7.0-rc7)
+CVE-2026-43016 [bpf: sockmap: Fix use-after-free of sk->sk_socket in sk_psock_verdict_data_ready().]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ad8391d37f334ee73ba91926f8b4e4cf6d31ea04 (7.0-rc7)
+CVE-2026-43015 [net: macb: fix clk handling on PCI glue driver removal]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/ce8fe5287b87e24e225c342f3b0ec04f0b3680fe (7.0-rc7)
+CVE-2026-43014 [net: macb: properly unregister fixed rate clocks]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/f0f367a4f459cc8118aadc43c6bba53c60d93f8d (7.0-rc7)
+CVE-2026-43011 [net/x25: Fix potential double free of skb]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/d10a26aa4d072320530e6968ef945c8c575edf61 (7.0-rc7)
+CVE-2026-43010 [bpf: Reject sleepable kprobe_multi programs at attach time]
+ - linux 6.19.12-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/eb7024bfcc5f68ed11ed9dd4891a3073c15f04a8 (7.0-rc7)
+CVE-2026-43009 [bpf: Fix incorrect pruning due to atomic fetch precision tracking]
+ - linux 6.19.12-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/179ee84a89114b854ac2dd1d293633a7f6c8dac1 (7.0-rc7)
+CVE-2026-31781 [drm/ioc32: stop speculation on the drm_compat_ioctl path]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/f8995c2df519f382525ca4bc90553ad2ec611067 (7.0-rc7)
+CVE-2026-31780 [wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/d049e56b1739101d1c4d81deedb269c52a8dbba0 (7.0-rc7)
+CVE-2026-31778 [ALSA: caiaq: fix stack out-of-bounds read in init_card]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/45424e871abf2a152e247a9cff78359f18dd95c0 (7.0-rc7)
+CVE-2026-31777 [ALSA: ctxfi: Check the error for index mapping]
+ - linux 6.19.12-1
+ NOTE: https://git.kernel.org/linus/277c6960d4ddb94d16198afd70c92c3d4593d131 (7.0-rc7)
+CVE-2026-31776 [ALSA: ctxfi: Fix missing SPDIFI1 index handling]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/b045ab3dff97edae6d538eeff900a34c098761f8 (7.0-rc7)
+CVE-2026-31773 [Bluetooth: SMP: derive legacy responder STK authentication from MITM state]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/20756fec2f0108cb88e815941f1ffff88dc286fe (7.0-rc7)
+CVE-2026-31771 [Bluetooth: hci_event: move wake reason storage into validated event handlers]
+ - linux 6.19.12-1
+ NOTE: https://git.kernel.org/linus/2b2bf47cd75518c36fa2d41380e4a40641cc89cd (7.0-rc7)
+CVE-2026-31770 [hwmon: (occ) Fix division by zero in occ_show_power_1()]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/39e2a5bf970402a8530a319cf06122e216ba57b8 (7.0-rc7)
+CVE-2026-31769 [gpib: fix use-after-free in IO ioctl handlers]
+ - linux 6.19.12-1
+ NOTE: https://git.kernel.org/linus/d1857f8296dceb75d00ab857fc3c61bc00c7f5c6 (7.0-rc7)
+CVE-2026-31768 [iio: adc: ti-adc161s626: use DMA-safe memory for spi_read()]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/768461517a28d80fe81ea4d5d03a90cd184ea6ad (7.0-rc7)
+CVE-2026-31767 [drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/4dfce79e098915d8e5fc2b9e1d980bc3251dd32c (7.0-rc7)
+CVE-2026-31763 [iio: gyro: mpu3050: Fix incorrect free_irq() variable]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/edb11a1aef4011a4b7b22cc3c3396c6fe371f4a6 (7.0-rc7)
+CVE-2026-31762 [iio: gyro: mpu3050: Fix irq resource leak]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/4216db1043a3be72ef9c2b7b9f393d7fa72496e6 (7.0-rc7)
+CVE-2026-31761 [iio: gyro: mpu3050: Move iio_device_register() to correct location]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/4c05799449108fb0e0a6bd30e65fffc71e60db4d (7.0-rc7)
+CVE-2026-31759 [usb: ulpi: fix double free in ulpi_register_interface() error path]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/01af542392b5d41fd659d487015a71f627accce3 (7.0-rc7)
+CVE-2026-31758 [usb: usbtmc: Flush anchored URBs in usbtmc_release]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/8a768552f7a8276fb9e01d49773d2094ace7c8f1 (7.0-rc7)
+CVE-2026-31755 [usb: cdns3: gadget: fix NULL pointer dereference in ep_queue]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/7f6f127b9bc34bed35f56faf7ecb1561d6b39000 (7.0-rc7)
+CVE-2026-31754 [usb: cdns3: gadget: fix state inconsistency on gadget init failure]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/c32f8748d70c8fc77676ad92ed76cede17bf2c48 (7.0-rc7)
+CVE-2026-31752 [bridge: br_nd_send: validate ND option lengths]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/850837965af15707fd3142c1cf3c5bfaf022299b (7.0-rc7)
+CVE-2026-31751 [comedi: dt2815: add hardware detection to prevent crash]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/93853512f565e625df2397f0d8050d6aafd7c3ad (7.0-rc7)
+CVE-2026-31749 [comedi: ni_atmio16d: Fix invalid clean-up after failed attach]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/101ab946b79ad83b36d5cfd47de587492a80acf0 (7.0-rc7)
+CVE-2026-31748 [comedi: me_daq: Fix potential overrun of firmware buffer]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/cc797d4821c754c701d9714b58bea947e31dbbe0 (7.0-rc7)
+CVE-2026-31747 [comedi: me4000: Fix potential overrun of firmware buffer]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/3fb43a7a5b44713f892c58ead2e5f3a1bc9f4ee7 (7.0-rc7)
+CVE-2026-31738 [vxlan: validate ND option lengths in vxlan_na_create]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/afa9a05e6c4971bd5586f1b304e14d61fb3d9385 (7.0-rc7)
+CVE-2026-31737 [net: ftgmac100: fix ring allocation unwind on open failure]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/c0fd0fe745f5e8c568d898cd1513d0083e46204a (7.0-rc7)
+CVE-2026-31732 [gpio: Fix resource leaks on errors in gpiochip_add_data_with_key()]
+ - linux 6.19.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/16fdabe143fce2cbf89139677728e17e21b46c28 (7.0-rc7)
+CVE-2026-31729 [usb: typec: ucsi: validate connector number in ucsi_notify_common()]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/d2d8c17ac01a1b1f638ea5d340a884ccc5015186 (7.0-rc7)
+CVE-2026-31728 [usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/e1eabb072c75681f78312c484ccfffb7430f206e (7.0-rc7)
+CVE-2026-31726 [usb: gadget: uvc: fix NULL pointer dereference during unbind race]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/eba2936bbe6b752a31725a9eb5c674ecbf21ee7d (7.0-rc7)
+CVE-2026-31725 [usb: gadget: f_ecm: Fix net_device lifecycle with device_move]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/b2cc4fae67a51f60d81d6af2678696accb07c656 (7.0-rc7)
+CVE-2026-31724 [usb: gadget: f_eem: Fix net_device lifecycle with device_move]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/d9270c9a8118c1535409db926ac1e2545dc97b81 (7.0-rc7)
+CVE-2026-31723 [usb: gadget: f_subset: Fix net_device lifecycle with device_move]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/06524cd1c9011bee141a87e43ab878641ed3652b (7.0-rc7)
+CVE-2026-31722 [usb: gadget: f_rndis: Fix net_device lifecycle with device_move]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/e367599529dc42578545a7f85fde517b35b3cda7 (7.0-rc7)
+CVE-2026-31721 [usb: gadget: f_hid: move list and spinlock inits from bind to alloc]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/4e0a88254ad59f6c53a34bf5fa241884ec09e8b2 (7.0-rc7)
+CVE-2026-31720 [usb: gadget: f_uac1_legacy: validate control request size]
+ - linux 6.19.12-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/6e0e34d85cd46ceb37d16054e97a373a32770f6c (7.0-rc7)
CVE-2026-31710 [smb: client: fix dir separator in SMB1 UNIX mounts]
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c4d3fc5844d685441befd0caaab648321013cdfd (7.1-rc1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01d1926e8a30a01857c902581f8a1583c150eb8b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01d1926e8a30a01857c902581f8a1583c150eb8b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260501/29ce18f0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list