[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Tue May 5 18:33:58 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
55579a7b by Salvatore Bonaccorso at 2026-05-05T19:33:29+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,48 @@
+CVE-2026-43070 [bpf: Reset register ID for BPF_END value tracking]
+	- linux 6.19.11-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a3125bc01884431d30d731461634c8295b6f0529 (7.0-rc5)
+CVE-2026-43067 [ext4: handle wraparound when searching for blocks for indirect mapped blocks]
+	- linux 6.19.11-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/bb81702370fad22c06ca12b6e1648754dbc37e0f (7.0-rc6)
+CVE-2026-43065 [ext4: always drain queued discard work in ext4_mb_release()]
+	- linux 6.19.11-1
+	[trixie] - linux 6.12.85-1
+	[bookworm] - linux 6.1.170-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9ee29d20aab228adfb02ca93f87fb53c56c2f3af (7.0-rc6)
+CVE-2026-43064 [dmaengine: idxd: Fix not releasing workqueue on .release()]
+	- linux 6.19.11-1
+	[trixie] - linux 6.12.85-1
+	[bookworm] - linux 6.1.170-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3d33de353b1ff9023d5ec73b9becf80ea87af695 (7.0-rc6)
+CVE-2026-43063 [xfs: don't irele after failing to iget in xfs_attri_recover_work]
+	- linux 6.19.11-1
+	[trixie] - linux 6.12.85-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/70685c291ef82269180758130394ecdc4496b52c (7.0-rc6)
+CVE-2026-43069 [Bluetooth: hci_ll: Fix firmware leak on error path]
+	- linux 6.19.11-1
+	[trixie] - linux 6.12.85-1
+	[bookworm] - linux 6.1.170-1
+	NOTE: https://git.kernel.org/linus/31148a7be723aa9f2e8fbd62424825ab8d577973 (7.0-rc6)
+CVE-2026-43068 [ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal()]
+	- linux 6.19.11-1
+	[trixie] - linux 6.12.85-1
+	[bookworm] - linux 6.1.170-1
+	NOTE: https://git.kernel.org/linus/46066e3a06647c5b186cc6334409722622d05c44 (7.0-rc6)
+CVE-2026-43066 [ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths]
+	- linux 6.19.11-1
+	[trixie] - linux 6.12.85-1
+	[bookworm] - linux 6.1.170-1
+	NOTE: https://git.kernel.org/linus/ec0a7500d8eace5b4f305fa0c594dd148f0e8d29 (7.0-rc6)
 CVE-2026-43059 [Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers]
 	- linux 6.19.10-1
 	[trixie] - linux 6.12.85-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55579a7bce2667ed4052df90e30c0094c2f9b522

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55579a7bce2667ed4052df90e30c0094c2f9b522
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260505/1d2144a4/attachment.htm>
