[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 6 09:39:35 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
82444b2a by Salvatore Bonaccorso at 2026-05-06T10:38:03+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,216 @@
+CVE-2026-43108 [soc: qcom: pd-mapper: Fix element length in servreg_loc_pfr_req_ei]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/641f6fda143b879da1515f821ee475073678cf2a (7.0)
+CVE-2026-43106 [cachefiles: fix incorrect dentry refcount in cachefiles_cull()]
+	- linux 6.19.14-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/1635c2acdde86c4f555b627aec873c8677c421ed (7.0)
+CVE-2026-43102 [net: airoha: Fix memory leak in airoha_qdma_rx_process()]
+	- linux 6.19.14-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/285fa6b1e03cff78ead0383e1b259c44b95faf90 (7.0)
+CVE-2026-43100 [bridge: guard local VLAN-0 FDB helpers against NULL vlan group]
+	- linux 6.19.14-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/1979645e1842cb7017525a61a0e0e0beb924d02a (7.0)
+CVE-2026-43097 [PCI: hv: Fix double ida_free in hv_pci_probe error path]
+	- linux 6.19.14-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/b6422dff0e518245019233432b6bccfc30b73e2f (7.0)
+CVE-2026-43096 [mshv: Fix infinite fault loop on permission-denied GPA intercepts]
+	- linux 6.19.14-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/16cbec24897624051b324aa3a85859c38ca65fde (7.0)
+CVE-2026-43092 [xsk: validate MTU against usable frame size on bind]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/36ee60b569ba0dfb6f961333b90d19ab5b323fa9 (7.0)
+CVE-2026-43090 [xfrm: fix refcount leak in xfrm_migrate_policy_find]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/83317cce60a032c49480dcdabe146435bd689d03 (7.0)
+CVE-2026-43087 [pinctrl: mcp23s08: Disable all pin interrupts during probe]
+	- linux 6.19.14-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/db5b8cecbdf479ad13156af750377e5b43853fab (7.0)
+CVE-2026-43086 [ipvs: fix NULL deref in ip_vs_add_service error path]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9a91797e61d286805ae10a92cc48959c30800556 (7.0)
+CVE-2026-43084 [netfilter: nfnetlink_queue: make hash table per queue]
+	- linux 6.19.14-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/936206e3f6ff411581e615e930263d6f8b78df9d (7.0)
+CVE-2026-43082 [net: txgbe: leave space for null terminators on property_entry]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/5a37d228799b0ec2c277459c83c814a59d310bc3 (7.0)
+CVE-2026-43081 [net: ipa: fix GENERIC_CMD register field masks for IPA v5.0+]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9709b56d908acc120fe8b4ae250b3c9d749ea832 (7.0)
+CVE-2026-43120 [RDMA/irdma: Fix double free related to rereg_user_mr]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/29a3edd7004bb635d299fb9bc6f0ea4ef13ed5a2 (7.0-rc6)
+CVE-2026-43119 [Bluetooth: hci_sync: annotate data-races around hdev->req_status]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/b6807cfc195ef99e1ac37b2e1e60df40295daa8c (7.0-rc6)
+CVE-2026-43118 [btrfs: fix zero size inode with non-zero size after log replay]
+	- linux 6.19.14-1
+	NOTE: https://git.kernel.org/linus/5254d4181add9dfaa5e3519edd71cc8f752b2f85 (7.0-rc6)
+CVE-2026-43117 [btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file()]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/a85b46db143fda5869e7d8df8f258ccef5fa1719 (7.0-rc6)
+CVE-2026-43116 [netfilter: ctnetlink: ensure safe access to master conntrack]
+	- linux 6.19.14-1
+	NOTE: https://git.kernel.org/linus/bffcaad9afdfe45d7fc777397d3b83c1e3ebffe5 (7.0-rc6)
+CVE-2026-43115 [srcu: Use irq_work to start GP in tiny SRCU]
+	- linux 6.19.14-1
+	NOTE: https://git.kernel.org/linus/a6fc88b22bc8d12ad52e8412c667ec0f5bf055af (7.0-rc6)
+CVE-2026-43114 [netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/d3c0037ffe1273fa1961e779ff6906234d6cf53c (7.0-rc6)
+CVE-2026-43113 [wifi: wl1251: validate packet IDs before indexing tx_frames]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/0fd56fad9c56356e7fa7a7c52e7ecbf807a44eb0 (7.0-rc7)
+CVE-2026-43112 [fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/78ec5bf2f589ec7fd8f169394bfeca541b077317 (7.0-rc7)
+CVE-2026-43111 [HID: roccat: fix use-after-free in roccat_report_event]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/d802d848308b35220f21a8025352f0c0aba15c12 (7.0)
+CVE-2026-43110 [wifi: brcmfmac: validate bsscfg indices in IF events]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/304950a467d83678bd0b0f46331882e2ac23b12d (7.0)
+CVE-2026-43109 [x86: shadow stacks: proper error handling for mmap lock]
+	- linux 6.19.14-1
+	NOTE: https://git.kernel.org/linus/52f657e34d7b21b47434d9d8b26fa7f6778b63a0 (7.0)
+CVE-2026-43107 [xfrm: account XFRMA_IF_ID in aevent size calculation]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/7081d46d32312f1a31f0e0e99c6835a394037599 (7.0)
+CVE-2026-43105 [drm/vc4: Fix memory leak of BO array in hang state]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/f4dfd6847b3e5d24e336bca6057485116d17aea4 (7.0)
+CVE-2026-43104 [drm/vc4: Fix a memory leak in hang state error path]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/9525d169e5fd481538cf8c663cc5839e54f2e481 (7.0)
+CVE-2026-43103 [net: lapbether: handle NETDEV_PRE_TYPE_CHANGE]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/b120e4432f9f56c7103133d6a11245e617695adb (7.0)
+CVE-2026-43101 [ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()]
+	- linux 6.19.14-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4e65a8b8daa18d63255ec58964dd192c7fdd9f8b (7.0)
+CVE-2026-43099 [ipv4: icmp: fix null-ptr-deref in icmp_build_probe()]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/fde29fd9349327acc50d19a0b5f3d5a6c964dfd8 (7.0)
+CVE-2026-43098 [nfc: s3fwrn5: allocate rx skb before consuming bytes]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/5c14a19d5b1645cce1cb1252833d70b23635b632 (7.0)
+CVE-2026-43095 [ASoC: SDCA: Fix errors in IRQ cleanup]
+	- linux 6.19.14-1
+	[trixie] - linux <not-affected> (Vulnerable code not present)
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4e53116437e919c4b9a9d95fb73ae14fe0cfc8f9 (7.0)
+CVE-2026-43094 [ixgbevf: add missing negotiate_features op to Hyper-V ops table]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4821d563cd7f251ae728be1a6d04af82a294a5b9 (7.0)
+CVE-2026-43093 [xsk: tighten UMEM headroom validation to account for tailroom and min frame]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/a315e022a72d95ef5f1d4e58e903cb492b0ad931 (7.0)
+CVE-2026-43091 [xfrm: Wait for RCU readers during policy netns exit]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/069daad4f2ae9c5c108131995529d5f02392c446 (7.0)
+CVE-2026-43089 [xfrm_user: fix info leak in build_mapping()]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/1beb76b2053b68c491b78370794b8ff63c8f8c02 (7.0)
+CVE-2026-43088 [net: af_key: zero aligned sockaddr tail in PF_KEY exports]
+	- linux 6.19.14-1
+	NOTE: https://git.kernel.org/linus/426c355742f02cf743b347d9d7dbdc1bfbfa31ef (7.0)
+CVE-2026-43085 [netfilter: nfnetlink_log: initialize nfgenmsg in NLMSG_DONE terminator]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/1f3083aec8836213da441270cdb1ab612dd82cf4 (7.0)
+CVE-2026-43083 [net: ioam6: fix OOB and missing lock]
+	- linux 6.19.14-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/b30b1675aa2bcf0491fd3830b051df4e08a7c8ca (7.0)
+CVE-2026-43080 [l2tp: Drop large packets with UDP encap]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/ebe560ea5f54134279356703e73b7f867c89db13 (7.0)
+CVE-2026-43079 [perf/x86/intel/uncore: Skip discovery table for offline dies]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/7b568e9eba2fad89a696f22f0413d44cf4a1f892 (7.0)
+CVE-2026-43078 [crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	[bookworm] - linux 6.1.170-1
+	NOTE: https://git.kernel.org/linus/31d00156e50ecad37f2cb6cbf04aaa9a260505ef (7.0)
+CVE-2026-43077 [crypto: algif_aead - Fix minimum RX size check for decryption]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	[bookworm] - linux 6.1.170-1
+	NOTE: https://git.kernel.org/linus/3d14bd48e3a77091cbce637a12c2ae31b4a1687c (7.0)
+CVE-2026-43076 [ocfs2: validate inline data i_size during inode read]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/1524af3685b35feac76662cc551cbc37bd14775f (7.0-rc1)
+CVE-2026-43075 [ocfs2: fix out-of-bounds write in ocfs2_write_end_inline]
+	- linux 6.19.14-1
+	[trixie] - linux 6.12.85-1
+	NOTE: https://git.kernel.org/linus/7bc5da4842bed3252d26e742213741a4d0ac1b14 (7.0)
 CVE-2026-43074 [eventpoll: defer struct eventpoll free to RCU grace period]
 	- linux 6.19.14-1
 	[trixie] - linux 6.12.85-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82444b2a0468b8b1cf0fa8395b39c2c3927584f0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82444b2a0468b8b1cf0fa8395b39c2c3927584f0
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260506/ef6785bf/attachment.htm>

More information about the debian-security-tracker-commits mailing list