[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 8 14:42:38 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
86d5c70d by Salvatore Bonaccorso at 2026-05-08T15:42:22+02:00
Merge Linux CVEs from kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,206 @@
+CVE-2026-43315 [KVM: nSVM: Remove a user-triggerable WARN on nested_svm_load_cr3() succeeding]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/fc3ba56385d03501eb582e4b86691ba378e556f9 (7.0-rc1)
+CVE-2026-43312 [media: i2c: ov5647: Initialize subdev before controls]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/eee13cbccacb6d0a3120c126b8544030905b069d (7.0-rc1)
+CVE-2026-43307 [iio: accel: adxl380: Avoid reading more entries than present in FIFO]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/c1b14015224cfcccd5356333763f2f4f401bd810 (7.0-rc1)
+CVE-2026-43297 [media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init()]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/81f8e0e6a2e115df9274d0289779f8fca694479c (7.0-rc1)
+CVE-2026-43293 [media: chips-media: wave5: Fix kthread worker destruction in polling mode]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/5a0c122e834b2f7f029526422c71be922960bf03 (7.0-rc1)
+CVE-2026-43291 [net: nfc: nci: Fix parameter validation for packet data]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/571dcbeb8e635182bb825ae758399831805693c2 (7.0-rc1)
+CVE-2026-43290 [media: uvcvideo: Return queued buffers on start_streaming() failure]
+ - linux 6.19.6-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/4cf3b6fd54ebb1ebc977bdc47fb6cfcf9a471a22 (7.0-rc1)
+CVE-2026-43286 [mm/hugetlb: restore failed global reservations to subpool]
+ - linux 6.19.6-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/1d3f9bb4c8af70304d19c22e30f5d16a2d589bb5 (7.0-rc1)
+CVE-2026-43285 [mm/slab: do not access current->mems_allowed_seq if !allow_spin]
+ - linux 6.19.6-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/144080a5823b2dbd635acb6decf7ab23182664f3 (7.0-rc1)
+CVE-2025-71301 [drm/tests: shmem: Hold reservation lock around vmap/vunmap]
+ - linux 6.19.6-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/cda83b099f117f2a28a77bf467af934cb39e49cf (7.0-rc1)
+CVE-2025-71300 [Revert "arm64: zynqmp: Add an OP-TEE node to the device tree"]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/c197179990124f991fca220d97fac56779a02c6d (7.0-rc1)
+CVE-2025-71298 [drm/tests: shmem: Hold reservation lock around madvise]
+ - linux 6.19.6-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/607d07d8cc0b835a8701259f08a03dc149b79b4f (7.0-rc1)
+CVE-2025-71296 [drm/tests: shmem: Hold reservation lock around purge]
+ - linux 6.19.6-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/3f41307d589c2f25d556d47b165df808124cd0c4 (7.0-rc1)
+CVE-2026-43321 [bpf: Properly mark live registers for indirect jumps]
+ - linux 6.19.6-1
+ NOTE: https://git.kernel.org/linus/d1aab1ca576c90192ba961094d51b0be6355a4d6 (7.0-rc1)
+CVE-2026-43320 [drm/amd/display: Fix dsc eDP issue]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/878a4b73c11111ff5f820730f59a7f8c6fd59374 (7.0-rc1)
+CVE-2026-43319 [spi: spidev: fix lock inversion between spi_lock and buf_lock]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/40534d19ed2afb880ecf202dab26a8e7a5808d16 (7.0-rc1)
+CVE-2026-43318 [drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/b18fc0ab837381c1a6ef28386602cd888f2d9edf (7.0-rc1)
+CVE-2026-43317 [most: core: fix leak on early registration failure]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/2c198c272f9c9213b0fdf6b4a879f445c574f416 (7.0-rc1)
+CVE-2026-43316 [media: solo6x10: Check for out of bounds chip_id]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/0fdf6323c35a134f206dcad5babb4ff488552076 (7.0-rc1)
+CVE-2026-43314 [dm: remove fake timeout to avoid leak request]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/f3a9c95a15d2f4466acad5c68faeff79ca5e9f47 (7.0-rc1)
+CVE-2026-43313 [ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/f132e089fe89cadc2098991f0a3cb05c3f824ac6 (7.0-rc1)
+CVE-2026-43311 [soc/tegra: pmc: Fix unsafe generic_handle_irq() call]
+ - linux 6.19.6-1
+ NOTE: https://git.kernel.org/linus/e6d96073af681780820c94079b978474a8a44413 (7.0-rc1)
+CVE-2026-43310 [media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC]
+ - linux 6.19.6-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/e0203ddf9af7c8e170e1e99ce83b4dc07f0cd765 (7.0-rc1)
+CVE-2026-43309 [md raid: fix hang when stopping arrays with metadata through dm-raid]
+ - linux 6.19.6-1
+ NOTE: https://git.kernel.org/linus/cefcb9297fbdb6d94b61787b4f8d84f55b741470 (7.0-rc1)
+CVE-2026-43308 [btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()]
+ - linux 6.19.6-1
+ NOTE: https://git.kernel.org/linus/c7d1d4ff56744074e005771aff193b927392d51f (7.0-rc1)
+CVE-2026-43306 [bpf: crypto: Use the correct destructor kfunc type]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/b40a5d724f29fc2eed23ff353808a9aae616b48a (7.0-rc1)
+CVE-2026-43305 [drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path]
+ - linux 6.19.6-1
+ NOTE: https://git.kernel.org/linus/af3303970da5ce5bfe6dffdd07f38f42aad603e0 (7.0-rc1)
+CVE-2026-43304 [libceph: define and enforce CEPH_MAX_KEY_LEN]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/ac431d597a9bdfc2ba6b314813f29a6ef2b4a3bf (7.0-rc1)
+CVE-2026-43303 [mm/page_alloc: clear page->private in free_pages_prepare()]
+ - linux 6.19.6-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ac1ea219590c09572ed5992dc233bbf7bb70fef9 (7.0-rc1)
+CVE-2026-43302 [drm/v3d: Set DMA segment size to avoid debug warnings]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/9eb018828b1b30dfba689c060735c50fc5b9f704 (7.0-rc1)
+CVE-2026-43301 [media: chips-media: wave5: Fix PM runtime usage count underflow]
+ - linux 6.19.6-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9cf4452e824c1e2d41c9c0b13cc8a32a0a7dec38 (7.0-rc1)
+CVE-2026-43300 [drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove()]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/95eed73b871111123a8b1d31cb1fce7e902e49ea (7.0-rc1)
+CVE-2026-43299 [btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure()]
+ - linux 6.19.6-1
+ NOTE: https://git.kernel.org/linus/8ceaad6cd6e7fa5f73b0b2796a2e85d75d37e9f3 (7.0-rc1)
+CVE-2026-43298 [drm/amdgpu: Skip vcn poison irq release on VF]
+ - linux 6.19.6-1
+ NOTE: https://git.kernel.org/linus/8980be03b3f9a4b58197ef95d3b37efa41a25331 (7.0-rc1)
+CVE-2026-43296 [octeontx2-af: Workaround SQM/PSE stalls by disabling sticky]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/70e9a5760abfb6338d63994d4de6b0778ec795d6 (7.0-rc1)
+CVE-2026-43295 [rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net()]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/666183dcdd9ad3b8156a1df7f204f728f720380f (7.0-rc1)
+CVE-2026-43294 [drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels]
+ - linux 6.19.6-1
+ NOTE: https://git.kernel.org/linus/64aa8b3a60a825134f7d866adf05c024bbe0c24c (7.0-rc1)
+CVE-2026-43292 [mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/5747435e0fd474c24530ef1a6822f47e7d264b27 (7.0-rc1)
+CVE-2026-43289 [kexec: derive purgatory entry from symbol]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/480e1d5c64bb14441f79f2eb9421d5e26f91ea3d (7.0-rc1)
+CVE-2026-43288 [ext4: move ext4_percpu_param_init() before ext4_mb_init()]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/270564513489d98b721a1e4a10017978d5213bff (7.0-rc1)
+CVE-2026-43287 [drm: Account property blob allocations to memcg]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/26b4309a3ab82a0697751cde52eb336c29c19035 (7.0-rc1)
+CVE-2025-71302 [drm/panthor: fix for dma-fence safe access rules]
+ - linux 6.19.6-1
+ NOTE: https://git.kernel.org/linus/efe24898485c5c831e629d9c6fb9350c35cb576f (7.0-rc1)
+CVE-2025-71299 [spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing]
+ - linux 6.19.6-1
+ NOTE: https://git.kernel.org/linus/9f0736a4e136a6eb61e0cf530ddc18ab6d816ba3 (7.0-rc1)
+CVE-2025-71297 [wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode()]
+ - linux 6.19.6-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/44d1f624bbdd2d60319374ba85f7195a28d00c90 (7.0-rc1)
CVE-2013-10075
- libapache-session-perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/39844719/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86d5c70d191b7d410ef02b60b10ed92768b3382f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86d5c70d191b7d410ef02b60b10ed92768b3382f
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260508/382aef04/attachment.htm>
More information about the debian-security-tracker-commits
mailing list