[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 8 15:36:22 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b7e9973c by Salvatore Bonaccorso at 2026-05-08T16:35:15+02:00
Merge Linux CVEs from kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,673 @@
+CVE-2026-43470 [nfs: return EISDIR on nfs3_proc_create if d_alias is a dir]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/410666a298c34ebd57256fde6b24c96bd23059a2 (7.0-rc4)
+CVE-2026-43469 [xprtrdma: Decrement re_receiving on the early exit paths]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/7b6275c80a0c81c5f8943272292dfe67730ce849 (7.0-rc4)
+CVE-2026-43468 [net/mlx5: Fix deadlock between devlink lock and esw->wq]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/aed763abf0e905b4b8d747d1ba9e172961572f57 (7.0-rc4)
+CVE-2026-43467 [net/mlx5: Fix crash when moving to switchdev mode]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/24b2795f9683e092dc22a68f487e7aaaf2ddafea (7.0-rc4)
+CVE-2026-43462 [net: spacemit: Fix error handling in emac_tx_mem_map()]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/86292155bea578ebab0ca3b65d4d87ecd8a0e9ea (7.0-rc4)
+CVE-2026-43461 [spi: amlogic: spifc-a4: Fix DMA mapping error handling]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b20b437666e1cb26a7c499d1664e8f2a0ac67000 (7.0-rc4)
+CVE-2026-43460 [spi: rockchip-sfc: Fix double-free in remove() callback]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/111e2863372c322e836e0c896f6dd9cf4ee08c71 (7.0-rc4)
+CVE-2026-43457 [mctp: i2c: fix skb memory leak in receive path]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/e3f5e0f22cfc2371e7471c9fd5b4da78f9df7c69 (7.0-rc4)
+CVE-2026-43455 [mctp: route: hold key->lock in mctp_flow_prepare_output()]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/7d86aa41c073c4e7eb75fd2e674f1fd8f289728a (7.0-rc4)
+CVE-2026-43454 [netfilter: nf_tables: Fix for duplicate device in netdev hooks]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b7cdc5a97d02c943f4bdde4d5767ad0c13cad92b (7.0-rc4)
+CVE-2026-43447 [iavf: fix PTP use-after-free during reset]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/efc54fb13d79117a825fef17364315a58682c7ec (7.0-rc4)
+CVE-2026-43446 [accel/amdxdna: Fix runtime suspend deadlock when there is pending job]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/6b13cb8f48a42ddf6dd98865b673a82e37ff238b (7.0-rc4)
+CVE-2026-43444 [drm/amdkfd: Unreserve bo if queue update failed]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/2ce75a0b7e1bfddbcb9bc8aeb2e5e7fa99971acf (7.0-rc4)
+CVE-2026-43442 [io_uring: fix physical SQE bounds check for SQE_MIXED 128-byte ops]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/6f02c6b196036dbb6defb4647d8707d29b7fe95b (7.0-rc4)
+CVE-2026-43441 [net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/30021e969d48e5819d5ae56936c2f34c0f7ce997 (7.0-rc4)
+CVE-2026-43440 [net/mana: Null service_wq on setup error to prevent double destroy]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/87c2302813abc55c46485711a678e3c312b00666 (7.0-rc4)
+CVE-2026-43438 [sched_ext: Remove redundant css_put() in scx_cgroup_init()]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/1336b579f6079fb8520be03624fcd9ba443c930b (7.0-rc3)
+CVE-2026-43435 [rust_binder: fix oneway spam detection]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/4fc87c240b8f30e22b7ebaae29d57105589e1c0b (7.0-rc4)
+CVE-2026-43434 [rust_binder: check ownership before using vma]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/8ef2c15aeae07647f530d30f6daaf79eb801bcd1 (7.0-rc4)
+CVE-2026-43433 [rust_binder: avoid reading the written value in offsets array]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/4cb9e13fec0de7c942f5f927469beb8e48ddd20f (7.0-rc4)
+CVE-2026-43431 [xhci: Fix NULL pointer dereference when reading portli debugfs files]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ae4ff9dead5efa2025eddfcdb29411432bf40a7c (7.0-rc4)
+CVE-2026-43423 [usb: gadget: f_ncm: Fix atomic context locking issue]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/0d6c8144ca4d93253de952a5ea0028c19ed7ab68 (7.0-rc4)
+CVE-2026-43422 [usb: legacy: ncm: Fix NPE in gncm_bind]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/fde0634ad9856b3943a2d1a8cc8de174a63ac840 (7.0-rc4)
+CVE-2026-43418 [sched/mmcid: Prevent CID stalls due to concurrent forks]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b2e48c429ec54715d16fefa719dd2fbded2e65be (7.0-rc4)
+CVE-2026-43417 [sched/mmcid: Handle vfork()/CLONE_VM correctly]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/28b5a1395036d6c7a6c8034d85ad3d7d365f192c (7.0-rc4)
+CVE-2026-43415 [scsi: ufs: core: Fix SError in ufshcd_rtc_work() during UFS suspend]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b0bd84c39289ef6a6c3827dd52c875659291970a (7.0-rc4)
+CVE-2026-43412 [ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/d6db827b430bdcca3976cebca7bd69cca03cde2c (7.0-rc4)
+CVE-2026-43410 [firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/c45f7263100cece247dd3fa5fe277bd97fdb5687 (7.0-rc4)
+CVE-2026-43408 [ceph: add a bunch of missing ceph_path_info initializers]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/43323a5934b660afae687e8e4e95ac328615a5c4 (7.0-rc4)
+CVE-2026-43404 [mm: Fix a hmm_range_fault() livelock / starvation problem]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b570f37a2ce480be26c665345c5514686a8a0274 (7.0-rc3)
+CVE-2026-43403 [nsfs: tighten permission checks for ns iteration ioctls]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/e6b899f08066e744f89df16ceb782e06868bd148 (7.0-rc3)
+CVE-2026-43402 [kthread: consolidate kthread exit paths to prevent use-after-free]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/28aaa9c39945b7925a1cc1d513c8f21ed38f5e4f (7.0-rc3)
+CVE-2026-43401 [cpufreq: intel_pstate: Fix NULL pointer dereference in update_cpu_qos_request()]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ab39cc4cb8ceecdc2b61747433e7237f1ac2b789 (7.0-rc2)
+CVE-2026-43399 [drm/amdgpu/userq: Fix reference leak in amdgpu_userq_wait_ioctl]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/49abfa812617a7f2d0132c70d23ac98b389c6ec1 (7.0-rc2)
+CVE-2026-43397 [drm/bridge: samsung-dsim: Fix memory leak in error path]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/803ec1faf7c1823e6e3b1f2aaa81be18528c9436 (7.0-rc2)
+CVE-2026-43396 [drm/xe/sync: Fix user fence leak on alloc failure]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/0879c3f04f67e2a1677c25dcc24669ce21eb6a6c (7.0-rc2)
+CVE-2026-43395 [drm/xe/sync: Cleanup partially initialized sync on parse failure]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/1bfd7575092420ba5a0b944953c95b74a5646ff8 (7.0-rc2)
+CVE-2026-43394 [nfsd: Fix cred ref leak in nfsd_nl_listener_set_doit().]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/92978c83bb4eef55d02a6c990c01c423131eefa7 (7.0-rc3)
+CVE-2026-43393 [btrfs: fix chunk map leak in btrfs_map_block() after btrfs_chunk_map_num_copies()]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f15fb3d41543244d1179f423da4a4832a55bc050 (7.0-rc3)
+CVE-2026-43392 [sched_ext: Fix starvation of scx_enable() under fair-class saturation]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b06ccbabe2506fd70b9167a644978b049150224a (7.0-rc3)
+CVE-2026-43390 [nstree: tighten permission checks for listing]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/8d76afe84fa2babf604b3c173730d4d2b067e361 (7.0-rc3)
+CVE-2026-43389 [mm: memfd_luo: always dirty all folios]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/7e04bf1f33151a30e06a65b74b5f2c19fc2be128 (7.0-rc4)
+CVE-2026-43388 [mm/damon/core: clear walk_control on inactive context in damos_walk()]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/d210fdcac9c0d1380eab448aebc93f602c1cd4e6 (7.0-rc4)
+CVE-2026-43385 [net: Fix rcu_tasks stall in threaded busypoll]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/1a86a1f7d88996085934139fa4c063b6299a2dd3 (7.0-rc3)
+CVE-2026-43384 [net/tcp-ao: Fix MAC comparison to be constant-time]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/67edfec516d30d3e62925c397be4a1e5185802fc (7.0-rc3)
+CVE-2026-43380 [hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/25dd70a03b1f5f3aa71e1a5091ecd9cd2a13ee43 (7.0-rc3)
+CVE-2026-43379 [ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close()]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/eac3361e3d5dd8067b3258c69615888eb45e9f25 (7.0-rc4)
+CVE-2026-43377 [ksmbd: Don't log keys in SMB3 signing and encryption key generation]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/441336115df26b966575de56daf7107ed474faed (7.0-rc4)
+CVE-2026-43376 [ksmbd: fix use-after-free by using call_rcu() for oplock_info]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/1dfd062caa165ec9d7ee0823087930f3ab8a6294 (7.0-rc4)
+CVE-2026-43375 [net: mctp: fix device leak on probe failure]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/224a0d284c3caf1951302d1744a714784febed71 (7.0-rc4)
+CVE-2026-43374 [net: nexthop: fix percpu use-after-free in remove_nh_grp_entry]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b2662e7593e94ae09b1cf7ee5f09160a3612bcb2 (7.0-rc4)
+CVE-2026-43372 [net: dsa: microchip: Fix error path in PTP IRQ setup]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/99c8c16a4aad0b37293cae213e15957c573cf79b (7.0-rc4)
+CVE-2026-43371 [net: macb: Shuffle the tx ring before enabling tx]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/881a0263d502e1a93ebc13a78254e9ad19520232 (7.0-rc4)
+CVE-2026-43369 [drm/amd: Fix NULL pointer dereference in device cleanup]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/062ea905fff7756b2e87143ffccaece5cdb44267 (7.0-rc4)
+CVE-2026-43368 [drm/i915: Fix potential overflow of shmem scatterlist length]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/029ae067431ab9d0fca479bdabe780fa436706ea (7.0-rc4)
+CVE-2026-43367 [drm/amd: Fix a few more NULL pointer dereference in device cleanup]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/72ecb1dae72775fa9fea0159d8445d620a0a2295 (7.0-rc4)
+CVE-2026-43366 [io_uring/kbuf: check if target buffer list is still legacy on recycle]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/c2c185be5c85d37215397c8e8781abf0a69bec1f (7.0-rc4)
+CVE-2026-43365 [xfs: fix undersized l_iclog_roundoff values]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/52a8a1ba883defbfe3200baa22cf4cd21985d51a (7.0-rc4)
+CVE-2026-43364 [ublk: fix NULL pointer dereference in ublk_ctrl_set_size()]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/25966fc097691e5c925ad080f64a2f19c5fd940a (7.0-rc4)
+CVE-2026-43360 [btrfs: fix transaction abort on file creation due to name hash collision]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/2d1ababdedd4ba38867c2500eb7f95af5ddeeef7 (7.0-rc4)
+CVE-2026-43358 [btrfs: add missing RCU unlock in error path in try_release_subpage_extent_buffer()]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b2840e33127ce0eea880504b7f133e780f567a9b (7.0-rc4)
+CVE-2026-43356 [iio: imu: adis: Fix NULL pointer dereference in adis_init]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9990cd4f8827bd1ae3fb6eb7407630d8d463c430 (7.0-rc4)
+CVE-2026-43354 [iio: proximity: hx9023s: Protect against division by zero in set_samp_freq]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/a318cfc0853706f1d6ce682dba660bc455d674ef (7.0-rc4)
+CVE-2026-43351 [KVM: arm64: Eagerly init vgic dist/redist on vgic creation]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ac6769c8f948dff33265c50e524aebf9aa6f1be0 (7.0-rc4)
+CVE-2026-43475 [scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/57297736c08233987e5d29ce6584c6ca2a831b12 (7.0-rc2)
+CVE-2026-43474 [fs: init flags_valid before calling vfs_fileattr_get]
+ - linux 6.19.10-1
+ NOTE: https://git.kernel.org/linus/cb184dd19154fc486fa3d9e02afe70a97e54e055 (7.0-rc2)
+CVE-2026-43473 [scsi: mpi3mr: Add NULL checks when resetting request and reply queues]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/fa96392ebebc8fade2b878acb14cce0f71016503 (7.0-rc2)
+CVE-2026-43472 [unshare: fix unshare_fs() handling]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/6c4b2243cb6c0755159bd567130d5e12e7b10d9f (7.0-rc2)
+CVE-2026-43471 [scsi: ufs: core: Fix possible NULL pointer dereference in ufshcd_add_command_trace()]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/30df81f2228d65bddf492db3929d9fcaffd38fc5 (7.0-rc2)
+CVE-2026-43466 [net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/1633111d69053512d099658d4a05fc736fab36b0 (7.0-rc4)
+CVE-2026-43465 [net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ]
+ - linux 6.19.10-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/db25c42c2e1f9c0d136420fff5e5700f7e771a6f (7.0-rc4)
+CVE-2026-43464 [net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ]
+ - linux 6.19.10-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/a6413e6f6c9d9bb9833324cb3753582f7bc0f2fa (7.0-rc4)
+CVE-2026-43463 [rxrpc, afs: Fix missing error pointer check after rxrpc_kernel_lookup_peer()]
+ - linux 6.19.10-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/4245a79003adf30e67f8e9060915bd05cb31d142 (7.0-rc4)
+CVE-2026-43459 [ASoC: soc-core: flush delayed work before removing DAIs and widgets]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/95bc5c225513fc3c4ce169563fb5e3929fbb938b (7.0-rc4)
+CVE-2026-43458 [serial: caif: hold tty->link reference in ldisc_open and ser_release]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/288598d80a068a0e9281de35bcb4ce495f189e2a (7.0-rc4)
+CVE-2026-43456 [bonding: fix type confusion in bond_setup_by_slave()]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/950803f7254721c1c15858fbbfae3deaaeeecb11 (7.0-rc4)
+CVE-2026-43453 [netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop()]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/d6d8cd2db236a9dd13dbc2d05843b3445cc964b5 (7.0-rc4)
+CVE-2026-43452 [netfilter: x_tables: guard option walkers against 1-byte tail reads]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/cfe770220ac2dbd3e104c6b45094037455da81d4 (7.0-rc4)
+CVE-2026-43451 [netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/f1ba83755d81c6fc66ac7acd723d238f974091e9 (7.0-rc4)
+CVE-2026-43450 [netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table()]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/6dcee8496d53165b2d8a5909b3050b62ae71fe89 (7.0-rc4)
+CVE-2026-43449 [nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/b4e78f1427c7d6859229ae9616df54e1fc05a516 (7.0-rc4)
+CVE-2026-43448 [nvme-pci: Fix race bug in nvme_poll_irqdisable()]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/fc71f409b22ca831a9f87a2712eaa09ef2bb4a5e (7.0-rc4)
+CVE-2026-43445 [e1000/e1000e: Fix leak in DMA error cleanup]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/e94eaef11142b01f77bf8ba4d0b59720b7858109 (7.0-rc4)
+CVE-2026-43443 [ASoC: amd: acp-mach-common: Add missing error check for clock acquisition]
+ - linux 6.19.10-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/30c64fb9839949f085c8eb55b979cbd8a4c51f00 (7.0-rc4)
+CVE-2026-43439 [cgroup: fix race between task migration and iteration]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/5ee01f1a7343d6a3547b6802ca2d4cdce0edacb1 (7.0-rc3)
+CVE-2026-43437 [ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain()]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/9b1dbd69ba6f8f8c69bc7b77c2ce3b9c6ed05ba6 (7.0-rc4)
+CVE-2026-43436 [ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/df1d8abf36ca3681c21a6809eaa9a1e01ef897a6 (7.0-rc4)
+CVE-2026-43432 [usb: xhci: Fix memory leak in xhci_disable_slot()]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/c1c8550e70401159184130a1afc6261db01fc0ce (7.0-rc4)
+CVE-2026-43430 [usb: yurex: fix race in probe]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/7a875c09899ba0404844abfd8f0d54cdc481c151 (7.0-rc4)
+CVE-2026-43429 [USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/7784caa413a89487dd14dd5c41db8753483b2acb (7.0-rc4)
+CVE-2026-43428 [USB: core: Limit the length of unkillable synchronous timeouts]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/1015c27a5e1a63efae2b18a9901494474b4d1dc3 (7.0-rc4)
+CVE-2026-43427 [usb: class: cdc-wdm: fix reordering issue in read code path]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/8df672bfe3ec2268c2636584202755898e547173 (7.0-rc4)
+CVE-2026-43426 [usb: renesas_usbhs: fix use-after-free in ISR during device removal]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/3cbc242b88c607f55da3d0d0d336b49bf1e20412 (7.0-rc4)
+CVE-2026-43425 [usb: image: mdc800: kill download URB on timeout]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/1be3b77de4eb89af8ae2fd6610546be778e25589 (7.0-rc4)
+CVE-2026-43424 [usb: gadget: f_tcm: Fix NULL pointer dereferences in nexus handling]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/b9fde507355342a2d64225d582dc8b98ff5ecb19 (7.0-rc4)
+CVE-2026-43421 [usb: gadget: f_ncm: Fix net_device lifecycle with device_move]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/ec35c1969650e7cb6c8a91020e568ed46e3551b0 (7.0-rc4)
+CVE-2026-43420 [ceph: fix i_nlink underrun during async unlink]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/ce0123cbb4a40a2f1bbb815f292b26e96088639f (7.0-rc4)
+CVE-2026-43419 [ceph: fix memory leaks in ceph_mdsc_build_path()]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/040d159a45ded7f33201421a81df0aa2a86e5a0b (7.0-rc4)
+CVE-2026-43416 [powerpc, perf: Check that current->mm is alive before getting user callchain]
+ - linux 6.19.10-1
+ NOTE: https://git.kernel.org/linus/e9bbfb4bfa86c6b5515b868d6982ac60505d7e39 (7.0-rc4)
+CVE-2026-43414 [scsi: qla2xxx: Completely fix fcport double free]
+ - linux 6.19.10-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/c0b7da13a04bd70ef6070bfb9ea85f582294560a (7.0-rc4)
+CVE-2026-43413 [scsi: hisi_sas: Fix NULL pointer exception during user_scan()]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/8ddc0c26916574395447ebf4cff684314f6873a9 (7.0-rc4)
+CVE-2026-43411 [tipc: fix divide-by-zero in tipc_sk_filter_connect()]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/6c5a9baa15de240e747263aba435a0951da8d8d2 (7.0-rc4)
+CVE-2026-43409 [kprobes: avoid crash when rmmod/insmod after ftrace killed]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/e113f0b46d19626ec15388bcb91432c9a4fd6261 (7.0-rc4)
+CVE-2026-43407 [libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply()]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/b282c43ed156ae15ea76748fc15cd5c39dc9ab72 (7.0-rc4)
+CVE-2026-43406 [libceph: prevent potential out-of-bounds reads in process_message_header()]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/69fb5d91bba44ecf7eb80530b85fa4fb028921d5 (7.0-rc4)
+CVE-2026-43405 [libceph: Use u32 for non-negative values in ceph_monmap_decode()]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/770444611f047dbfd4517ec0bc1b179d40c2f346 (7.0-rc4)
+CVE-2026-43400 [drm/amdgpu: add upper bound check on user inputs in signal ioctl]
+ - linux 6.19.10-1
+ NOTE: https://git.kernel.org/linus/ea78f8c68f4f6211c557df49174c54d167821962 (7.0-rc2)
+CVE-2026-43398 [drm/amdgpu: add upper bound check on user inputs in wait ioctl]
+ - linux 6.19.10-1
+ NOTE: https://git.kernel.org/linus/64ac7c09fc44985ec9bb6a9db740899fa40ca613 (7.0-rc2)
+CVE-2026-43391 [nsfs: tighten permission checks for handle opening]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/d2324a9317f00013facb0ba00b00440e19d2af5e (7.0-rc3)
+CVE-2026-43387 [staging: rtl8723bs: properly validate the data in rtw_get_ie_ex()]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/f0109b9d3e1e455429279d602f6276e34689750a (7.0-rc4)
+CVE-2026-43386 [staging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/a75281626fc8fa6dc6c9cc314ee423e8bc45203b (7.0-rc4)
+CVE-2026-43383 [net/tcp-md5: Fix MAC comparison to be constant-time]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/46d0d6f50dab706637f4c18a470aac20a21900d3 (7.0-rc3)
+CVE-2026-43382 [batman-adv: Avoid double-rtnl_lock ELP metric worker]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/cfc83a3c71517b59c1047db57da31e26a9dc2f33 (7.0-rc3)
+CVE-2026-43381 [nouveau/dpcd: return EBUSY for aux xfer if the device is asleep]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/8f3c6f08ababad2e3bdd239728cf66a9949446b4 (7.0-rc3)
+CVE-2026-43378 [smb: server: fix use-after-free in smb2_open()]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/1e689a56173827669a35da7cb2a3c78ed5c53680 (7.0-rc4)
+CVE-2026-43373 [net: ncsi: fix skb leak in error paths]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/5c3398a54266541610c8d0a7082e654e9ff3e259 (7.0-rc4)
+CVE-2026-43370 [drm/amdgpu: Fix use-after-free race in VM acquire]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/2c1030f2e84885cc58bffef6af67d5b9d2e7098f (7.0-rc3)
+CVE-2026-43363 [x86/apic: Disable x2apic on resume if the kernel expects so]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/8cc7dd77a1466f0ec58c03478b2e735a5b289b96 (7.0-rc4)
+CVE-2026-43362 [smb: client: fix in-place encryption corruption in SMB2_write()]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/d78840a6a38d312dc1a51a65317bb67e46f0b929 (7.0-rc4)
+CVE-2026-43361 [btrfs: fix transaction abort when snapshotting received subvolumes]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/e1b18b959025e6b5dbad668f391f65d34b39595a (7.0-rc4)
+CVE-2026-43359 [btrfs: fix transaction abort on set received ioctl due to item overflow]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/87f2c46003fce4d739138aab4af1942b1afdadac (7.0-rc4)
+CVE-2026-43357 [iio: gyro: mpu3050-core: fix pm_runtime error handling]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/acc3949aab3e8094641a9c7c2768de1958c88378 (7.0-rc4)
+CVE-2026-43355 [iio: light: bh1780: fix PM runtime leak on error path]
+ - linux 6.19.10-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/dd72e6c3cdea05cad24e99710939086f7a113fb5 (7.0-rc4)
+CVE-2026-43353 [i3c: mipi-i3c-hci: Fix race in DMA ring dequeue]
+ - linux 6.19.10-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/1dca8aee80eea76d2aae21265de5dd64f6ba0f09 (7.0-rc4)
+CVE-2026-43352 [i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue]
+ - linux 6.19.10-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b795e68bf3073d67bebbb5a44d93f49efc5b8cc7 (7.0-rc4)
CVE-2026-43348 [mshv_vtl: Fix vmemmap_shift exceeding MAX_FOLIO_ORDER]
- linux 7.0.3-1
[trixie] - linux <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7e9973c84f0149625fb8894be0466dd6fac5a6b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7e9973c84f0149625fb8894be0466dd6fac5a6b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260508/d3ce8134/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list