[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 13 17:35:07 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d4bcb719 by Salvatore Bonaccorso at 2026-05-13T18:32:28+02:00
Merge Linux CVEs from kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2026-43489 [liveupdate: luo_file: remember retrieve() status]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f85b1c6af5bc3872f994df0a5688c1162de07a62 (7.0-rc2)
+CVE-2026-43487 [ata: libata-core: Disable LPM on ST1000DM010-2EP102]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b3b1d3ae1d87bc9398fb715c945968bf4c75a09a (7.0-rc3)
+CVE-2026-43486 [arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/97c5550b763171dbef61e6239cab372b9f9cd4a2 (7.0-rc3)
+CVE-2026-43482 [sched_ext: Disable preemption between scx_claim_exit() and kicking helper work]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/83236b2e43dba00bee5b82eb5758816b1a674f6a (7.0-rc3)
+CVE-2026-43481 [net-shapers: don't free reply skb after genlmsg_reply()]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/57885276cc16a2e2b76282c808a4e84cbecb3aae (7.0-rc4)
+CVE-2026-43479 [net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/312c816c6bc30342bc30dca0d6db617ab4d3ae4e (7.0-rc4)
+CVE-2026-43478 [ASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/30e4b2290cc2a8d1b9ddb9dcb9c981df1f2a7399 (7.0-rc4)
+CVE-2026-43477 [drm/i915/vrr: Configure VRR timings after enabling TRANS_DDI_FUNC_CTL]
+ - linux 6.19.10-1
+ [trixie] - linux <not-affected> (Vulnerable code not present)
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/237aab549676288d9255bb8dcc284738e56eaa31 (7.0-rc4)
+CVE-2026-43476 [iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas()]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/216345f98cae7fcc84f49728c67478ac00321c87 (7.0-rc4)
+CVE-2026-43488 [usb: xhci: Prevent interrupt storm on host controller error (HCE)]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ NOTE: https://git.kernel.org/linus/d6d5febd12452b7fd951fdd15c3ec262f01901a4 (7.0-rc4)
+CVE-2026-43485 [nouveau/gsp: drop WARN_ON in ACPI probes]
+ - linux 6.19.10-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9478c166c46934160135e197b049b5a05753f2ad (7.0-rc2)
+CVE-2026-43484 [mmc: core: Avoid bitfield RMW for claim/retune flags]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/901084c51a0a8fb42a3f37d2e9c62083c495f824 (7.0-rc2)
+CVE-2026-43483 [KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/87d0f901a9bd8ae6be57249c737f20ac0cace93d (7.0-rc4)
+CVE-2026-43480 [ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition]
+ - linux 6.19.10-1
+ [trixie] - linux 6.12.85-1
+ [bookworm] - linux 6.1.170-1
+ NOTE: https://git.kernel.org/linus/53f3a900e9a383d47af7253076e19f510c5708d0 (7.0-rc4)
CVE-2026-XXXX [NULL pointer dereference in DIGEST-MD5]
- gsasl 2.2.3-1
NOTE: https://lists.gnu.org/archive/html/help-gsasl/2026-05/msg00002.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4bcb719fdc690a9e1b79e5ba72533f06f5b07df
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4bcb719fdc690a9e1b79e5ba72533f06f5b07df
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260513/5f7a252a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list