[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Wed May 27 11:34:12 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d3cd0cc5 by Salvatore Bonaccorso at 2026-05-27T12:33:36+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,38 @@
+CVE-2026-45837 [bpf: Fix use-after-free in arena_vm_close on fork]
+	- linux 7.0.7-1
+	[trixie] - linux 6.12.88-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4fddde2a732de60bb97e3307d4eb69ac5f1d2b74 (7.1-rc1)
+CVE-2026-45846 [bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/aa6c6d9ee064aabfede4402fd1283424e649ca19 (7.1-rc2)
+CVE-2026-45845 [net/sched: taprio: fix NULL pointer dereference in class dump]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3d07ca5c0fae311226f737963984bd94bb159a87 (7.1-rc2)
+CVE-2026-45844 [netfilter: arp_tables: fix IEEE1394 ARP payload parsing]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/1e8e3f449b1e73b73a843257635b9c50f0cc0f0a (7.1-rc2)
+CVE-2026-45843 [slip: bound decode() reads against the compressed packet length]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/4c1367a2d7aad643a6f87c6931b13cc1a25e8ca7 (7.1-rc1)
+CVE-2026-45842 [slip: reject VJ receive packets on instances with no rstate array]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/e76607442d5b73e1ba6768f501ef815bb58c2c0e (7.1-rc1)
+CVE-2026-45841 [netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/2195574dc6d9017d32ac346987e12659f931d932 (7.1-rc1)
+CVE-2026-45840 [openvswitch: cap upcall PID array size and pre-size vport replies]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/2091c6aa0df6aba47deb5c8ab232b1cb60af3519 (7.1-rc1)
+CVE-2026-45839 [bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/1c22483a2c4bbf747787f328392ca3e68619c4dc (7.1-rc1)
+CVE-2026-45838 [bpf: fix end-of-list detection in cgroup_storage_get_next_key()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/5828b9e5b272ecff7cf5d345128d3de7324117f7 (7.1-rc1)
 CVE-2026-9642 (There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Un ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2026-9632 (A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. A ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3cd0cc54b572c50aa8b750707004ce7eabdd292

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3cd0cc54b572c50aa8b750707004ce7eabdd292
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260527/8c079470/attachment.htm>
