Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 701d802d by Salvatore Bonaccorso at 2025-01-31T14:15:05+01:00 Add CVEs for Linux from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,79 @@ +CVE-2025-21683 [bpf: Fix bpf_sk_select_reuseport() memory leak] + - linux 6.12.11-1 + NOTE: https://git.kernel.org/linus/b3af60928ab9129befa65e6df0310d27300942bf (6.13) +CVE-2025-21682 [eth: bnxt: always recalculate features after XDP clearing, fix null-deref] + - linux 6.12.11-1 + NOTE: https://git.kernel.org/linus/f0aa6a37a3dbb40b272df5fc6db93c114688adcd (6.13) +CVE-2025-21681 [openvswitch: fix lockup on tx to unregistering netdev with carrier] + - linux 6.12.11-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/47e55e4b410f7d552e43011baa5be1aab4093990 (6.13) +CVE-2025-21680 [pktgen: Avoid out-of-bounds access in get_imix_entries] + - linux 6.12.11-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/76201b5979768500bca362871db66d77cb4c225e (6.13) +CVE-2025-21679 [btrfs: add the missing error handling inside get_canonical_dev_path] + - linux 6.12.11-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/fe4de594f7a2e9bc49407de60fbd20809fad4192 (6.13) +CVE-2025-21678 [gtp: Destroy device along with udp socket's netns dismantle.] + - linux 6.12.11-1 + NOTE: https://git.kernel.org/linus/eb28fd76c0a08a47b470677c6cef9dd1c60e92d1 (6.13) +CVE-2025-21677 [pfcp: Destroy device along with udp socket's netns dismantle.] + - linux 6.12.11-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/ffc90e9ca61b0f619326a1417ff32efd6cc71ed2 (6.13) +CVE-2025-21676 [net: fec: handle page_pool_dev_alloc_pages error] + - linux 6.12.11-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/001ba0902046cb6c352494df610718c0763e77a5 (6.13) +CVE-2025-21675 [net/mlx5: Clear port select structure when fail to create] + - linux 6.12.11-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/5641e82cb55b4ecbc6366a499300917d2f3e6790 (6.13) +CVE-2025-21674 [net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel] + - linux 6.12.11-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/2c3688090f8a1f085230aa839cc63e4a7b977df0 (6.13) +CVE-2025-21673 [smb: client: fix double free of TCP_Server_Info::hostname] + - linux 6.12.11-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/fa2f9906a7b333ba757a7dbae0713d8a5396186e (6.13) +CVE-2025-21672 [afs: Fix merge preference rule failure condition] + - linux 6.12.11-1 + NOTE: https://git.kernel.org/linus/17a4fde81d3a7478d97d15304a6d61094a10c2e3 (6.13-rc7) +CVE-2025-21671 [zram: fix potential UAF of zram table] + - linux 6.12.11-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/212fe1c0df4a150fb6298db2cfff267ceaba5402 (6.13) +CVE-2025-21670 [vsock/bpf: return early if transport is not assigned] + - linux 6.12.11-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f6abafcd32f9cfc4b1a2f820ecea70773e26d423 (6.13) +CVE-2025-21669 [vsock/virtio: discard packets if the transport changes] + - linux 6.12.11-1 + NOTE: https://git.kernel.org/linus/2cb7c756f605ec02ffe562fb26828e4bcc5fdfc1 (6.13) +CVE-2025-21668 [pmdomain: imx8mp-blk-ctrl: add missing loop break condition] + - linux 6.12.11-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/726efa92e02b460811e8bc6990dd742f03b645ea (6.13) +CVE-2025-21667 [iomap: avoid avoid truncating 64-bit offset to 32 bits] + - linux 6.12.11-1 + NOTE: https://git.kernel.org/linus/c13094b894de289514d84b8db56d1f2931a0bade (6.13-rc7) +CVE-2025-21666 [vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]] + - linux 6.12.11-1 + NOTE: https://git.kernel.org/linus/91751e248256efc111e52e15115840c35d85abaf (6.13) +CVE-2025-21665 [filemap: avoid truncating 64-bit offset to 32 bits] + - linux 6.12.11-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f505e6c91e7a22d10316665a86d79f84d9f0ba76 (6.13) +CVE-2024-57948 [mac802154: check local interfaces before deleting sdata list] + - linux 6.12.11-1 + NOTE: https://git.kernel.org/linus/eb09fbeb48709fe66c0d708aed81e910a577a30a (6.13-rc7) CVE-2025-24886 (pwn.college is an education platform to learn about, and practice, cor ...) NOT-FOR-US: pwn.college CVE-2025-24885 (pwn.college is an education platform to learn about, and practice, cor ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/701d802d4bc9a01ed992aea4c529343d75df20b3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/701d802d4bc9a01ed992aea4c529343d75df20b3 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
