Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8e7c12b2 by Salvatore Bonaccorso at 2026-06-24T20:45:51+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,861 @@
+CVE-2026-53127 [block: fix zones_cond memory leak on zone revalidation error 
paths]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/2a2f520fda824b5a25c93f2249578ea150c24e06 (7.1-rc1)
+CVE-2026-53126 [blk-cgroup: fix disk reference leak in 
blkcg_maybe_throttle_current()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/23308af722fefed00af5f238024c11710938fba3 (7.1-rc1)
+CVE-2026-53125 [md: fix array_state=clear sysfs deadlock]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/2aa72276fab9851dbd59c2daeb4b590c5a113908 (7.1-rc1)
+CVE-2026-53123 [md: wake raid456 reshape waiters before suspend]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/cf86bb53b9c92354904a328e947a05ffbfdd1840 (7.1-rc1)
+CVE-2026-53121 [amd-pstate: Fix memory leak in amd_pstate_epp_cpu_init()]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/beda3b363546a423e4e29a7395e04c0ac4ff677e (7.1-rc1)
+CVE-2026-53119 [platform/wmi: use generic driver_override infrastructure]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/8a700b1fc94df4d847a04f14ebc7f8532592b367 (7.1-rc1)
+CVE-2026-53116 [s390/ap: use generic driver_override infrastructure]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/81d6f7c3a70b10ff757ee8b5f8114a190871cf1e (7.1-rc1)
+CVE-2026-53114 [perf/amd/ibs: Avoid calling perf_allow_kernel() from the IBS 
NMI handler]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/b0a09142622a994c4f4088c3f61db5da87cfc711 (7.1-rc1)
+CVE-2026-53110 [s390/bpf: Zero-extend bpf prog return values and kfunc 
arguments]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/202e42e4aa890172366354b233c42c73107a3f59 (7.1-rc1)
+CVE-2026-53105 [wifi: mt76: mt7925: prevent NULL vif dereference in 
mt7925_mac_write_txwi]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/962eb04e67552be406c906c83099c1d736aae3b6 (7.1-rc1)
+CVE-2026-53100 [wifi: mt76: fix deadlock in remain-on-channel]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/6939b97ddad3cf3dfbb3b5a0a12ef79cb886747e (7.1-rc1)
+CVE-2026-53099 [bpf: Switch CONFIG_CFI_CLANG to CONFIG_CFI]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/9b0cf064ea0a6bac5e1a5fb43b004fd52fbe2b3b (7.1-rc1)
+CVE-2026-53098 [wifi: mt76: mt7915: fix use-after-free bugs in 
mt7915_mac_dump_work()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/1146d0946b5358fad24812bd39d68f31cd40cc34 (7.1-rc1)
+CVE-2026-53095 [bpf: Fix abuse of kprobe_write_ctx via freplace]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/611fe4b79af72d00d80f2223354284447daafae9 (7.1-rc1)
+CVE-2026-53094 [bpf: Fix stale offload->prog pointer after constant blinding]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/a1aa9ef47c299c5bbc30594d3c2f0589edf908e6 (7.1-rc1)
+CVE-2026-53087 [net: bcmgenet: fix leaking free_bds]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/3f3168300efb839028328d720ab3962f91d6a0d0 (7.1-rc1)
+CVE-2026-53085 [bpf: fix mm lifecycle in open-coded task_vma iterator]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/d8e27d2d22b6e2df3a0125b8c08e9aace38c954c (7.1-rc1)
+CVE-2026-53084 [bpf: return VMA snapshot from task_vma iterator]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/4cbee026db54cad39c39db4d356100cb133412b3 (7.1-rc1)
+CVE-2026-53081 [bpf: Enforce regsafe base id consistency for BPF_ADD_CONST 
scalars]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/2f2ec8e7730e21fc9bd49e0de9cdd58213ea24d0 (7.1-rc1)
+CVE-2026-53079 [net_sched: fix skb memory leak in deferred qdisc drops]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/a6bd339dbb3514bce690fdcf252e788dfab4ee76 (7.1-rc1)
+CVE-2026-53067 [PCI: endpoint: pci-ep-msi: Fix error unwind and prevent double 
alloc]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/1cba96c0a795124c3229293ed7b5b5765e66f259 (7.1-rc1)
+CVE-2026-53058 [drm/bridge: cadence: cdns-mhdp8546-core: Set the mhdp 
connector earlier in atomic_enable()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/43d6508ddbf9fb974fbc359a033154f78c9d4c8b (7.1-rc1)
+CVE-2026-53057 [iommu/riscv: Add IOTINVAL after updating DDT/PDT entries]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/f5c262b544975e067ea265fc7403aefbbea8563e (7.1-rc1)
+CVE-2026-53055 [crypto: hisilicon/sec2 - prevent req used-after-free for sec]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/67b53a660e6bf0da2fa8d8872e897a14d8059eaf (7.1-rc1)
+CVE-2026-53054 [drm/msm: Fix VM_BIND UNMAP locking]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/85042c2cd970a6b0e686329387096fe19989ae62 (7.1-rc1)
+CVE-2026-53051 [PCI: tegra194: Fix CBB timeout caused by DBI access before 
core power-on]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/34b3eef48d980cd37b876e128bbf314f69fb5d70 (7.1-rc1)
+CVE-2026-53044 [soc/tegra: cbb: Fix incorrect ARRAY_SIZE in fabric lookup 
tables]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/499f7e5ebbdd9ff0c4d532b1c432f8a61ff585b3 (7.1-rc1)
+CVE-2026-53042 [fwctl: Fix class init ordering to avoid NULL pointer 
dereference on device removal]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/a55f80233f384dc89ef3425b2e1dd0e6d44bcf29 (7.1-rc1)
+CVE-2026-53038 [ima_fs: Correctly create securityfs files for unsupported hash 
algos]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/d7bd8cf0b348d3edae7bee33e74a32b21668b181 (7.1-rc1)
+CVE-2026-53032 [bpf: Fix NULL deref in map_kptr_match_type for scalar regs]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/4d0a375887ab4d49e4da1ff10f9606cab8f7c3ad (7.1-rc1)
+CVE-2026-53031 [bpf: Validate node_id in arena_alloc_pages()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/2845989f2ebaf7848e4eccf9a779daf3156ea0a5 (7.1-rc1)
+CVE-2026-53030 [i3c: master: renesas: Fix memory leak in 
renesas_i3c_i3c_xfers()]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/d7665c3b4f575251e449e2656879392346ca612b (7.1-rc1)
+CVE-2026-53029 [fs/ntfs3: prevent uninitialized lcn caused by zero len]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/e98266e823a1fa06fe6499df61aeaac2fd6f7a49 (7.1-rc1)
+CVE-2026-53028 [usb: typec: Fix error pointer dereference]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/f2529d08fcb429ea01bb87c326342f41483f8b2f (7.1-rc1)
+CVE-2026-53026 [NFSD: fix nfs4_file access extra count in 
nfsd4_add_rdaccess_to_wrdeleg]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/b48f44f36e6607b2f818560f19deb86b4a9c717b (7.1-rc1)
+CVE-2026-53020 [um: Fix potential race condition in TLB sync]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/102331b66bcaf1f41f50b9c4cd5c36e46bafa9f3 (7.1-rc1)
+CVE-2026-53019 [clk: spacemit: ccu_mix: fix inverted condition in 
ccu_mix_trigger_fc()]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/54e97360b44bed6b4399dd3be3d65f392df940fa (7.1-rc1)
+CVE-2026-53014 [net/sched: act_mirred: fix wrong device for mac_header_xmit 
check in tcf_blockcast_redir]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/4510d140524ca7d6e772db962e013f26f09a63b1 (7.1-rc1)
+CVE-2026-53013 [macvlan: fix macvlan_get_size() not reserving space for 
IFLA_MACVLAN_BC_CUTOFF]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/fa92a77b0ed4d5f11a71665a232ac5a54a4b055d (7.1-rc1)
+CVE-2026-52997 [net/sched: sch_dualpi2: drain both C-queue and L-queue in 
dualpi2_change()]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/478ed6b7d2577439c610f91fa8759a4c878a4264 (7.1-rc1)
+CVE-2026-52996 [ksmbd: fix durable fd leak on ClientGUID mismatch in durable 
v2 open]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/804054d19886ac6628883d82410f6ee42a818664 (7.1-rc1)
+CVE-2026-52987 [drm/amdgpu: avoid double drm_exec_fini() in userq validate]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/508babf310365f1107a2e8831c267c292a286818 (7.1-rc2)
+CVE-2026-52980 [sched/fair: Clear rel_deadline when initializing forked 
entities]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/3da56dc063cd77b9c0b40add930767fab4e389f3 (7.1-rc2)
+CVE-2026-52979 [net: psp: check for device unregister when creating assoc]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/b89769f936a8fa9e66de72ddc1b71a9745a488e6 (7.1-rc2)
+CVE-2026-52978 [net: psp: require admin permission for dev-set and key-rotate]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/b718342a7fbaa2dff5fefc31988c07af8c6cbc21 (7.1-rc2)
+CVE-2026-52976 [drm/xe: Fix error cleanup in xe_exec_queue_create_ioctl()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/f3cc22d4df3ed58439ea7e21daa54c3608e03b78 (7.1-rc2)
+CVE-2026-52973 [futex: Drop CLONE_THREAD requirement for private default hash 
alloc]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/ee9dce44362b2d8132c32964656ab6dff7dfbc6a (7.1-rc2)
+CVE-2026-52971 [net: ena: PHC: Fix potential use-after-free in get_timestamp]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/e42c755582f0960e684298762f0ab927b3778376 (7.1-rc4)
+CVE-2026-52966 [drm: Replace old pointer to new idr]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/dc366607c41c45fd0ae6f3db090f31dd611b644a (7.1-rc4)
+CVE-2026-52964 [ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/918be519c7876329e1b6e2ea1c59f0b75e792dca (7.1-rc4)
+CVE-2026-52959 [virt: sev-guest: Do not use host-controlled page order in 
cleanup path]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/23e6a1ca04ae44806439a5a446e62e4d42e80bb4 (7.1-rc4)
+CVE-2026-52952 [iommu: Fix WARN_ON in __iommu_group_set_domain_nofail() due to 
reset]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/5474e6e17a262db45c60575c73f70210f5c7001f (7.1-rc4)
+CVE-2026-52951 [drm/xe/dma-buf: handle empty bo and UAF races]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/981bedbbe61364fcc3a3b87ebaf648a66cd07108 (7.1-rc4)
+CVE-2026-52950 [drm/xe/dma-buf: fix UAF with retry loop]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/155a372a1cc50fa93387c5d3cdfd614a61e1afd1 (7.1-rc4)
+CVE-2026-53130 [fs/omfs: reject s_sys_blocksize smaller than OMFS_DIR_START]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/0621c385fda1376e967f37ccd534c26c3e511d14 (7.1-rc1)
+CVE-2026-53129 [fs/mbcache: cancel shrink work before destroying the cache]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/d227786ab1119669df4dc333a61510c52047cce4 (7.1-rc1)
+CVE-2026-53128 [drbd: Balance RCU calls in drbd_adm_dump_devices()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/2b31e86387e60b3689339f0f0fbb4d3623d9d494 (7.1-rc1)
+CVE-2026-53124 [ublk: reset per-IO canceled flag on each fetch]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/0842186d2c4e67d2f8c8c2d1d779e8acffd41b5b (7.1-rc1)
+CVE-2026-53122 [btrfs: fix deadlock between reflink and transaction commit 
when using flushoncommit]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/b48c980b6a7e409050bb3067165db31cc6205e3e (7.1-rc1)
+CVE-2026-53120 [PCI: use generic driver_override infrastructure]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/10a4206a24013be4d558d476010cbf2eb4c9fa64 (7.1-rc1)
+CVE-2026-53118 [vdpa: use generic driver_override infrastructure]
+       - linux 7.0.10-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/85bb534ff12aab6916058897b39c748940a7a4c6 (7.1-rc1)
+CVE-2026-53117 [s390/cio: use generic driver_override infrastructure]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/ac4d8bb6e2e13e8684a76ea48d13ebaaaf5c24c4 (7.1-rc1)
+CVE-2026-53115 [bus: fsl-mc: use generic driver_override infrastructure]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/6c8dfb0362732bf1e4829867a2a5239fedc592d0 (7.1-rc1)
+CVE-2026-53113 [wifi: ath11k: fix memory leaks in beacon template setup]
+       - linux 7.0.10-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/ff49eba595df500e4ddccc593088c8a4ab5f2c27 (7.1-rc1)
+CVE-2026-53112 [wifi: rtlwifi: pci: fix possible use-after-free caused by 
unfinished irq_prepare_bcn_tasklet]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/039cd522dc70151da13329a5e3ae19b1736f468a (7.1-rc1)
+CVE-2026-53111 [bpf: test_run: Fix the null pointer dereference issue in 
bpf_lwt_xmit_push_encap]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/972787479ee73006fddb5e59ab5c8e733810ff42 (7.1-rc1)
+CVE-2026-53109 [powerpc/pgtable-frag: Fix bad page state in pte_frag_destroy]
+       - linux 7.0.10-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/fda4d71651f71c44b35829d13f3c8bf920032f77 (7.1-rc1)
+CVE-2026-53108 [powerpc/64s: Fix unmap race with PMD migration entries]
+       - linux 7.0.10-1
+       NOTE: 
https://git.kernel.org/linus/bbcbf045d6c778e82b47a35fc8728387708e9a3d (7.1-rc1)
+CVE-2026-53107 [wifi: libertas: don't kill URBs in interrupt context]
+       - linux 7.0.10-1
+       NOTE: 
https://git.kernel.org/linus/7c5c2b661bdb78c1472b8833265c9ed1ee880039 (7.1-rc1)
+CVE-2026-53106 [bpf: Do not allow deleting local storage in NMI]
+       - linux 7.0.10-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/350de5b8a9befaa2a68861c51f671d4f5f751ca5 (7.1-rc1)
+CVE-2026-53104 [wifi: mt76: Fix memory leak destroying device]
+       - linux 7.0.10-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/6b470f36616e3448d44b0ef4b1de2a3e3a31b5be (7.1-rc1)
+CVE-2026-53103 [wifi: mt76: mt7925: fix potential deadlock in 
mt7925_roc_abort_sync]
+       - linux 7.0.10-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/dd08ca3f092f4185ece69ce2a835c23198b1628a (7.1-rc1)
+CVE-2026-53102 [wifi: mt76: Fix memory leak after 
mt76_connac_mcu_alloc_sta_req()]
+       - linux 7.0.10-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/c41075ce8cf05ed8c0e7b7efef000dce548ffc42 (7.1-rc1)
+CVE-2026-53101 [wifi: mt76: mt7921: fix potential deadlock in 
mt7921_roc_abort_sync]
+       - linux 7.0.10-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/d5059e52fd8bc624ec4255c9fa01a266513d126b (7.1-rc1)
+CVE-2026-53097 [wifi: mt76: mt7996: fix use-after-free bugs in 
mt7996_mac_dump_work()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/c8f62f73bbced3a79894655bdb0b625462d956fc (7.1-rc1)
+CVE-2026-53096 [bpf: Use RCU-safe iteration in dev_map_redirect_multi() SKB 
path]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/8ed82f807bb09d2c8455aaa665f2c6cb17bc6a19 (7.1-rc1)
+CVE-2026-53093 [wifi: brcmfmac: Fix error pointer dereference]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/dd8592fc6007a451c3e4b9025de365e39de8178a (7.1-rc1)
+CVE-2026-53092 [bpf: Fix linked reg delta tracking when src_reg == dst_reg]
+       - linux 7.0.10-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/d7f14173c0d5866c3cae759dee560ad1bed10d2e (7.1-rc1)
+CVE-2026-53091 [net: pull headers in qdisc_pkt_len_segs_init()]
+       - linux 7.0.10-1
+       NOTE: 
https://git.kernel.org/linus/7fb4c19670110f052c04e1ec1d2b953b9f4f57e4 (7.1-rc1)
+CVE-2026-53090 [bpf: Fix ld_{abs,ind} failure path analysis in subprogs]
+       - linux 7.0.10-1
+       NOTE: 
https://git.kernel.org/linus/ee861486e377edc55361c08dcbceab3f6b6577bd (7.1-rc1)
+CVE-2026-53089 [bpf: Fix use-after-free in offloaded map/prog info fill]
+       - linux 7.0.10-1
+       NOTE: 
https://git.kernel.org/linus/a0c584fc18056709c8e047a82a6045d6c209f4ce (7.1-rc1)
+CVE-2026-53088 [net: bcmgenet: fix off-by-one in bcmgenet_put_txcb]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/57f3f53d2c9c5a9e133596e2f7bc1c50688a6d38 (7.1-rc1)
+CVE-2026-53086 [net: bcmgenet: fix racing timeout handler]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/5393b2b5bee2ac51a0043dc7f4ac3475f053d08d (7.1-rc1)
+CVE-2026-53083 [bpf: Fix RCU stall in bpf_fd_array_map_clear()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/4406942e65ca128c56c67443832988873c21d2e9 (7.1-rc1)
+CVE-2026-53082 [net: hamradio: 6pack: fix uninit-value in sixpack_receive_buf]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/bf9a38803b2626b01cc769aaf13485d8650f576f (7.1-rc1)
+CVE-2026-53080 [net/sched: cls_fw: fix NULL dereference of "old" filters 
before change()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/65782b2db7321d5f97c16718c4c7f6c7205a56be (7.1-rc1)
+CVE-2026-53078 [bpf: Fix same-register dst/src OOB read and pointer leak in 
sock_ops]
+       - linux 7.0.10-1
+       NOTE: 
https://git.kernel.org/linus/10f86a2a5c91fc4c4d001960f1c21abe52545ef6 (7.1-rc1)
+CVE-2026-53077 [net/rds: Restrict use of RDS/IB to the initial network 
namespace]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/ebf71dd4aff46e8e421d455db3e231ba43d2fa8a (7.1-rc1)
+CVE-2026-53076 [bpf: Fix OOB in pcpu_init_value]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/576afddfee8d1108ee299bf10f581593540d1a36 (7.1-rc1)
+CVE-2026-53075 [ppp: require CAP_NET_ADMIN in target netns for unattached 
ioctls]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/2bb6379416fd19f44c3423a00bfd8626259f6067 (7.1-rc1)
+CVE-2026-53074 [bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/12bec2bd4b76d81c5d3996bd14ec1b7f4d983747 (7.1-rc1)
+CVE-2026-53073 [Bluetooth: hci_ldisc: Clear HCI_UART_PROTO_INIT on error]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/68d39ea5e0adc9ecaea1ce8abd842ec972eb8718 (7.1-rc1)
+CVE-2026-53072 [Bluetooth: fix locking in hci_conn_request_evt() with 
HCI_PROTO_DEFER]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/5c7209a341ff2ac338b2b0375c34a307b37c9ac2 (7.1-rc1)
+CVE-2026-53071 [Bluetooth: l2cap: Add missing chan lock in 
l2cap_ecred_reconf_rsp]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/42776497cdbc9a665b384a6dcb85f0d4bd927eab (7.1-rc1)
+CVE-2026-53070 [sctp: disable BH before calling udp_tunnel_xmit_skb()]
+       - linux 7.0.10-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/2cd7e6971fc2787408ceef17906ea152791448cf (7.1-rc1)
+CVE-2026-53069 [net, bpf: fix null-ptr-deref in xdp_master_redirect() for down 
master]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/1921f91298d1388a0bb9db8f83800c998b649cb3 (7.1-rc1)
+CVE-2026-53068 [drm/komeda: fix integer overflow in AFBC framebuffer size 
check]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/779ec12c85c9e4547519e3903a371a3b26a289de (7.1-rc1)
+CVE-2026-53066 [drm/sun4i: backend: fix error pointer dereference]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/06277983eca4a31d3c2114fa33d99a6e82484b11 (7.1-rc1)
+CVE-2026-53065 [ASoC: sti: use managed regmap_field allocations]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/1696fad8b259a2d46e51cd6e17e4bcdbe02279fa (7.1-rc1)
+CVE-2026-53064 [dm cache: fix null-deref with concurrent writes in passthrough 
mode]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/7d1f98d668ee34c1d15bdc0420fdd062f24a27c0 (7.1-rc1)
+CVE-2026-53063 [dm cache: fix write hang in passthrough mode]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/4ca8b8bd952df7c3ccdc68af9bd3419d0839a04b (7.1-rc1)
+CVE-2026-53062 [dm cache policy smq: fix missing locks in invalidating cache 
blocks]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/2d1f7b65f5deedd2e6b09fdc6ea27f8375f24b45 (7.1-rc1)
+CVE-2026-53061 [dm cache: fix dirty mapping checking in passthrough mode 
switching]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/322586745bd1a0e5f3559fd1635fdeb4dbd1d6b8 (7.1-rc1)
+CVE-2026-53060 [dm cache metadata: fix memory leak on metadata abort retry]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/044ca491d4086dc5bf233e9fcb71db52df32f633 (7.1-rc1)
+CVE-2026-53059 [dm log: fix out-of-bounds write due to region_count overflow]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/c20e36b7631d83e7535877f08af8b0af72c44b1a (7.1-rc1)
+CVE-2026-53056 [drm/msm/dpu: fix mismatch between power and frequency]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/bc1dccc518cc5ab5140fba06c27e7188e0ed342b (7.1-rc1)
+CVE-2026-53053 [iommu/amd: Fix clone_alias() to use the original device's 
devid]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/faad224fe0f0857a04ff2eb3c90f0de57f47d0f3 (7.1-rc1)
+CVE-2026-53052 [ASoC: qcom: qdsp6: topology: check widget type before 
accessing data]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/d5bfdd28e0cdd45043ae6e0ac168a451d59283dc (7.1-rc1)
+CVE-2026-53050 [quota: Fix race of dquot_scan_active() with quota deactivation]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/e93ab401da4b2e2c1b8ef2424de2f238d51c8b2d (7.1-rc1)
+CVE-2026-53049 [gfs2: add some missing log locking]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/fe2c8d051150b90b3ccb85f89e3b1d636cb88ec8 (7.1-rc1)
+CVE-2026-53048 [gfs2: prevent NULL pointer dereference during unmount]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/74b4dbb946060a3233604d91859a9abd3708141d (7.1-rc1)
+CVE-2026-53047 [efi/capsule-loader: fix incorrect sizeof in phys array 
reallocation]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/48a428215782321b56956974f23593e40ce84b7a (7.1-rc1)
+CVE-2026-53046 [ksmbd: fix use-after-free from async crypto on Qualcomm crypto 
engine]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/3e298897f41c61450c2e7a4f457e8b2485eb35b3 (7.1-rc1)
+CVE-2026-53045 [memory: tegra124-emc: Fix dll_change check]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/9597ab9a8296ab337e6820f8a717ff621078b632 (7.1-rc1)
+CVE-2026-53043 [ocfs2/dlm: validate qr_numregions in dlm_match_regions()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/7ab3fbb01bc6d79091bc375e5235d360cd9b78be (7.1-rc1)
+CVE-2026-53041 [ocfs2: fix listxattr handling when the buffer is full]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/d12f558e6200b3f47dbef9331ed6d115d2410e59 (7.1-rc1)
+CVE-2026-53040 [ocfs2: validate bg_bits during freefrag scan]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/8f687eeed3da3012152b0f9473f578869de0cd7b (7.1-rc1)
+CVE-2026-53039 [ocfs2: validate group add input before caching]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/70b672833f4025341c11b22c7f83778a5cd611bc (7.1-rc1)
+CVE-2026-53037 [HID: usbhid: fix deadlock in hid_post_reset()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/8df2c1b47ee3cd50fd454f75c7a7e2ae8a6adf72 (7.1-rc1)
+CVE-2026-53036 [bpf, arm64: Fix off-by-one in check_imm signed range check]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/1dd8be4ec722ce54e4cace59f3a4ba658111b3ec (7.1-rc1)
+CVE-2026-53035 [bpf, sockmap: Fix af_unix iter deadlock]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/4d328dd695383224aa750ddee6b4ad40c0f8d205 (7.1-rc1)
+CVE-2026-53034 [bpf, sockmap: Fix af_unix null-ptr-deref in proto update]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/dca38b7734d2ea00af4818ff3ae836fab33d5d5a (7.1-rc1)
+CVE-2026-53033 [bpf, sockmap: Take state lock for af_unix iter]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/64c2f93fc3254d3bf5de4445fb732ee5c451edb6 (7.1-rc1)
+CVE-2026-53027 [fs/ntfs3: fix missing run load for vcn0 in 
attr_data_get_block_locked()]
+       - linux 7.0.10-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/d7ea8495fd307b58f8867acd81a1b40075b1d3ba (7.1-rc1)
+CVE-2026-53025 [greybus: raw: fix use-after-free on cdev close]
+       - linux 7.0.10-1
+       NOTE: 
https://git.kernel.org/linus/983cc2c7efbce04ecbf6328448d895044dd6ab31 (7.1-rc1)
+CVE-2026-53024 [greybus: raw: fix use-after-free if write is called after 
disconnect]
+       - linux 7.0.10-1
+       NOTE: 
https://git.kernel.org/linus/84265cbd96b97058ef67e3f8be3933667a000835 (7.1-rc1)
+CVE-2026-53023 [fs/ntfs3: terminate the cached volume label after UTF-8 
conversion]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/a6cd43fe9b083fa23fe1595666d5738856cb261a (7.1-rc1)
+CVE-2026-53022 [platform/x86: dell-wmi-sysman: bound enumeration string 
aggregation]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/3c34471c26abc52a37f5ad90949e2e4b8027eb14 (7.1-rc1)
+CVE-2026-53021 [scsi: target: core: Fix integer overflow in UNMAP bounds check]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/2bf2d65f76697820dbc4227d13866293576dd90a (7.1-rc1)
+CVE-2026-53018 [f2fs: avoid reading already updated pages during GC]
+       - linux 7.0.10-1
+       NOTE: 
https://git.kernel.org/linus/570e2ccc7cb35fe720106964e65060602d3d2ac4 (7.1-rc1)
+CVE-2026-53017 [f2fs: fix data loss caused by incorrect use of nat_entry flag]
+       - linux 7.0.10-1
+       NOTE: 
https://git.kernel.org/linus/238e14eb7226f883b72caccd2d37bf5707df066b (7.1-rc1)
+CVE-2026-53016 [crypto: ccp - copy IV using skcipher ivsize]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/a7a1f3cdd64d8a165d9b8c9e9ad7fb46ac19dfc4 (7.1-rc1)
+CVE-2026-53015 [erofs: unify lcn as u64 for 32-bit platforms]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/2d8c7edcb661812249469f4a5b62e9339118846f (7.1-rc1)
+CVE-2026-53012 [nexthop: fix IPv6 route referencing IPv4 nexthop]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/29c95185ba32b621fbc3800fb86e7dc3edf5c2be (7.1-rc1)
+CVE-2026-53011 [net/sched: taprio: fix use-after-free in advance_sched() on 
schedule switch]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/105425b1969c5affe532713cfac1c0b320d7ac2b (7.1-rc1)
+CVE-2026-53010 [ksmbd: fix use-after-free in smb2_open during durable 
reconnect]
+       - linux 7.0.10-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/1baff47b81f94f9231c91236aa511420d0e266b9 (7.1-rc1)
+CVE-2026-53009 [ice: fix double-free of tx_buf skb]
+       - linux 7.0.10-1
+       NOTE: 
https://git.kernel.org/linus/1a303baa715e6b78d6a406aaf335f87ff35acfcd (7.1-rc1)
+CVE-2026-53008 [ice: fix race condition in TX timestamp ring cleanup]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/7c72ec18c2a4111204c2e915f8e4f6d849ce9398 (7.1-rc1)
+CVE-2026-53007 [ice: fix potential NULL pointer deref in error path of 
ice_set_ringparam()]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/fa28351f970fa5138c7c5dedfe5dea480a0ee065 (7.1-rc1)
+CVE-2026-53006 [ipv6: fix possible UAF in icmpv6_rcv()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/f996edd7615e686ada141b7f3395025729ff8ccb (7.1-rc1)
+CVE-2026-53005 [af_unix: Drop all SCM attributes for SOCKMAP.]
+       - linux 7.0.10-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/965dc93481d1b80d341bdd16c27b16fe197175ee (7.1-rc1)
+CVE-2026-53004 [sctp: fix OOB write to userspace in 
sctp_getsockopt_peer_auth_chunks]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/0cf004ffb61cd32d140531c3a84afe975f9fc7ea (7.1-rc1)
+CVE-2026-53003 [pppoe: drop PFC frames]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/cc1ff87bce1ccd38410ab10960f576dcd17db679 (7.1-rc1)
+CVE-2026-53002 [netfilter: conntrack: remove sprintf usage]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/6e7066bdb481a87fe88c4fa563e348c03b2d373d (7.1-rc1)
+CVE-2026-53001 [netfilter: xtables: restrict several matches to inet family]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/b6fe26f86a1649f84e057f3f15605b08eda15497 (7.1-rc1)
+CVE-2026-53000 [netfilter: nat: use kfree_rcu to release ops]
+       - linux 7.0.10-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/6eda0d771f94267f73f57c94630aa47e90957915 (7.1-rc1)
+CVE-2026-52999 [netfilter: nfnetlink_osf: fix out-of-bounds read on option 
matching]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/f5ca450087c3baf3651055e7a6de92600f827af3 (7.1-rc1)
+CVE-2026-52998 [netfilter: nfnetlink_osf: fix potential NULL dereference in 
ttl check]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/711987ba281fd806322a7cd244e98e2a81903114 (7.1-rc1)
+CVE-2026-52995 [net/rds: zero per-item info buffer before handing it to 
visitors]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/c88eb7e8d8397a8c1db59c425332c5a30b2a1682 (7.1-rc1)
+CVE-2026-52994 [vsock/virtio: fix MSG_ZEROCOPY pinned-pages accounting]
+       - linux 7.0.10-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/1cb36e252211506f51095fe7ced8286cc77b4c80 (7.1-rc1)
+CVE-2026-52993 [tipc: fix double-free in tipc_buf_append()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/d293ca716e7d5dffdaecaf6b9b2f857a33dc3d3a (7.1-rc1)
+CVE-2026-52992 [fs/adfs: validate nzones in adfs_validate_bblk()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/dd9d3e16c2d5fa166e13dce07413be51f42c8f5d (7.1-rc1)
+CVE-2026-52991 [sched/psi: fix race between file release and pressure write]
+       - linux 7.0.10-1
+       NOTE: 
https://git.kernel.org/linus/a5b98009f16d8a5fb4a8ff9a193f5735515c38fa (7.1-rc2)
+CVE-2026-52990 [fsnotify: fix inode reference leak in fsnotify_recalc_mask()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/4aca914ac152f5d055ddcb36704d1e539ac08977 (7.1-rc2)
+CVE-2026-52989 [nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its 
callers]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/ea8e356acb165cb1fd75537a52e1f66e5e76c538 (7.1-rc2)
+CVE-2026-52988 [netfilter: nf_tables: join hook list via splice_list_rcu() in 
commit phase]
+       - linux 7.0.10-1
+       NOTE: 
https://git.kernel.org/linus/a6134e62dba2ea4f760b29d5226907f447c92400 (7.1-rc2)
+CVE-2026-52986 [netfilter: nf_conntrack_sip: don't use simple_strtoul]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/8cf6809cddcbe301aedfc6b51bcd4944d45795f6 (7.1-rc2)
+CVE-2026-52985 [netdevsim: zero initialize struct iphdr in dummy sk_buff]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/35eaa6d8d6c2ee65e96f507add856e0eacf24591 (7.1-rc2)
+CVE-2026-52984 [net/sched: netem: fix queue limit check to include reordered 
packets]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/4185701fcce6b426b6c3630b25330dddd9c47b0d (7.1-rc2)
+CVE-2026-52983 [net: airoha: fix BQL imbalance in TX path]
+       - linux 7.0.10-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/2d9f5a118205da2683ffcec78b9347f1f01a820e (7.1-rc2)
+CVE-2026-52982 [net: usb: rtl8150: fix use-after-free in rtl8150_start_xmit()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/23f0e34c64acba15cad4d23e50f41f533da195fa (7.1-rc2)
+CVE-2026-52981 [neigh: let neigh_xmit take skb ownership]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/4438113be604ee67a7bf4f81da6e1cca41332ce4 (7.1-rc2)
+CVE-2026-52977 [futex: Prevent lockup in requeue-PI during signal/ timeout 
wakeup]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/bc7304f3ae20972d11db6e0b1b541c63feda5f05 (7.1-rc2)
+CVE-2026-52975 [bonding: 3ad: implement proper RCU rules for port->aggregator]
+       - linux 7.0.10-1
+       NOTE: 
https://git.kernel.org/linus/c4f050ce06c56cfb5993268af4a5cb66ed1cd04e (7.1-rc2)
+CVE-2026-52974 [net: tls: fix strparser anchor skb leak on offload RX setup 
failure]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/58689498ca3384851145a754dbb1d8ed1cf9fb54 (7.1-rc2)
+CVE-2026-52972 [crypto: af_alg - Cap AEAD AD length to 0x80000000]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: https://git.kernel.org/linus/
+CVE-2026-52970 [netfilter: nft_ct: fix missing expect put in obj eval]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/19f94b6fee75b3ef7fbc06f3745b9a771a8a19a4 (7.1-rc4)
+CVE-2026-52969 [KVM: Reject wrapped offset in kvm_reset_dirty_gfn()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/577a8d3bae0531f0e5ccfac919cd8192f920a804 (7.1-rc4)
+CVE-2026-52968 [KVM: s390: pci: fix GAIT table indexing due to double-scaling 
pointer arithmetic]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/16d990a15491cf76cd6eef0846e1b4100e63261a (7.1-rc4)
+CVE-2026-52967 [smb/client: fix possible infinite loop and oob read in 
symlink_data()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/7d9a7f1f96cd617ee9e75bb22217c709038e26b8 (7.1-rc4)
+CVE-2026-52965 [drm/ttm: Fix ttm_bo_swapout() infinite LRU walk on swapout 
failure]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/b2ed01e7ad3de80333e9b962a44024b094bc0b2b (7.1-rc4)
+CVE-2026-52963 [ALSA: usb-audio: Bound MIDI endpoint descriptor scans]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/d6854daa67be623860f4e1873fd3d3c275aba4ed (7.1-rc4)
+CVE-2026-52962 [ceph: fix a buffer leak in __ceph_setxattr()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/5d3cc36b4e77a27ce7b686b7c59c7072bcb3fa8e (7.1-rc4)
+CVE-2026-52961 [ceph: fix BUG_ON in __ceph_build_xattrs_blob() due to stale 
blob size]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/0c22d9511cbde746622f8e4c11aaa63fe76d45f9 (7.1-rc4)
+CVE-2026-52960 [ceph: put folios not suitable for writeback]
+       - linux 7.0.10-1
+       NOTE: 
https://git.kernel.org/linus/544576f0f05c4a759806acddfaaeb686f14fb4b0 (7.1-rc4)
+CVE-2026-52958 [libceph: Fix potential out-of-bounds access in osdmap_decode()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/35d0ed82d03e5ee77ea4f31f20e29562a7721649 (7.1-rc4)
+CVE-2026-52957 [libceph: Fix potential null-ptr-deref in decode_choose_args()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/28b0a2ab8c82d0bbdeb8013029c67c978ce6e4bf (7.1-rc4)
+CVE-2026-52956 [libceph: Fix potential out-of-bounds access in 
__ceph_x_decrypt()]
+       - linux 7.0.10-1
+       NOTE: 
https://git.kernel.org/linus/821365487aa58d06bda65c676ba215d506ba9768 (7.1-rc4)
+CVE-2026-52955 [libceph: Fix potential out-of-bounds access in crush_decode()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/4c79fc2d598694bda845b46229c9d48b65042970 (7.1-rc4)
+CVE-2026-52954 [libceph: handle rbtree insertion error in decode_choose_args()]
+       - linux 7.0.10-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/d289478cfc0bcf81c7914200d6abdcb78bd04ded (7.1-rc4)
+CVE-2026-52953 [iommu/vt-d: Fix oops due to out of scope access]
+       - linux 7.0.10-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/a6dea58d8625c06b9654c0555f101742481335c3 (7.1-rc4)
+CVE-2026-52949 [drm/ttm: Fix ttm_bo_shrink() infinite LRU walk on backup 
failure]
+       - linux 7.0.10-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/1d59f36e95f7f7134db0e313c9d787cb0adb2153 (7.1-rc4)
 CVE-2026-52948 [i2c: dev: prevent integer overflow in I2C_TIMEOUT ioctl]
        - linux 7.0.13-1
        [trixie] - linux 6.12.94-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e7c12b277661e7a077c945ab255108a1bdfe9bc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e7c12b277661e7a077c945ab255108a1bdfe9bc
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to