Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5fc9fedb by Salvatore Bonaccorso at 2026-06-25T12:31:59+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,705 @@
+CVE-2026-53276 [Bluetooth: ISO: Fix a use-after-free of the hci_conn pointer]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/f50331f2a1441ec49988832c3a95f2edacc47322 (7.1-rc7)
+CVE-2026-53271 [ksmbd: fix NULL-deref of opinfo->conn in oplock/lease break 
notifiers]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/b003086d76968298f22e7cf62239833b5a3a06b1 (7.1-rc7)
+CVE-2026-53261 [devlink: Release nested relation on devlink free]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/3522b21fd7e1863d0734537737bd59f1b90d0190 (7.1-rc7)
+CVE-2026-53259 [ipv6: anycast: insert aca into global hash under idev->lock]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/f723ccaff2fb72b71ae8a9fd283f0dee4d9ae7a3 (7.1-rc7)
+CVE-2026-53251 [Bluetooth: ISO: Fix not releasing hdev reference on 
iso_conn_big_sync]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/5cbf290b79351971f20c7a533247e8d58a3f970c (7.1-rc7)
+CVE-2026-53248 [net: airoha: Fix use-after-free in metadata dst teardown]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/b38cae85d1c45ff189d7ecb6ac36f41cdc3d84d0 (7.1-rc7)
+CVE-2026-53247 [net: ethernet: mtk_eth_soc: Fix use-after-free in metadata dst 
teardown]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/80df409e1a483676826a6c66e693dba6ac507751 (7.1-rc7)
+CVE-2026-53244 [VFS: fix possible failure to unlock in nfsd4_create_file()]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/e824bbd4d224cce4b5fb59cc9dcd3447fe0b7e44 (7.1-rc7)
+CVE-2026-53243 [rseq: Fix using an uninitialized stack variable in 
rseq_exit_user_update()]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/6d99479799c69c3cb588fcda19c81d8f61d64ecd (7.1-rc7)
+CVE-2026-53241 [ALSA: seq: dummy: fix UMP event stack overread]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/2b5ff4db5d7aa5b981d966df02e687f79ad7b311 (7.1-rc7)
+CVE-2026-53240 [xfrm: iptfs: fix use-after-free on first_skb in 
__input_process_payload]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/eb48730bb827d1550401a5d391903f9d90b493c8 (7.1)
+CVE-2026-53235 [net: add pskb_may_pull() to skb_gro_receive_list()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/f2bb3434544454099a5b6dec213567267b05d79d (7.1)
+CVE-2026-53234 [net: ibm: emac: Fix use-after-free during device removal]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/a0130d682222ae21afc395aead7cd2d87e1a8358 (7.1)
+CVE-2026-53233 [netdev: fix double-free in netdev_nl_bind_rx_doit()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/c849de7d8757a7af801fc4a4058f71d481d367f2 (7.1)
+CVE-2026-53231 [net: phy: don't try to setup PHY-driven SFP cages when using 
genphy]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/5a0082ec20a05ef2378410323a5089a8f1786f4a (7.1)
+CVE-2026-53214 [ipv6: Fix a potential NPD in cleanup_prefix_route()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/b70c687b7cf267fb08586667a3946c8851cad672 (7.1)
+CVE-2026-53211 [netfilter: nft_meta_bridge: fix stale stack leak via IIFHWADDR 
register]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/c7d573551f9286100a055ef696cde6af54549677 (7.1)
+CVE-2026-53210 [tee: shm: fix shm leak in register_shm_helper()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/26682f5efc276e3ad96d102019472bfbf03833b2 (7.1-rc7)
+CVE-2026-53206 [accel/ivpu: Add bounds check for firmware runtime memory]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/1d0b597facdd3c0239c88e8797c1014e1ea0ef15 (7.1-rc7)
+CVE-2026-53205 [accel/ivpu: Add bounds checks for firmware log indices]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/dd1311bcf0e62f0c515115f46a3813370f4a4bb1 (7.1-rc7)
+CVE-2026-53204 [firmware: stratix10-rsu: Fix NULL deref on rsu_send_msg() 
timeout in probe]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/bfd2eb9bba548a8f63c3339bb1fb9a2031a42d86 (7.1)
+CVE-2026-53203 [accel/ivpu: Add buffer overflow check in MS get_info_ioctl]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/fb176425837693f50c5c9fc8db6fbb04af22bd0a (7.1-rc7)
+CVE-2026-53202 [accel/ivpu: Fix signed integer truncation in IPC receive]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/d9faef564438d1e4579c692c046603e7ada7bdf4 (7.1)
+CVE-2026-53201 [Revert "drm/xe: Skip exec queue schedule toggle if queue is 
idle during suspend"]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/fa7c84726dc217ce0c183926ef9411636c7a2213 (7.1-rc7)
+CVE-2026-53200 [KVM: arm64: nv: Fix handling of XN[0] when !FEAT_XNX]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/49b32ddb87a3a109afecea89e55d70f73956b8bc (7.1-rc7)
+CVE-2026-53197 [xfrm: iptfs: fix ABBA deadlock in iptfs_destroy_state()]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/c8a8a75b733467b00c08b91a38dbaf207a08ed6e (7.1)
+CVE-2026-53193 [ALSA: timer: Forcibly close timer instances at closing]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/da3039e91d1f835874ed6e9a33ea19ee80c2cb92 (7.1)
+CVE-2026-53191 [io_uring/net: inherit IORING_CQE_F_BUF_MORE across bundle recv 
retries]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/ed46f39c47eb5530a9c161481a2080d3a869cfaf (7.1-rc7)
+CVE-2026-53190 [drm/virtio: fix dma_fence refcount leak on error in 
virtio_gpu_dma_fence_wait()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/3f26bb732cc136ab20176697c92f32c9c84cb125 (7.1)
+CVE-2026-53188 [RDMA/core: Validate the passed in fops for ib_get_ucaps()]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/4a1b1ac2744694a2ecd66a84bdb1445f4ef24bee (7.1)
+CVE-2026-53187 [RDMA/core: Validate cpu_id against nr_cpu_ids in DMAH alloc]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/323c98a4ff06aa28114f2bf658fb43eb3b536bbc (7.1)
+CVE-2026-53180 [timers/migration: Fix livelock in tmigr_handle_remote_up()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/d486b4934a8e504376b85cdb3766f306d57aff5b (7.1-rc7)
+CVE-2026-53175 [inet: frags: fix use-after-free caused by the fqdir_pre_exit() 
flush]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/32594b09854970d7ba83eb2dc8c69a2edd158c8e (7.1)
+CVE-2026-53174 [ovl: keep err zero after successful ovl_cache_get()]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/1711b6ed6953cee5940ca4c3a6e77f1b3798cee2 (7.1-rc7)
+CVE-2026-53173 [accel/ethosu: fix OOB write in 
ethosu_gem_cmdstream_copy_and_validate()]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/c0837b9cf6eabbad8b8cbddaff1a46a6d0a2e29d (7.1-rc7)
+CVE-2026-53172 [accel/ethosu: fix IFM region index out-of-bounds in command 
stream parser]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/00f547e0dfecf83014fb32bcba587c6b684c1362 (7.1-rc7)
+CVE-2026-53171 [accel/ethosu: fix arithmetic issues in dma_length()]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/ee6d9b6e51626f259c6f0e38d94f91be4fd14754 (7.1-rc7)
+CVE-2026-53170 [accel/ethosu: reject DMA commands with uninitialized length]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/d9d021218162b6c4fe0bdf42b2b340f1aae23a12 (7.1-rc7)
+CVE-2026-53169 [accel/ethosu: reject NPU_OP_RESIZE commands from userspace]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/ef911805d86a05363d3ec2fa9835a41def83bb7e (7.1-rc7)
+CVE-2026-53165 [iomap: avoid potential null folio->mapping deref during error 
reporting]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/2eea7f44b9c8b42fd7d3a1a87c06a7cd1b99c327 (7.1-rc7)
+CVE-2026-53164 [iommu/dma: Do not try to iommu_map a 0 length region in 
swiotlb]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/6ec91df8aff77e2e8fe3179c1f3fc15b43a40ba3 (7.1)
+CVE-2026-53162 [memcg: use round-robin victim selection in refill_stock]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/c0cafe24d3f6534294c4b2bc2d47734ff7cbd313 (7.1-rc7)
+CVE-2026-53155 [mm/huge_memory: use correct flags for device private PMD entry]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/43e7f189769c512c843184a8a5892ac779a6bd90 (7.1)
+CVE-2026-53154 [mm/hugetlb: restore reservation on error in hugetlb folio copy 
paths]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/40c81856e622a9dc59294a90d169ac07ea25b0b0 (7.1-rc7)
+CVE-2026-53153 [mm/list_lru: drain before clearing xarray entry on reparent]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/98733f3f0becb1ae0701d021c1748e974e5fa55c (7.1)
+CVE-2026-53152 [mmc: dw_mmc-rockchip: Add missing private data for very old 
controllers]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/1e9a4850afa0ceb63984fb1a9f3e86d0fc4fd18f (7.1-rc7)
+CVE-2026-53145 [drm/gem: Try to fix change_handle ioctl, attempt 4]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/1a4f03d22fb655e5f192244fb2c87d8066fcfca2 (7.1-rc7)
+CVE-2026-53144 [drm/amdkfd: fix NULL dereference in get_queue_ids()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/2bd550b547deabef98bd3b017ff743b7c34d3a6d (7.1-rc7)
+CVE-2026-53141 [drm/v3d: Fix global performance monitor reference counting]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/6bf7e2affc6e62da7add393d7f352d4040f5bc27 (7.1-rc7)
+CVE-2026-53140 [drm/v3d: Fix vaddr leak when indirect CSD has zeroed 
workgroups]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/ae7676952790f421c40918e2586a2c9f12a682b6 (7.1-rc7)
+CVE-2026-53277 [KVM: arm64: Take the SRCU lock for page table walks in fault 
injection and AT emulation]
+       - linux 7.0.13-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/f2ca45b50d4216c9cc7ffabf50d9ad1932209251 (7.1-rc7)
+CVE-2026-53275 [ipv6: mcast: Fix use-after-free when processing MLD queries]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/791c91dc7a9dfb2457d5e29b8216a6484b9c4b40 (7.1-rc7)
+CVE-2026-53274 [net/smc: fix sleep-inside-lock in __smc_setsockopt() causing 
local DoS]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/a3fdd924d88c30b9f488636ce0e4696012cf5511 (7.1-rc4)
+CVE-2026-53273 [tee: optee: prevent use-after-free when the client exits 
before the supplicant]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/387a926ee166814611acecb960207fe2f3c4fd3e (7.1-rc7)
+CVE-2026-53272 [erofs: fix use-after-free on sbi->sync_decompress]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/1aee05e814d292064bf5fa15733741040cdc48ba (7.1-rc7)
+CVE-2026-53270 [ipvs: clear the svc scheduler ptr early on edit]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/193989cc6d80dd8e0460fb3992e69fa03bf0ff9b (7.1-rc7)
+CVE-2026-53269 [netfilter: synproxy: add mutex to guard hook reference 
counting]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/2fcba19caaeb2a33017459d3430f057967bb91b6 (7.1-rc7)
+CVE-2026-53268 [netfilter: conntrack_irc: fix possible out-of-bounds read]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/66eba0ffce3b7e11449946b4cbbef8ea36112f56 (7.1-rc7)
+CVE-2026-53267 [netfilter: nft_ct: bail out on template ct in get eval]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/3027ecbdb5fdf9200251c21d4818e4c447ef78e1 (7.1-rc7)
+CVE-2026-53266 [netfilter: bridge: make ebt_snat ARP rewrite writable]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/67ba971ae02514d85818fe0c32549ab4bfa3bf49 (7.1-rc7)
+CVE-2026-53265 [dm cache policy smq: check allocation under invalidate lock]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/d3f0a606b9f278ece8a0df626ded9c4044071235 (7.1-rc7)
+CVE-2026-53264 [net/sched: act_api: use RCU with deferred freeing for action 
lifecycle]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/5057e1aca011e51ef51498c940ef96f3d3e8a305 (7.1-rc7)
+CVE-2026-53263 [6lowpan: fix off-by-one in multicast context address 
compression]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/2a58899d11009bffc7b4b32a571858f381121837 (7.1-rc7)
+CVE-2026-53262 [l2tp: pppol2tp: hold reference to session in pppol2tp_ioctl()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/a213a8950414c684999dcf03edeea6c46ede172e (7.1-rc7)
+CVE-2026-53260 [tcp: Add preempt_{disable,enable}_nested() in 
reqsk_queue_hash_req().]
+       - linux 7.0.13-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/e10902df24488ca722303133acfc82490f7d59ad (7.1-rc7)
+CVE-2026-53258 [wifi: fix leak if split 6 GHz scanning fails]
+       - linux 7.0.13-1
+       NOTE: 
https://git.kernel.org/linus/e8694f7cc29287e843648d1075177b9a2000d957 (7.1-rc7)
+CVE-2026-53257 [wifi: cfg80211: enforce HE/EHT cap/oper consistency]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/cb9959ab5f99611d27a06586add84811fe8102dc (7.1-rc7)
+CVE-2026-53256 [Bluetooth: RFCOMM: hold listener socket in 
rfcomm_connect_ind()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/43c441edacf953b39517a44f5e5e10a93618b226 (7.1-rc7)
+CVE-2026-53255 [Bluetooth: MGMT: validate advertising TLV before type checks]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/de23fb62259aa01d294f77238ae3b835eb674413 (7.1-rc7)
+CVE-2026-53254 [Bluetooth: RFCOMM: validate skb length in MCC handlers]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/23882b828c3c8c51d0c946446a396b10abb3b16b (7.1-rc7)
+CVE-2026-53253 [Bluetooth: bnep: reject short frames before parsing]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/6770d3a8acdf9151769180cc3710346c4cfbe6f0 (7.1-rc7)
+CVE-2026-53252 [Bluetooth: fix memory leak in error path of hci_alloc_dev()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/37b3009bf5976e8ab77c8b9a9bc3bbd7ff49e37f (7.1-rc7)
+CVE-2026-53250 [xsk: cache csum_start/csum_offset to fix TOCTOU in 
xsk_skb_metadata()]
+       - linux 7.0.13-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/22ba97ea9cc1f63a0d0244fae38057ed452b6ac7 (7.1-rc7)
+CVE-2026-53249 [ipv4: restrict IPOPT_SSRR and IPOPT_LSRR options]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/d3915a1f5a4bc0ac911032903c3c6ab8df9fcc7c (7.1-rc7)
+CVE-2026-53246 [sctp: validate cached peer INIT chunk length in COOKIE_ECHO 
processing]
+       - linux 7.0.13-1
+       NOTE: 
https://git.kernel.org/linus/0861615c28de668669d748ef4eb913ea9262d13b (7.1-rc7)
+CVE-2026-53245 [net/802/mrp: fix vector attribute parsing in 
mrp_pdu_parse_vecattr]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/7561c7fbc694308da73300f036719e63e42bf0b4 (7.1-rc7)
+CVE-2026-53242 [ALSA: PCM: Fix wait queue list corruption in snd_pcm_drain() 
on linked streams]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/88fe2e3658726cb21ff2dcf9770bf672f9b9d31b (7.1-rc7)
+CVE-2026-53239 [xfrm: policy: fix use-after-free on inexact bin in 
xfrm_policy_bysel_ctx()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/7f2d76c9c03257c0782afef9d95321fa04096f60 (7.1)
+CVE-2026-53238 [netlabel: validate unlabeled address and mask attribute 
lengths]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/9772589b57e44aedc240211c5c3f7a684a034d3a (7.1)
+CVE-2026-53237 [gpio: mvebu: fix NULL pointer dereference in suspend/resume]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/b9ad50d7505ebd48282ec3630258dc820fc85c81 (7.1)
+CVE-2026-53236 [tcp: restrict SO_ATTACH_FILTER to priv users]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/5d39580f68e6ddeedd15e587282207489dfb3da2 (7.1)
+CVE-2026-53232 [net: phy: clean the sfp upstream if phy probing fails]
+       - linux <unfixed>
+       NOTE: 
https://git.kernel.org/linus/48774e87bbaa0056819d4b52301e4692e50e3252 (7.1)
+CVE-2026-53230 [net/mlx5: Fix slab-out-of-bounds in 
mlx5_query_nic_vport_mac_list]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/894e036a24a26a6dd7b17d8d3fb5c53ab48a6074 (7.1)
+CVE-2026-53229 [net/mlx5e: xsk: Fix DMA and xdp_frame leak on XDP_TX xmit 
failure]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/b69004f5a6ad32da84d8aa5b23b9c0caafe6252e (7.1)
+CVE-2026-53228 [ipv6: sit: reload inner IPv6 header after GSO offloads]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/f0e42f0c4337b1f220de1ddd63f47197c7dee4de (7.1)
+CVE-2026-53227 [net: openvswitch: fix possible kfree_skb of ERR_PTR]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/ee30dd2909d8b98619f4341c70ec8dc8e155ab02 (7.1)
+CVE-2026-53226 [gpio: rockchip: fix generic IRQ chip leak on remove]
+       - linux 7.0.13-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/1c1e0fc88d6ef65bf15d517853251f75ab9d18c3 (7.1)
+CVE-2026-53225 [sctp: fix uninit-value in __sctp_rcv_asconf_lookup()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/f8373d7090b745728de66308deeecc67e8d319ce (7.1)
+CVE-2026-53224 [sctp: validate embedded INIT chunk and address list lengths in 
cookie]
+       - linux 7.0.13-1
+       NOTE: 
https://git.kernel.org/linus/6f4c80a2a7e6d06753b89a578b710a2499a5e62b (7.1)
+CVE-2026-53223 [net: guard timestamp cmsgs to real error queue skbs]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/1ee90b77b727df903033db873c75caac5c27ec98 (7.1)
+CVE-2026-53222 [ptp: ocp: fix resource freeing order]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/627366c51145a07f675b1800fb5ea2ec960bd900 (7.1)
+CVE-2026-53221 [ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/a5c0359f5cbc51a2e2b114d6041e0f3c73f903e9 (7.1)
+CVE-2026-53220 [netfilter: revalidate bridge ports]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/ccb9fd4b87538ccf19ccff78ee26700526d94867 (7.1)
+CVE-2026-53219 [netfilter: x_tables: avoid leaking percpu counter pointers]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/f7f2fbb0e893a0238dc464f8d8c0f5609bec584f (7.1)
+CVE-2026-53218 [netfilter: nft_exthdr: fix register tracking for F_PRESENT 
flag]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/772cecf198da732faebb5dcfc46d66a505be8495 (7.1)
+CVE-2026-53217 [net: mvpp2: sync RX data at the hardware packet offset]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/180235600934bef6add3be637c296d6cf3272e67 (7.1)
+CVE-2026-53216 [net: mvpp2: limit XDP frame size to the RX buffer]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/f3c6aa078927e6fe8121c9c591ddee8716c5305a (7.1)
+CVE-2026-53215 [net: mvpp2: refill RX buffers before XDP or skb use]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/5e8e2a9624df72fca7c736b2966b2cbf6c9c3ff6 (7.1)
+CVE-2026-53213 [drm/vc4: fix krealloc() memory leak]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/5d563a5da8717629ae72f9eadf1e0e340bd1658b (7.1)
+CVE-2026-53212 [netfilter: nft_tunnel: fix use-after-free on object destroy]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/c32b26aaa2f9216520a38b3f4bfeec846eb3eb8a (7.1-rc7)
+CVE-2026-53209 [Bluetooth: hci_sync: reject oversized Broadcast Announcement 
prepend]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/5c65b96b549ea2dcfde497436bf9e048deb87758 (7.1-rc7)
+CVE-2026-53208 [Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/dd214733544427587a95f66dbf3adff072568990 (7.1-rc7)
+CVE-2026-53207 [mm/memory-failure: fix hugetlb_lock AA deadlock in 
get_huge_page_for_hwpoison]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/3c2d42b8ee345b17a4ba56b0f6492d1ff4c1178e (7.1-rc7)
+CVE-2026-53199 [hv_netvsc: use kmap_local_page in netvsc_copy_to_send_buf]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/004e9ecfe6c5384f9e0b2f6f6389d42ec22789af (7.1)
+CVE-2026-53198 [ksmbd: fix use-after-free of a deferred file_lock on double 
SMB2_CANCEL]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/f580d27e8928828693df44ba2db0fffdbe11dfea (7.1-rc7)
+CVE-2026-53196 [USB: serial: io_ti: fix heap overflow in get_manuf_info()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/183c1076eca43bbb3e7bdf597456f91d81c73e74 (7.1)
+CVE-2026-53195 [USB: serial: io_ti: fix heap overflow in build_i2c_fw_hdr()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/0fd2b00b2d3d05e3eaa13342b3dfb0fa85c226ae (7.1)
+CVE-2026-53194 [USB: serial: kl5kusb105: fix bulk-out buffer overflow]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/96d47e40bf9db4a9efd5c8fb53287a508d165f14 (7.1)
+CVE-2026-53192 [ALSA: timer: Fix UAF at snd_timer_user_params()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/053a401b592be424fea9d57c789f66cd5d8cec11 (7.1)
+CVE-2026-53189 [mm/huge_memory: update file PMD counter before folio_put()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/8d878059924f12c1bc24556a92ec56add74de3c8 (7.1-rc7)
+CVE-2026-53186 [RDMA/srp: bound SRP_RSP sense copy by the received length]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/13e91fd076306f5d0cdfa14f53d69e37274723c4 (7.1)
+CVE-2026-53185 [zram: fix use-after-free in zram_bvec_write_partial()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/732fd9f0b9c1cdc6dfd77162ded60df005182cc0 (7.1)
+CVE-2026-53184 [udp: clear skb->dev before running a sockmap verdict]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/3c94f241f776562c489876ff506f366224565c21 (7.1-rc7)
+CVE-2026-53183 [mptcp: allow subflow rcv wnd to shrink]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/da23be77e1292cd611e736c3aa17da633d7ddce7 (7.1-rc7)
+CVE-2026-53182 [wifi: nl80211: reject oversized EMA RNR lists]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/4cd92957e8f8cc4ebfe8a5d4203c14c592fde6b1 (7.1-rc7)
+CVE-2026-53181 [vsock/vmci: fix sk_ack_backlog leak on failed handshake]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/c05fa14db43ebef3bd862ca9d073981c0358b3f0 (7.1-rc7)
+CVE-2026-53179 [staging: rtl8723bs: fix buffer over-read in 
rtw_update_protection]
+       - linux 7.0.13-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/514ab98364595007d4557ecc85d7e5f012c504d3 (7.1)
+CVE-2026-53178 [staging: rtl8723bs: rtw_mlme: add bounds checks before 
ie_length subtraction]
+       - linux 7.0.13-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/88e994c57a79f62d5338231d8d37ee8dd98baffe (7.1)
+CVE-2026-53177 [bnxt_en: Fix NULL pointer dereference]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/d930276f2cddd0b7294cac7a8fe7b877f6d9e08d (7.1)
+CVE-2026-53176 [IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/29e7b925ae6df64894e82ab6419994dc25580a8a (7.1)
+CVE-2026-53168 [fuse: reject fuse_notify() pagecache ops on directories]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/9c954499d43aefac01c5dfb57a82b13d2dcf4b94 (7.1-rc7)
+CVE-2026-53167 [fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios]
+       - linux 7.0.13-1
+       NOTE: 
https://git.kernel.org/linus/4e3d1b2c48ca6c55f1e9ca7f8dccc76f120f276c (7.1-rc7)
+CVE-2026-53166 [futex/requeue: Prevent NULL pointer dereference in 
remove_waiter() on self-deadlock]
+       - linux 7.0.13-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/74e144274af39935b0f410c0ee4d2b91c3730414 (7.1-rc7)
+CVE-2026-53163 [locking/rtmutex: Skip remove_waiter() when waiter is not 
enqueued]
+       - linux 7.0.13-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/40a25d59e85b3c8709ac2424d44f65610467871e (7.1-rc7)
+CVE-2026-53161 [misc: fastrpc: fix use-after-free of fastrpc_user in workqueue 
context]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/e85eb5feca8e254905ffa6c57a3c99c89a674a0f (7.1)
+CVE-2026-53160 [misc: fastrpc: fix use-after-free race in fastrpc_map_create]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/07ebe87915d8accdaba20c4f88c5ae430fe62fbb (7.1)
+CVE-2026-53159 [misc: fastrpc: fix DMA address corruption due to find_vma 
misuse]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/464c6ad2aa16e1e1df9d559289199356493d1e00 (7.1)
+CVE-2026-53158 [misc: fastrpc: Fix NULL pointer dereference in rpmsg callback]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/5401fb4fe10fac6134c308495df18ed74aebb9c4 (7.1)
+CVE-2026-53157 [net: phonet: free phonet_device after RCU grace period]
+       - linux 7.0.13-1
+       NOTE: 
https://git.kernel.org/linus/71de0177b28da751f407581a4515cf4d762f6296 (7.1)
+CVE-2026-53156 [nvmem: core: fix use-after-free bugs in error paths]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/5b6b6fc491899d583eaa75344e094796ae9b530b (7.1)
+CVE-2026-53151 [rxrpc: Fix the ACK parser to extract the SACK table for 
parsing]
+       - linux 7.0.13-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/333b6d5bb9f87827ac2639c737bf9613dbae7253 (7.1)
+CVE-2026-53150 [thunderbolt: Reject zero-length property entries in validator]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/cff8eb65d1eafe7793e54b4d0cf6bf831644630b (7.1)
+CVE-2026-53149 [thunderbolt: Bound root directory content to block size]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/65423079c7420e3dbf9a7aa345c243a3f5752e5d (7.1)
+CVE-2026-53148 [thunderbolt: Clamp XDomain response data copy to allocation 
size]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/322e93448d908434ae5545660fcbe8f5a7a8e141 (7.1)
+CVE-2026-53147 [thunderbolt: Validate XDomain request packet size before type 
cast]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/a504b9f2797b739e0304d537e8aa4ce883ecce39 (7.1)
+CVE-2026-53146 [thunderbolt: Limit XDomain response copy to actual frame size]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/4db2bd2ed4785dbadaeeab9f4e346b21ac5fb8eb (7.1)
+CVE-2026-53143 [drm/amdkfd: Fix buffer overflow in SDMA queue 
checkpoint/restore on GFX11]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/352ea59028ea48a6fff77f19ae28f98f71946a80 (7.1-rc7)
+CVE-2026-53142 [drm/xe/display: fix oops in suspend/shutdown without display]
+       - linux 7.0.13-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/68938cc08e23a94fd881e845837ff918de005ce7 (7.1)
+CVE-2026-53139 [drm/v3d: Skip CSD when it has zeroed workgroups]
+       - linux 7.0.13-1
+       NOTE: 
https://git.kernel.org/linus/7f93fad5ea0affc9e1505dd0f7596c0fdb496213 (7.1-rc7)
+CVE-2026-53138 [drm/amd/display: Bound VBIOS record-chain walk loops]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/ff287df16a1a58aca78b08d1f3ee09fc44da0351 (7.1-rc7)
+CVE-2026-53137 [drm/amd/display: Clamp HDMI HDCP2 rx_id_list read to buffer 
size]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/f0f3981c43b32cadfe373d636d9e9ca522bb3702 (7.1-rc7)
+CVE-2026-53136 [drm/amd/display: Clamp VBIOS HDMI retimer register count to 
array size]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/fb0707ce00eef4e2d60c3020e1c0432739703e4a (7.1-rc7)
+CVE-2026-53135 [drm/amd/display: Fix NULL deref and buffer over-read in SDP 
debugfs]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/adf67034b1f61f7119295208085bfd43f85f56af (7.1-rc7)
+CVE-2026-53134 [netfilter: nft_fib: fix stale stack leak via the OIFNAME 
register]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/ab185e0c4fb82dfba6fb86f8271e06f931d9c64c (7.1)
+CVE-2026-53133 [RDMA/umem: Fix truncation for block sizes >= 4G]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/15fe76e23615f502d051ef0768f86babaf08746c (7.1)
+CVE-2026-53132 [vsock/virtio: fix potential unbounded skb queue]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/059b7dbd20a6f0c539a45ddff1573cb8946685b5 (7.1-rc3)
+CVE-2026-53131 [netfilter: require Ethernet MAC header before using eth_hdr()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/62443dc21114c0bbc476fa62973db89743f2f137 (7.1-rc1)
 CVE-2026-54548
        - kas 5.4-1
        [trixie] - kas <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fc9fedbcb88337153fa87d86d2e4a40b6aa76b3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fc9fedbcb88337153fa87d86d2e4a40b6aa76b3
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to