Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
df376583 by Salvatore Bonaccorso at 2026-07-01T20:10:34+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,158 @@
+CVE-2026-53351 [riscv/ptrace: Use USER_REGSET_NOTE_TYPE for REGSET_CFI]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/e3573f739e3dadab57ec80488d07e05c8f6e82d3 (7.1)
+CVE-2026-53348 [ASoC: SDCA: fix NULL pointer dereference in 
sdca_dev_unregister_functions]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/e4c60a1d4b6ccc66aefb3789cd908d4f9482eefd (7.1)
+CVE-2026-53347 [drm/virtio: Fix driver removal with disabled KMS]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/f329e8325e054bd6d84d10904f8dd51137281b92 (7.1)
+CVE-2026-53346 [rust: arm64: set uwtable llvm module flag for 
CONFIG_UNWIND_TABLES]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/ac35b5580ace12e5d0a0b5e61e36d2c4e1ffa29c (7.1-rc7)
+CVE-2026-53344 [pinctrl: mcp23s08: Initialize mcp->dev and mcp->addr before 
regmap init]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/8473c3a197b57ff01396f7a2ec6ddf65383820d4 (7.1)
+CVE-2026-53342 [arm64: mm: call pagetable dtor when freeing hot-removed page 
tables]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/c594b83457ccdee76d458416fb3bc9348a37592f (7.1)
+CVE-2026-53340 [i2c: imx: fix clock and pinctrl state inconsistency in runtime 
PM]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/8783fb8031799f1230997c16df8c8dce9fcd1841 (7.1)
+CVE-2026-53338 [net: airoha: Add NULL check for of_reserved_mem_lookup() in 
airoha_qdma_init_hfwd_queues()]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/f9f25118faa4dd2b6e3d14a03d123bbdbd59925d (7.1)
+CVE-2026-53336 [nvmem: layouts: onie-tlv: fix hang on unknown types]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/ea41020b9018e31c2ea7e9d89021e3e6d7470883 (7.1)
+CVE-2026-53335 [mm/damon/lru_sort: handle ctx allocation failure]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/ab04340b5ae5d52c1d46b750538febcde9d889e7 (7.1)
+CVE-2026-53334 [mm/damon/reclaim: handle ctx allocation failure]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/7e2ed8a29427af534bf2cb9b8bc51762b8b6e654 (7.1)
+CVE-2026-53333 [mm/mincore: handle non-swap entries before !CONFIG_SWAP guard]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/0c25b8734367574e21aeb8468c2e522713134da7 (7.1)
+CVE-2026-53328 [sched_ext: Don't warn on NULL cgrp_moving_from in 
scx_cgroup_move_task()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/02e545c4297a26dbbc41df81b831e7f605bcd306 (7.1-rc7)
+CVE-2026-53326 [debugobjects: Don't call fill_pool() in early boot hardirq 
context]
+       - linux 7.0.13-1
+       [trixie] - linux <not-affected> (Vulnerable code not present)
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/0d046ae106255cba5eb83b23f78ee93f3620247d (7.1)
+CVE-2026-53356 [drm/i915/gem: Fix phys BO pread/pwrite with offset]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/d21ad938398bca695a511307de38a65889e3b354 (7.1)
+CVE-2026-53355 [net: rds: clear i_sends on setup unwind]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/20cf0fb715c41111469577e85e35d15f099473e0 (7.1-rc7)
+CVE-2026-53354 [arm64: errata: Mitigate TLBI errata on various Arm CPUs]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/cfd391e74134db664feb499d43af286380b10ba8 (7.2-rc1)
+CVE-2026-53353 [hsr: Remove WARN_ONCE() in hsr_addr_is_self().]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/afd0f17ca46258cec3a5cc48b8df9327fe772490 (7.1-rc7)
+CVE-2026-53352 [signal: clear JOBCTL_PENDING_MASK for caller in 
zap_other_threads()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/90918794a4e2c3b440f8fcf3847765a8b1d81b25 (7.1-rc7)
+CVE-2026-53350 [ASoC: wm_adsp: Fix NULL dereference when removing firmware 
controls]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/7d3fb78b550301e43fdc60312aed733069694426 (7.1)
+CVE-2026-53349 [netfilter: nf_conntrack: destroy stale expectfn expectations 
on unregister]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/c3009418f9fa1dcb3eb86f4d8c92583537b5faa3 (7.1)
+CVE-2026-53345 [KVM: Don't WARN if memory is dirtied without a vCPU when the 
VM is dying]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/8618004d3e897c0f1b71d9a9ab860461289bb89a (7.1-rc7)
+CVE-2026-53343 [ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/77a1f6883dc6e837bb2cb30b9b02e2f94338e2c6 (7.1)
+CVE-2026-53341 [fhandle: fix UAF due to unlocked ->mnt_ns read in 
may_decode_fh()]
+       - linux 7.0.13-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/40ab6644b99685755f740b872c00ef40d9aa870e (7.1-rc7)
+CVE-2026-53339 [i2c: qcom-cci: Fix NULL pointer dereference in cci_remove()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/729ac5a4b966aac42e08a94dea966f4429008548 (7.1)
+CVE-2026-53337 [net: bonding: fix NULL pointer dereference in bond_do_ioctl()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/a764b0e8317a863006e05732e1aefe821b9d8c2d (7.1-rc7)
+CVE-2026-53332 [slimbus: qcom-ngd-ctrl: Register callbacks after creating the 
ngd]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/2a9d50e9ea406e0c8735938484adc20515ef1b47 (7.1)
+CVE-2026-53331 [slimbus: qcom-ngd-ctrl: Avoid ABBA on tx_lock/ctrl->lock]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/55f2ea9ff83cc27a85526b14bc9b32f96a08d6ec (7.1)
+CVE-2026-53330 [drm/amd/display: Fix out-of-bounds read in 
dp_get_eq_aux_rd_interval()]
+       - linux 7.0.13-1
+       NOTE: 
https://git.kernel.org/linus/e8b4d37eba05141ee01794fc6b7f2da808cee83b (7.1-rc7)
+CVE-2026-53329 [drm/amd/display: Use krealloc_array() in dal_vector_reserve()]
+       - linux 7.0.13-1
+       [trixie] - linux 6.12.94-1
+       NOTE: 
https://git.kernel.org/linus/da48bc4461b8a5ebfb9264c9b191a701d8e99009 (7.1-rc7)
+CVE-2026-53327 [debugobjects: Do not fill_pool() if pi_blocked_on]
+       - linux 7.0.13-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/5f41161059fd0f1bbf18c90f3180e38cc45a14eb (7.1-rc5)
 CVE-2026-45382
        - libde265 1.1.1-1
        NOTE: 
https://github.com/strukturag/libde265/security/advisories/GHSA-hwhx-x2mq-ccr9



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df376583379df30ba373715dcbdb9209446ba6aa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df376583379df30ba373715dcbdb9209446ba6aa
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to