[Git][security-tracker-team/security-tracker][master] Sync some linux CVEs with kernel-sec information

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 21 05:23:00 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f12c2a00 by Salvatore Bonaccorso at 2021-05-21T06:22:24+02:00
Sync some linux CVEs with kernel-sec information

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3738,6 +3738,7 @@ CVE-2021-3514 [sync_repl NULL pointer dereference in sync_create_state_control()
 	NOTE: https://github.com/389ds/389-ds-base/issues/4711
 CVE-2021-31829 (kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs unde ...)
 	- linux 5.10.38-1
+	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/4
 CVE-2021-31828 (An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0  ...)
 	NOT-FOR-US: OpenDistro for Elasticsearch
@@ -4493,6 +4494,7 @@ CVE-2021-3507 (A heap buffer overflow was found in the floppy disk emulator of Q
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951118
 CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c  ...)
 	- linux 5.10.38-1
+	[stretch] - linux <ignored> (f2fs is not supportable)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/2
 	NOTE: https://lore.kernel.org/lkml/20210322114730.71103-1-yuchao0@huawei.com/
 CVE-2021-31523 (The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_ ...)
@@ -4717,6 +4719,8 @@ CVE-2021-31417 (This vulnerability allows local attackers to disclose sensitive
 	NOT-FOR-US: Parallels Desktop
 CVE-2021-3501 (A flaw was found in the Linux kernel in versions before 5.12. The valu ...)
 	- linux 5.10.38-1
+	[buster] - linux <not-affected> (Vulnerability introduced later)
+	[stretch] - linux <not-affected> (Vulnerability introduced later)
 	NOTE: https://git.kernel.org/linus/04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a
 CVE-2021-31416
 	RESERVED
@@ -6766,6 +6770,7 @@ CVE-2021-3494 (A smart proxy that provides a restful API to various sub-systems
 	- foreman <itp> (bug #663101)
 CVE-2021-3493 (The overlayfs implementation in the linux kernel did not properly vali ...)
 	- linux 5.10.38-1
+	[stretch] - linux <not-affected> (Unprivileged users cannot mount overlayfs)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/04/16/1
 CVE-2021-30501
 	RESERVED
@@ -7602,9 +7607,11 @@ CVE-2020-36312 (An issue was discovered in the Linux kernel before 5.8.10. virt/
 	NOTE: https://git.kernel.org/linus/f65886606c2d3b562716de030706dfe1bea4ed5e
 CVE-2020-36311 (An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/s ...)
 	- linux 5.9.1-1
+	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/7be74942f184fdfba34ddd19a0d995deb34d4a03
 CVE-2020-36310 (An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/s ...)
 	- linux 5.8.7-1
+	[stretch] - linux <not-affected> (Vulnerability introduced later)
 	NOTE: https://git.kernel.org/linus/e72436bc3a5206f95bb384e741154166ddb3202e
 CVE-2020-36309 (ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty ...)
 	- nginx <unfixed> (bug #986787)
@@ -51677,6 +51684,7 @@ CVE-2020-24505 (Insufficient input validation in the firmware for the Intel(R) 7
 	NOT-FOR-US: Intel NIC firmware
 CVE-2020-24504 (Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapt ...)
 	- linux <unfixed>
+	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00462.html
 CVE-2020-24503 (Insufficient access control in some Intel(R) Ethernet E810 Adapter dri ...)
 	- linux <undetermined>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f12c2a00b3326b880f4780de22aa7e0371c2e1e5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f12c2a00b3326b880f4780de22aa7e0371c2e1e5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210521/edf57685/attachment.htm>

More information about the debian-security-tracker-commits mailing list