[Git][security-tracker-team/security-tracker][master] Sync several CVEs for linux with kernel-sec
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Dec 17 08:56:35 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e82a21b3 by Salvatore Bonaccorso at 2022-12-17T09:55:02+01:00
Sync several CVEs for linux with kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5054,6 +5054,8 @@ CVE-2022-45889
RESERVED
CVE-2022-45888 (An issue was discovered in the Linux kernel through 6.0.9. drivers/cha ...)
- linux <unfixed>
+ [bullseye] - linux <not-affected> (Vulnerable code introduced later)
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://lore.kernel.org/all/20221022175404.GA375335@ubuntu/
CVE-2022-45887 (An issue was discovered in the Linux kernel through 6.0.9. drivers/med ...)
- linux <unfixed>
@@ -14552,6 +14554,7 @@ CVE-2022-3624 (A vulnerability was found in Linux Kernel and classified as probl
NOTE: https://git.kernel.org/linus/4f5d33f4f798b1c6d92b613f0087f639d9836971 (6.0-rc1)
CVE-2022-3623 (A vulnerability was found in Linux Kernel. It has been declared as pro ...)
- linux 6.0.3-1
+ [buster] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://git.kernel.org/linus/fac35ba763ed07ba93154c95ffc0c4a55023707f (6.1-rc1)
CVE-2022-3622
RESERVED
@@ -23221,9 +23224,11 @@ CVE-2022-40138 (An integer conversion error in Hermes bytecode generation, prior
NOT-FOR-US: Facebook Hermes
CVE-2022-40133 (A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf ...)
- linux <unfixed>
+ [buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2075
CVE-2022-38457 (A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res ...)
- linux <unfixed>
+ [buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2074
CVE-2022-38096 (A NULL pointer dereference vulnerability was found in vmwgfx driver in ...)
- linux <unfixed>
@@ -24027,10 +24032,12 @@ CVE-2022-3114 (An issue was discovered in the Linux kernel through 5.16-rc6. imx
CVE-2022-3113 (An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcod ...)
- linux 5.17.3-1
[bullseye] - linux 5.10.113-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e25a89f743b18c029bfbe5e1663ae0c7190912b0 (5.18-rc1)
CVE-2022-3112 (An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_s ...)
- linux 5.17.3-1
[bullseye] - linux 5.10.113-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c8c80c996182239ff9b05eda4db50184cf3b2e99 (5.18-rc1)
CVE-2022-3111 (An issue was discovered in the Linux kernel through 5.16-rc6. free_cha ...)
- linux 5.17.3-1
@@ -24039,6 +24046,8 @@ CVE-2022-3111 (An issue was discovered in the Linux kernel through 5.16-rc6. fre
NOTE: https://git.kernel.org/linus/6dee930f6f6776d1e5a7edf542c6863b47d9f078 (5.18-rc1)
CVE-2022-3110 (An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_ini ...)
- linux 5.18.5-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f94b47c6bde624d6c07f43054087607c52054a95 (5.19-rc1)
CVE-2022-3109 (An issue was discovered in the FFmpeg through 3.0. vp3_decode_frame in ...)
- ffmpeg 7:5.1-1
@@ -24055,14 +24064,17 @@ CVE-2022-3107 (An issue was discovered in the Linux kernel through 5.16-rc6. net
CVE-2022-3106 (An issue was discovered in the Linux kernel through 5.16-rc6. ef100_up ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/407ecd1bd726f240123f704620d46e285ff30dd9 (5.16-rc6)
CVE-2022-3105 (An issue was discovered in the Linux kernel through 5.16-rc6. uapi_fin ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7694a7de22c53a312ea98960fcafc6ec62046531 (5.16)
CVE-2022-3104 (An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_AR ...)
- linux 5.18.5-1
[bullseye] - linux 5.10.127-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4a9800c81d2f34afb66b4b42e0330ae8298019a2 (5.19-rc1)
CVE-2022-3103 (off-by-one in io_uring module. ...)
- linux <not-affected> (Vulnerable code not present, introduced and fixed in 6.0 cycle)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e82a21b38805b363b5bf7ad66f10b25cdab8d54b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e82a21b38805b363b5bf7ad66f10b25cdab8d54b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221217/72c696fe/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list