[Git][security-tracker-team/security-tracker][master] Merge Linux kernel CVEs from kernel-sec
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 3 20:35:50 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
622e1df6 by Salvatore Bonaccorso at 2024-04-03T21:35:12+02:00
Merge Linux kernel CVEs from kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,389 @@
+CVE-2024-26779 [wifi: mac80211: fix race condition on enabling fast-xmit]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/bcbc84af1183c8cf3d1ca9b78540c2185cd85e7f (6.8-rc2)
+CVE-2024-26778 [fbdev: savage: Error out if pixclock equals zero]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288 (6.8-rc2)
+CVE-2024-26777 [fbdev: sis: Error out if pixclock equals zero]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/e421946be7d9bf545147bea8419ef8239cb7ca52 (6.8-rc2)
+CVE-2024-26776 [spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/de8b6e1c231a95abf95ad097b993d34b31458ec9 (6.8-rc2)
+CVE-2024-26775 [aoe: avoid potential deadlock at set_capacity]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/e169bd4fb2b36c4b2bee63c35c740c85daeb2e86 (6.8-rc2)
+CVE-2024-26774 [ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/993bf0f4c393b3667830918f9247438a8f6fdb5b (6.8-rc3)
+CVE-2024-26773 [ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/4530b3660d396a646aad91a787b6ab37cf604b53 (6.8-rc3)
+CVE-2024-26772 [ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/832698373a25950942c04a512daa652c18a9b513 (6.8-rc3)
+CVE-2024-26771 [dmaengine: ti: edma: Add some null pointer checks to the edma_probe]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/6e2276203ac9ff10fc76917ec9813c660f627369 (6.8-rc3)
+CVE-2024-26770 [HID: nvidia-shield: Add missing null pointer checks to LED initialization]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/b6eda11c44dc89a681e1c105f0f4660e69b1e183 (6.8-rc3)
+CVE-2024-26769 [nvmet-fc: avoid deadlock on delete association path]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/710c69dbaccdac312e32931abcb8499c1525d397 (6.8-rc3)
+CVE-2024-26768 [LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC]]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/4551b30525cf3d2f026b92401ffe241eb04dfebe (6.8-rc4)
+CVE-2024-26767 [drm/amd/display: fixed integer types and null check locations]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/0484e05d048b66d01d1f3c1d2306010bb57d8738 (6.8-rc5)
+CVE-2024-26766 [IB/hfi1: Fix sdma.h tx->num_descs off-by-one error]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/e6f57c6881916df39db7d95981a8ad2b9c3458d6 (6.8-rc6)
+CVE-2024-26765 [LoongArch: Disable IRQ before init_fn() for nonboot CPUs]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/1001db6c42e4012b55e5ee19405490f23e033b5a (6.8-rc6)
+CVE-2024-26764 [fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/b820de741ae48ccf50dd95e297889c286ff4f760 (6.8-rc6)
+CVE-2024-26763 [dm-crypt: don't modify the data when using authenticated encryption]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/50c70240097ce41fe6bce6478b80478281e4d0f7 (6.8-rc6)
+CVE-2024-26762 [cxl/pci: Skip to handle RAS errors if CXL.mem device is detached]
+ - linux 6.7.7-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/eef5c7b28dbecd6b141987a96db6c54e49828102 (6.8-rc6)
+CVE-2024-26761 [cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window]
+ - linux 6.7.7-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/0cab687205986491302cd2e440ef1d253031c221 (6.8-rc6)
+CVE-2024-26760 [scsi: target: pscsi: Fix bio_put() for error case]
+ - linux 6.7.7-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/de959094eb2197636f7c803af0943cb9d3b35804 (6.8-rc6)
+CVE-2024-26759 [mm/swap: fix race when skipping swapcache]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/13ddaf26be324a7f951891ecd9ccd04466d27458 (6.8-rc6)
+CVE-2024-26758 [md: Don't ignore suspended array in md_check_recovery()]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/1baae052cccd08daf9a9d64c3f959d8cdb689757 (6.8-rc6)
+CVE-2024-26757 [md: Don't ignore read-only array in md_check_recovery()]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/55a48ad2db64737f7ffc0407634218cc6e4c513b (6.8-rc6)
+CVE-2024-26756 [md: Don't register sync_thread for reshape directly]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/ad39c08186f8a0f221337985036ba86731d6aafe (6.8-rc6)
+CVE-2024-26755 [md: Don't suspend the array for interrupted reshape]
+ - linux 6.7.7-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9e46c70e829bddc24e04f963471e9983a11598b7 (6.8-rc6)
+CVE-2024-26754 [gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/136cfaca22567a03bbb3bf53a43d8cb5748b80ec (6.8-rc6)
+CVE-2024-26753 [crypto: virtio/akcipher - Fix stack overflow on memcpy]
+ - linux 6.7.7-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/c0ec2a712daf133d9996a8a1b7ee2d4996080363 (6.8-rc6)
+CVE-2024-26752 [l2tp: pass correct message length to ip6_append_data]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79 (6.8-rc6)
+CVE-2024-26751 [ARM: ep93xx: Add terminator to gpiod_lookup_table]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/fdf87a0dc26d0550c60edc911cda42f9afec3557 (6.8-rc6)
+CVE-2024-26749 [usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()]
+ - linux 6.7.7-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/cd45f99034b0c8c9cb346dd0d6407a95ca3d36f6 (6.8-rc6)
+CVE-2024-26748 [usb: cdns3: fix memory double free when handle zero packet]
+ - linux 6.7.7-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/5fd9e45f1ebcd57181358af28506e8a661a260b3 (6.8-rc6)
+CVE-2024-26747 [usb: roles: fix NULL pointer issue when put module's reference]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/1c9be13846c0b2abc2480602f8ef421360e1ad9e (6.8-rc6)
+CVE-2024-26744 [RDMA/srpt: Support specifying the srpt_service_guid parameter]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/fdfa083549de5d50ebf7f6811f33757781e838c0 (6.8-rc6)
+CVE-2024-26743 [RDMA/qedr: Fix qedr_create_user_qp error flow]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/5ba4e6d5863c53e937f49932dee0ecb004c65928 (6.8-rc6)
+CVE-2024-26742 [scsi: smartpqi: Fix disable_managed_interrupts]
+ - linux 6.7.7-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/5761eb9761d2d5fe8248a9b719efc4d8baf1f24a (6.8-rc6)
+CVE-2024-26741 [dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished().]
+ - linux 6.7.7-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/66b60b0c8c4a163b022a9f0ad6769b0fd3dc662f (6.8-rc6)
+CVE-2024-26740 [net/sched: act_mirred: use the backlog for mirred ingress]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/52f671db18823089a02f07efc04efdb2272ddc17 (6.8-rc6)
+CVE-2024-26739 [net/sched: act_mirred: don't override retval if we already lost the skb]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210 (6.8-rc6)
+CVE-2024-26738 [powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller]
+ - linux 6.7.7-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/a5c57fd2e9bd1c8ea8613a8f94fd0be5eccbf321 (6.8-rc6)
+CVE-2024-26737 [bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel]
+ - linux 6.7.7-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/0281b919e175bb9c3128bd3872ac2903e9436e3f (6.8-rc6)
+CVE-2024-26736 [afs: Increase buffer size in afs_update_volume_status()]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d (6.8-rc6)
+CVE-2024-26735 [ipv6: sr: fix possible use-after-free and null-ptr-deref]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/5559cea2d5aa3018a5f00dd2aca3427ba09b386b (6.8-rc6)
+CVE-2024-26734 [devlink: fix possible use-after-free and memory leaks in devlink_init()]
+ - linux 6.7.7-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/def689fc26b9a9622d2e2cb0c4933dd3b1c8071c (6.8-rc6)
+CVE-2024-26733 [arp: Prevent overflow in arp_req_get().]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/a7d6027790acea24446ddd6632d394096c0f4667 (6.8-rc6)
+CVE-2024-26732 [net: implement lockless setsockopt(SO_PEEK_OFF)]
+ - linux 6.7.7-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/56667da7399eb19af857e30f41bea89aa6fa812c (6.8-rc6)
+CVE-2024-26731 [bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()]
+ - linux 6.7.7-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/4cd12c6065dfcdeba10f49949bffcf383b3952d8 (6.8-rc6)
+CVE-2024-26730 [hwmon: (nct6775) Fix access to temperature configuration registers]
+ - linux 6.7.7-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/d56e460e19ea8382f813eb489730248ec8d7eb73 (6.8-rc6)
+CVE-2024-26729 [drm/amd/display: Fix potential null pointer dereference in dc_dmub_srv]
+ - linux 6.7.7-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/d2b48f340d9e4a8fbeb1cdc84cd8da6ad143a907 (6.8-rc6)
+CVE-2024-26728 [drm/amd/display: fix null-pointer dereference on edid reading]
+ - linux 6.7.7-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9671761792156f2339627918bafcd713a8a6f777 (6.8-rc6)
+CVE-2024-26727 [btrfs: do not ASSERT() if the newly created subvolume already got read]
+ - linux 6.7.7-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/e03ee2fe873eb68c1f9ba5112fee70303ebf9dfb (6.8-rc4)
+CVE-2024-26726 [btrfs: don't drop extent_map for free space inode on write error]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/5571e41ec6e56e35f34ae9f5b3a335ef510e0ade (6.8-rc5)
+CVE-2024-26725 [dpll: fix possible deadlock during netlink dump operation]
+ - linux 6.7.7-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/53c0441dd2c44ee93fddb5473885fd41e4bc2361 (6.8-rc5)
+CVE-2024-26724 [net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers]
+ - linux 6.7.7-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/aa1eec2f546f2afa8c98ec41e5d8ee488165d685 (6.8-rc5)
+CVE-2024-26723 [lan966x: Fix crash when adding interface under a lag]
+ - linux 6.7.7-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/15faa1f67ab405d47789d4702f587ec7df7ef03e (6.8-rc5)
+CVE-2024-26722 [ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/6ef5d5b92f7117b324efaac72b3db27ae8bb3082 (6.8-rc5)
+CVE-2024-26721 [drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address]
+ - linux 6.7.7-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/962ac2dce56bb3aad1f82a4bbe3ada57a020287c (6.8-rc5)
+CVE-2024-26720 [mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/9319b647902cbd5cc884ac08a8a6d54ce111fc78 (6.8-rc3)
+CVE-2024-26719 [nouveau: offload fence uevents work to workqueue]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/39126abc5e20611579602f03b66627d7cd1422f0 (6.8-rc3)
+CVE-2024-26718 [dm-crypt, dm-verity: disable tasklets]
+ - linux 6.7.7-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/0a9bab391e336489169b95cb0d4553d921302189 (6.8-rc3)
+CVE-2024-26717 [HID: i2c-hid-of: fix NULL-deref on failed power up]
+ - linux 6.7.7-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/00aab7dcb2267f2aef59447602f34501efe1a07f (6.8-rc3)
+CVE-2024-26716 [usb: core: Prevent null pointer dereference in update_port_device_state]
+ - linux 6.7.7-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/12783c0b9e2c7915a50d5ec829630ff2da50472c (6.8-rc3)
+CVE-2024-26715 [usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/61a348857e869432e6a920ad8ea9132e8d44c316 (6.8-rc3)
+CVE-2024-26714 [interconnect: qcom: sc8180x: Mark CO0 BCM keepalive]
+ - linux 6.7.7-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/85e985a4f46e462a37f1875cb74ed380e7c0c2e0 (6.8-rc5)
+CVE-2024-26713 [powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add]
+ - linux 6.7.7-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ed8b94f6e0acd652ce69bd69d678a0c769172df8 (6.8-rc5)
+CVE-2024-26712 [powerpc/kasan: Fix addr error caused by page alignment]
+ - linux 6.7.7-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0 (6.8-rc5)
+CVE-2024-26711 [iio: adc: ad4130: zero-initialize clock init data]
+ - linux 6.7.7-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/a22b0a2be69a36511cb5b37d948b651ddf7debf3 (6.8-rc5)
+CVE-2024-26710 [powerpc/kasan: Limit KASAN thread size increase to 32KB]
+ - linux 6.7.7-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f1acb109505d983779bbb7e20a1ee6244d2b5736 (6.8-rc5)
+CVE-2024-26709 [powerpc/iommu: Fix the missing iommu_group_put() during platform domain attach]
+ - linux 6.7.7-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/0846dd77c8349ec92ca0079c9c71d130f34cb192 (6.8-rc5)
+CVE-2024-26708 [mptcp: really cope with fastopen race]
+ - linux 6.7.7-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/337cebbd850f94147cee05252778f8f78b8c337f (6.8-rc5)
+CVE-2024-26707 [net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()]
+ - linux 6.7.7-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/37e8c97e539015637cb920d3e6f1e404f707a06e (6.8-rc3)
+CVE-2024-26706 [parisc: Fix random data corruption from exception handler]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/8b1d72395635af45410b66cc4c4ab37a12c4a831 (6.8-rc3)
+CVE-2024-26705 [parisc: BTLB: Fix crash when setting up BTLB at CPU bringup]
+ - linux 6.7.7-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/913b9d443a0180cf0de3548f1ab3149378998486 (6.8-rc3)
+CVE-2024-26704 [ext4: fix double-free of blocks due to wrong extents moved_len]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/55583e899a5357308274601364741a83e78d6ac4 (6.8-rc3)
+CVE-2024-26703 [tracing/timerlat: Move hrtimer_init to timerlat_fd open()]
+ - linux 6.7.7-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/1389358bb008e7625942846e9f03554319b7fecc (6.8-rc3)
+CVE-2024-26702 [iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC]
+ - linux 6.7.7-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/792595bab4925aa06532a14dd256db523eb4fa5e (6.8-rc5)
+CVE-2024-26700 [drm/amd/display: Fix MST Null Ptr for RV]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/e6a7df96facdcf5b1f71eb3ec26f2f9f6ad61e57 (6.8-rc4)
+CVE-2024-26699 [drm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/46806e59a87790760870d216f54951a5b4d545bc (6.8-rc5)
+CVE-2024-26698 [hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove]
+ - linux 6.7.7-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/e0526ec5360a48ad3ab2e26e802b0532302a7e11 (6.8-rc3)
+CVE-2024-26697 [nilfs2: fix data corruption in dsync block recovery for small block sizes]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/67b8bcbaed4777871bb0dcc888fb02a614a98ab1 (6.8-rc4)
+CVE-2024-26696 [nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/38296afe3c6ee07319e01bb249aa4bb47c07b534 (6.8-rc4)
+CVE-2024-26695 [crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked]
+ - linux 6.7.7-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ccb88e9549e7cfd8bcd511c538f437e20026e983 (6.8-rc4)
+CVE-2024-26694 [wifi: iwlwifi: fix double-free bug]
+ - linux 6.7.7-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/353d321f63f7dbfc9ef58498cc732c9fe886a596 (6.8-rc4)
+CVE-2024-26693 [wifi: iwlwifi: mvm: fix a crash when we run out of stations]
+ - linux 6.7.7-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b7198383ef2debe748118996f627452281cf27d7 (6.8-rc5)
+CVE-2024-26692 [smb: Fix regression in writes when non-standard maximum write size negotiated]
+ - linux 6.7.7-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/4860abb91f3d7fbaf8147d54782149bb1fc45892 (6.8-rc5)
+CVE-2024-26691 [KVM: arm64: Fix circular locking dependency]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/10c02aad111df02088d1a81792a709f6a7eca6cc (6.8-rc5)
+CVE-2024-26690 [net: stmmac: protect updates of 64-bit statistics counters]
+ - linux 6.7.7-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/38cc3c6dcc09dc3a1800b5ec22aef643ca11eab8 (6.8-rc4)
+CVE-2024-26689 [ceph: prevent use-after-free in encode_cap_msg()]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/cda4672da1c26835dcbd7aec2bfed954eda9b5ef (6.8-rc4)
+CVE-2024-26688 [fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super]
+ - linux 6.7.7-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/79d72c68c58784a3e1cd2378669d51bfd0cb7498 (6.8-rc4)
+CVE-2024-26687 [xen/events: close evtchn after mapping cleanup]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/fa765c4b4aed2d64266b694520ecb025c862c5a9 (6.8-rc5)
+CVE-2024-26686 [fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/7601df8031fd67310af891897ef6cc0df4209305 (6.8-rc4)
+CVE-2024-26685 [nilfs2: fix potential bug in end_buffer_async_write]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/5bc09b397cbf1221f8a8aacb1152650c9195b02b (6.8-rc4)
+CVE-2023-52641 [fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/aaab47f204aaf47838241d57bf8662c8840de60a (6.8-rc4)
+CVE-2023-52640 [fs/ntfs3: Fix oob in ntfs_listxattr]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/731ab1f9828800df871c5a7ab9ffe965317d3f15 (6.8-rc4)
+CVE-2023-52639 [KVM: s390: vsie: fix race during shadow creation]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/fe752331d4b361d43cfd0b89534b4b2176057c32 (6.8-rc4)
+CVE-2023-52638 [can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock]
+ - linux 6.7.7-1
+ NOTE: https://git.kernel.org/linus/6cdedc18ba7b9dacc36466e27e3267d201948c8d (6.8-rc5)
+CVE-2023-52637 [can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)]
+ - linux 6.7.7-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/efe7cf828039aedb297c1f9920b638fffee6aabc (6.8-rc5)
CVE-2024-31083 [User-after-free in ProcRenderAddGlyphs]
- xorg-server <unfixed>
- xwayland <unfixed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/622e1df63d3bc5b79c6a536ab303782617e29211
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/622e1df63d3bc5b79c6a536ab303782617e29211
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240403/aa086dd8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list