[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Wed Aug 7 18:04:45 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b166fb82 by Salvatore Bonaccorso at 2024-08-07T19:03:16+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,80 @@
+CVE-2024-42250 [cachefiles: add missing lock protection when polling]
+	- linux 6.9.10-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/cf5bb09e742a9cf6349127e868329a8f69b7a014 (6.10)
+CVE-2024-42249 [spi: don't unoptimize message in spi_async()]
+	- linux 6.9.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c86a918b1bdba78fb155184f8d88dfba1e63335d (6.10)
+CVE-2024-42248 [tty: serial: ma35d1: Add a NULL check for of_node]
+	- linux 6.9.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/acd09ac253b5de8fd79fc61a482ee19154914c7a (6.10)
+CVE-2024-42247 [wireguard: allowedips: avoid unaligned 64-bit memory accesses]
+	- linux 6.9.10-1
+	NOTE: https://git.kernel.org/linus/948f991c62a4018fb81d85804eeab3029c6209f8 (6.10)
+CVE-2024-42246 [net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket]
+	- linux 6.9.10-1
+	NOTE: https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde (6.10)
+CVE-2024-42245 [Revert "sched/fair: Make sure to try to detach at least one movable task"]
+	- linux 6.9.10-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/2feab2492deb2f14f9675dd6388e9e2bf669c27a (6.10)
+CVE-2024-42244 [USB: serial: mos7840: fix crash on resume]
+	- linux 6.9.10-1
+	NOTE: https://git.kernel.org/linus/c15a688e49987385baa8804bf65d570e362f8576 (6.10)
+CVE-2024-42243 [mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray]
+	- linux 6.9.10-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/099d90642a711caae377f53309abfe27e8724a8b (6.10)
+CVE-2024-42242 [mmc: sdhci: Fix max_seg_size for 64KiB PAGE_SIZE]
+	- linux 6.9.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/63d20a94f24fc1cbaf44d0e7c0e0a8077fde0aef (6.10)
+CVE-2024-42241 [mm/shmem: disable PMD-sized page cache if needed]
+	- linux 6.9.10-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9fd154ba926b34c833b7bfc4c14ee2e931b3d743 (6.10)
+CVE-2024-42240 [x86/bhi: Avoid warning in #DB handler due to BHI mitigation]
+	- linux 6.9.10-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ac8b270b61d48fcc61f052097777e3b5e11591e0 (6.10)
+CVE-2024-42239 [bpf: Fail bpf_timer_cancel when callback is being cancelled]
+	- linux 6.9.10-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d4523831f07a267a943f0dde844bf8ead7495f13 (6.10)
+CVE-2024-42238 [firmware: cs_dsp: Return error if block header overflows file]
+	- linux 6.9.10-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/959fe01e85b7241e3ec305d657febbe82da16a02 (6.10)
+CVE-2024-42237 [firmware: cs_dsp: Validate payload length before processing block]
+	- linux 6.9.10-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/6598afa9320b6ab13041616950ca5f8f938c0cf1 (6.10)
+CVE-2024-42236 [usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()]
+	- linux 6.9.10-1
+	NOTE: https://git.kernel.org/linus/6d3c721e686ea6c59e18289b400cc95c76e927e0 (6.10)
+CVE-2024-42235 [s390/mm: Add NULL pointer check to crst_table_free() base_crst_free()]
+	- linux 6.9.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/b5efb63acf7bddaf20eacfcac654c25c446eabe8 (6.10)
+CVE-2024-42234 [mm: fix crashes from deferred split racing folio migration]
+	- linux 6.9.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/be9581ea8c058d81154251cb0695987098996cad (6.10)
+CVE-2024-42233 [filemap: replace pte_offset_map() with pte_offset_map_nolock()]
+	- linux 6.9.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/24be02a42181f0707be0498045c4c4b13273b16d (6.10)
+CVE-2024-42232 [libceph: fix race between delayed_work() and ceph_monc_stop()]
+	- linux 6.9.10-1
+	NOTE: https://git.kernel.org/linus/69c7b2fe4c9cc1d3b1186d1c5606627ecf0de883 (6.10)
 CVE-2024-6494 (The WordPress File Upload WordPress plugin before 4.24.8 does not prop ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-42219 (1Password 8 before 8.10.36 for macOS allows local attackers to exfiltr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b166fb8215e02cf290ef82b71ad5aa5972f52538

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b166fb8215e02cf290ef82b71ad5aa5972f52538
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240807/c203a41c/attachment.htm>
