[Git][security-tracker-team/security-tracker][master] Merge CVEs for Linux from kernel-sec

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2f4a57cf by Salvatore Bonaccorso at 2024-08-17T11:22:01+02:00
Merge CVEs for Linux from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,70 @@
+CVE-2024-42275 [drm/client: Fix error code in drm_client_buffer_vmap_local()]
+	- linux 6.10.4-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/b5fbf924f125ba3638cfdc21c0515eb7e76264ca (6.11-rc2)
+CVE-2024-42274 [Revert "ALSA: firewire-lib: operate for period elapse event in process context"]
+	- linux 6.10.4-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3dab73ab925a51ab05543b491bf17463a48ca323 (6.11-rc2)
+CVE-2024-42273 [f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid]
+	- linux 6.10.4-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1 (6.11-rc1)
+CVE-2024-42272 [sched: act_ct: take care of padding in struct zones_ht_key]
+	- linux 6.10.4-1
+	NOTE: https://git.kernel.org/linus/2191a54f63225b548fd8346be3611c3219a24738 (6.11-rc2)
+CVE-2024-42271 [net/iucv: fix use after free in iucv_sock_close()]
+	- linux 6.10.4-1
+	NOTE: https://git.kernel.org/linus/f558120cd709682b739207b48cf7479fd9568431 (6.11-rc2)
+CVE-2024-42270 [netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().]
+	- linux 6.10.4-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/5830aa863981d43560748aa93589c0695191d95d (6.11-rc2)
+CVE-2024-42269 [netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().]
+	- linux 6.10.4-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c22921df777de5606f1047b1345b8d22ef1c0b34 (6.11-rc2)
+CVE-2024-42268 [net/mlx5: Fix missing lock on sync reset reload]
+	- linux 6.10.4-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9 (6.11-rc2)
+CVE-2024-42267 [riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()]
+	- linux 6.10.4-1
+	NOTE: https://git.kernel.org/linus/0c710050c47d45eb77b28c271cddefc5c785cb40 (6.11-rc2)
+CVE-2024-42266 [btrfs: make cow_file_range_inline() honor locked_page on error]
+	- linux 6.10.4-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/478574370bef7951fbd9ef5155537d6cbed49472 (6.11-rc2)
+CVE-2024-42265 [protect the fetch of ->fd[fd] in do_dup2() from mispredictions]
+	- linux 6.10.4-1
+	NOTE: https://git.kernel.org/linus/8aa37bde1a7b645816cda8b80df4753ecf172bf1 (6.11-rc2)
+CVE-2024-42264 [drm/v3d: Prevent out of bounds access in performance query extensions]
+	- linux 6.10.4-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2 (6.11-rc2)
+CVE-2024-42263 [drm/v3d: Fix potential memory leak in the timestamp extension]
+	- linux 6.10.4-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/0e50fcc20bd87584840266e8004f9064a8985b4f (6.11-rc2)
+CVE-2024-42262 [drm/v3d: Fix potential memory leak in the performance extension]
+	- linux 6.10.4-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/32df4abc44f24dbec239d43e2b26d5768c5d1a78 (6.11-rc2)
+CVE-2024-42261 [drm/v3d: Validate passed in drm syncobj handles in the timestamp extension]
+	- linux 6.10.4-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791 (6.11-rc2)
+CVE-2024-42260 [drm/v3d: Validate passed in drm syncobj handles in the performance extension]
+	- linux 6.10.4-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4ecc24a84d7e0254efd150ec23e0b89638386516 (6.11-rc2)
 CVE-2024-7886 (A vulnerability has been found in Scooter Software Beyond Compare up t ...)
 	NOT-FOR-US: Scooter Software Beyond Compare
 CVE-2024-6500 (The InPost for WooCommerce plugin and InPost PL plugin for WordPress a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f4a57cfaa91fdceb3ee63bf4d2d78660de9c0c8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f4a57cfaa91fdceb3ee63bf4d2d78660de9c0c8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240817/42562eb2/attachment.htm>