[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Aug 17 21:13:00 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9b867559 by security tracker role at 2024-08-17T20:12:40+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,404 +1,428 @@
-CVE-2024-43860 [remoteproc: imx_rproc: Skip over memory region when node value is NULL]
+CVE-2024-7900 (A vulnerability, which was classified as problematic, was found in xia ...)
+ TODO: check
+CVE-2024-7899 (A vulnerability, which was classified as critical, has been found in I ...)
+ TODO: check
+CVE-2024-7898 (A vulnerability classified as critical was found in Tosei Online Store ...)
+ TODO: check
+CVE-2024-7897 (A vulnerability classified as critical has been found in Tosei Online ...)
+ TODO: check
+CVE-2024-7896 (A vulnerability was found in Tosei Online Store Management System \u30 ...)
+ TODO: check
+CVE-2024-7887 (A vulnerability was found in LimeSurvey 6.3.0-231016 and classified as ...)
+ TODO: check
+CVE-2024-7703 (The ARMember \u2013 Membership Plugin, Content Restriction, Member Lev ...)
+ TODO: check
+CVE-2023-5505 (The BackWPup plugin for WordPress is vulnerable to Directory Traversal ...)
+ TODO: check
+CVE-2023-3419 (The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection ...)
+ TODO: check
+CVE-2023-3416 (The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection ...)
+ TODO: check
+CVE-2023-3409 (The Bricks theme for WordPress is vulnerable to Cross-Site Request For ...)
+ TODO: check
+CVE-2023-3408 (The Bricks theme for WordPress is vulnerable to Cross-Site Request For ...)
+ TODO: check
+CVE-2024-43860 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/2fa26ca8b786888673689ccc9da6094150939982 (6.11-rc1)
-CVE-2024-43859 [f2fs: fix to truncate preallocated blocks in f2fs_file_open()]
+CVE-2024-43859 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/298b1e4182d657c3e388adcc29477904e9600ed5 (6.11-rc1)
-CVE-2024-43858 [jfs: Fix array-index-out-of-bounds in diFree]
+CVE-2024-43858 (In the Linux kernel, the following vulnerability has been resolved: j ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/f73f969b2eb39ad8056f6c7f3a295fa2f85e313a (6.11-rc1)
-CVE-2024-43857 [f2fs: fix null reference error when checking end of zone]
+CVE-2024-43857 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.10.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c82bc1ab2a8a5e73d9728e80c4c2ed87e8921a38 (6.11-rc1)
-CVE-2024-43856 [dma: fix call order in dmam_free_coherent]
+CVE-2024-43856 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/28e8b7406d3a1f5329a03aa25a43aa28e087cb20 (6.11-rc1)
-CVE-2024-43855 [md: fix deadlock between mddev_suspend and flush bio]
+CVE-2024-43855 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/611d5cbc0b35a752e657a83eebadf40d814d006b (6.11-rc1)
-CVE-2024-43854 [block: initialize integrity buffer to zero before writing it to media]
+CVE-2024-43854 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f (6.11-rc1)
-CVE-2024-43853 [cgroup/cpuset: Prevent UAF in proc_cpuset_show()]
+CVE-2024-43853 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/1be59c97c83ccd67a519d8a49486b3a8a73ca28a (6.11-rc1)
-CVE-2024-43852 [hwmon: (ltc2991) re-order conditions to fix off by one bug]
+CVE-2024-43852 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux 6.10.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/99bf7c2eccff82760fa23ce967cc67c8c219c6a6 (6.11-rc1)
-CVE-2024-43851 [soc: xilinx: rename cpu_number1 to dummy_cpu_number]
+CVE-2024-43851 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4a95449dd975e2ea6629a034f3e74b46c9634916 (6.11-rc1)
-CVE-2024-43850 [soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove]
+CVE-2024-43850 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/24086640ab39396eb1a92d1cb1cd2f31b2677c52 (6.11-rc1)
-CVE-2024-43849 [soc: qcom: pdr: protect locator_addr with the main mutex]
+CVE-2024-43849 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/107924c14e3ddd85119ca43c26a4ee1056fa9b84 (6.11-rc1)
-CVE-2024-43848 [wifi: mac80211: fix TTLM teardown work]
+CVE-2024-43848 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2fe0a605d083b884490ee4de02be071b5b4291b1 (6.11-rc1)
-CVE-2024-43847 [wifi: ath12k: fix invalid memory access while processing fragmented packets]
+CVE-2024-43847 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.10.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/073f9f249eecd64ab9d59c91c4a23cfdcc02afe4 (6.11-rc1)
-CVE-2024-43846 [lib: objagg: Fix general protection fault]
+CVE-2024-43846 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/b4a3a89fffcdf09702b1f161b914e52abca1894d (6.11-rc1)
-CVE-2024-43845 [udf: Fix bogus checksum computation in udf_rename()]
+CVE-2024-43845 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.10.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/27ab33854873e6fb958cb074681a0107cc2ecc4c (6.11-rc1)
-CVE-2024-43844 [wifi: rtw89: wow: fix GTK offload H2C skbuff issue]
+CVE-2024-43844 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/dda364c345913fe03ddbe4d5ae14a2754c100296 (6.11-rc1)
-CVE-2024-43843 [riscv, bpf: Fix out-of-bounds issue when preparing trampoline image]
+CVE-2024-43843 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.10.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9f1e16fb1fc9826001c69e0551d51fbbcd2d74e9 (6.11-rc1)
-CVE-2024-43842 [wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()]
+CVE-2024-43842 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/85099c7ce4f9e64c66aa397cd9a37473637ab891 (6.11-rc1)
-CVE-2024-43841 [wifi: virt_wifi: avoid reporting connection success with wrong SSID]
+CVE-2024-43841 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7 (6.11-rc1)
-CVE-2024-43840 [bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG]
+CVE-2024-43840 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/19d3c179a37730caf600a97fed3794feac2b197b (6.11-rc1)
-CVE-2024-43839 [bna: adjust 'name' buf size of bna_tcb and bna_ccb structures]
+CVE-2024-43839 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/c9741a03dc8e491e57b95fba0058ab46b7e506da (6.11-rc1)
-CVE-2024-43838 [bpf: fix overflow check in adjust_jmp_off()]
+CVE-2024-43838 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.10.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4a04b4f0de59dd5c621e78f15803ee0b0544eeb8 (6.11-rc1)
-CVE-2024-43837 [bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT]
+CVE-2024-43837 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f7866c35873377313ff94398f17d425b28b71de1 (6.11-rc1)
-CVE-2024-43836 [net: ethtool: pse-pd: Fix possible null-deref]
+CVE-2024-43836 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4cddb0f15ea9c62f81b4889ea69a99368cc63a86 (6.11-rc1)
-CVE-2024-43835 [virtio_net: Fix napi_skb_cache_put warning]
+CVE-2024-43835 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/f8321fa75102246d7415a6af441872f6637c93ab (6.11-rc1)
-CVE-2024-43834 [xdp: fix invalid wait context of page_pool_destroy()]
+CVE-2024-43834 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/59a931c5b732ca5fc2ca727f5a72aeabaafa85ec (6.11-rc1)
-CVE-2024-43833 [media: v4l: async: Fix NULL pointer dereference in adding ancillary links]
+CVE-2024-43833 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9b4667ea67854f0b116fe22ad11ef5628c5b5b5f (6.11-rc1)
-CVE-2024-43832 [s390/uv: Don't call folio_wait_writeback() without a folio reference]
+CVE-2024-43832 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/3f29f6537f54d74e64bac0a390fb2e26da25800d (6.11-rc1)
-CVE-2024-43831 [media: mediatek: vcodec: Handle invalid decoder vsi]
+CVE-2024-43831 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/59d438f8e02ca641c58d77e1feffa000ff809e9f (6.11-rc1)
-CVE-2024-43830 [leds: trigger: Unregister sysfs attributes before calling deactivate()]
+CVE-2024-43830 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/c0dc9adf9474ecb7106e60e5472577375aedaed3 (6.11-rc1)
-CVE-2024-43829 [drm/qxl: Add check for drm_cvt_mode]
+CVE-2024-43829 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/7bd09a2db0f617377027a2bb0b9179e6959edff3 (6.11-rc1)
-CVE-2024-43828 [ext4: fix infinite loop when replaying fast_commit]
+CVE-2024-43828 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/907c3fe532253a6ef4eb9c4d67efb71fab58c706 (6.11-rc1)
-CVE-2024-43827 [drm/amd/display: Add null check before access structs]
+CVE-2024-43827 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c96140000915b610d86f941450e15ca552de154a (6.11-rc1)
-CVE-2024-43826 [nfs: pass explicit offset/count to trace events]
+CVE-2024-43826 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fada32ed6dbc748f447c8d050a961b75d946055a (6.11-rc1)
-CVE-2024-43825 [iio: Fix the sorting functionality in iio_gts_build_avail_time_table]
+CVE-2024-43825 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.10.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb (6.11-rc1)
-CVE-2024-43824 [PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init()]
+CVE-2024-43824 (In the Linux kernel, the following vulnerability has been resolved: P ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/5a5095a8bd1bd349cce1c879e5e44407a34dda8a (6.11-rc1)
-CVE-2024-43823 [PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()]
+CVE-2024-43823 (In the Linux kernel, the following vulnerability has been resolved: P ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/a231707a91f323af1e5d9f1722055ec2fc1c7775 (6.11-rc1)
-CVE-2024-43822 [ASoc: PCM6240: Return directly after a failed devm_kzalloc() in pcmdevice_i2c_probe()]
+CVE-2024-43822 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3722873d49a1788d5420894d4f6f63e35f5c1f13 (6.11-rc1)
-CVE-2024-43821 [scsi: lpfc: Fix a possible null pointer dereference]
+CVE-2024-43821 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa (6.11-rc1)
-CVE-2024-43820 [dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume]
+CVE-2024-43820 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3199a34bfaf7561410e0be1e33a61eba870768fc (6.11-rc1)
-CVE-2024-43819 [kvm: s390: Reject memory region operations for ucontrol VMs]
+CVE-2024-43819 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/7816e58967d0e6cadce05c8540b47ed027dc2499 (6.11-rc1)
-CVE-2024-43818 [ASoC: amd: Adjust error handling in case of absent codec device]
+CVE-2024-43818 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5080808c3339de2220c602ab7c7fa23dc6c1a5a3 (6.11-rc1)
-CVE-2024-43817 [net: missing check virtio]
+CVE-2024-43817 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/e269d79c7d35aa3808b1f3c1737d63dab504ddc8 (6.11-rc1)
-CVE-2024-43816 [scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages]
+CVE-2024-43816 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8bc7c617642db6d8d20ee671fb6c4513017e7a7e (6.11-rc1)
-CVE-2024-43815 [crypto: mxs-dcp - Ensure payload is zero when using key slot]
+CVE-2024-43815 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/dd52b5eeb0f70893f762da7254e923fd23fd1379 (6.11-rc1)
-CVE-2024-42322 [ipvs: properly dereference pe in ip_vs_add_service]
+CVE-2024-42322 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/cbd070a4ae62f119058973f6d2c984e325bce6e7 (6.11-rc1)
-CVE-2024-42321 [net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE]
+CVE-2024-42321 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/120f1c857a73e52132e473dee89b340440cb692b (6.11-rc1)
-CVE-2024-42320 [s390/dasd: fix error checks in dasd_copy_pair_store()]
+CVE-2024-42320 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8 (6.11-rc1)
-CVE-2024-42319 [mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()]
+CVE-2024-42319 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/a8bd68e4329f9a0ad1b878733e0f80be6a971649 (6.11-rc1)
-CVE-2024-42318 [landlock: Don't lose track of restrictions on cred_transfer]
+CVE-2024-42318 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/39705a6c29f8a2b93cf5b99528a55366c50014d1 (6.11-rc1)
NOTE: https://lore.kernel.org/all/20240817.shahka3Ee1iy@digikod.net/
-CVE-2024-42317 [mm/huge_memory: avoid PMD-size page cache if needed]
+CVE-2024-42317 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d659b715e94ac039803d7601505d3473393fc0be (6.11-rc1)
-CVE-2024-42316 [mm/mglru: fix div-by-zero in vmpressure_calc_level()]
+CVE-2024-42316 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8b671fe1a879923ecfb72dda6caf01460dd885ef (6.11-rc1)
-CVE-2024-42315 [exfat: fix potential deadlock on __exfat_get_dentry_set]
+CVE-2024-42315 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/89fc548767a2155231128cb98726d6d2ea1256c9 (6.11-rc1)
-CVE-2024-42314 [btrfs: fix extent map use-after-free when adding pages to compressed bio]
+CVE-2024-42314 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8e7860543a94784d744c7ce34b78a2e11beefa5c (6.11-rc1)
-CVE-2024-42313 [media: venus: fix use after free in vdec_close]
+CVE-2024-42313 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/a0157b5aa34eb43ec4c5510f9c260bbb03be937e (6.11-rc1)
-CVE-2024-42312 [sysctl: always initialize i_uid/i_gid]
+CVE-2024-42312 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 (6.11-rc1)
-CVE-2024-42311 [hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()]
+CVE-2024-42311 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/26a2ed107929a855155429b11e1293b83e6b2a8b (6.11-rc1)
-CVE-2024-42310 [drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes]
+CVE-2024-42310 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79 (6.11-rc1)
-CVE-2024-42309 [drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes]
+CVE-2024-42309 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/2df7aac81070987b0f052985856aa325a38debf6 (6.11-rc1)
-CVE-2024-42308 [drm/amd/display: Check for NULL pointer]
+CVE-2024-42308 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/4ab68e168ae1695f7c04fae98930740aaf7c50fa (6.11-rc1)
-CVE-2024-42307 [cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path]
+CVE-2024-42307 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/193cc89ea0ca1da311877d2b4bb5e9f03bcc82a2 (6.11-rc1)
-CVE-2024-42306 [udf: Avoid using corrupted block bitmap buffer]
+CVE-2024-42306 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/a90d4471146de21745980cba51ce88e7926bcc4f (6.11-rc1)
-CVE-2024-42305 [ext4: check dot and dotdot of dx_root before making dir indexed]
+CVE-2024-42305 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/50ea741def587a64e08879ce6c6a30131f7111e7 (6.11-rc1)
-CVE-2024-42304 [ext4: make sure the first directory block is not a hole]
+CVE-2024-42304 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/f9ca51596bbfd0f9c386dd1c613c394c78d9e5e6 (6.11-rc1)
-CVE-2024-42303 [media: imx-pxp: Fix ERR_PTR dereference in pxp_probe()]
+CVE-2024-42303 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.10.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/57e9ce68ae98551da9c161aaab12b41fe8601856 (6.11-rc1)
-CVE-2024-42302 [PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal]
+CVE-2024-42302 (In the Linux kernel, the following vulnerability has been resolved: P ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/11a1f4bc47362700fcbde717292158873fb847ed (6.11-rc1)
-CVE-2024-42301 [dev/parport: fix the array out-of-bounds risk]
+CVE-2024-42301 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/ab11dac93d2d568d151b1918d7b84c2d02bacbd5 (6.11-rc1)
-CVE-2024-42300 [erofs: fix race in z_erofs_get_gbuf()]
+CVE-2024-42300 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.10.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7dc5537c3f8be87e005f0844a7626c987914f8fd (6.11-rc1)
-CVE-2024-42299 [fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed]
+CVE-2024-42299 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2fef55d8f78383c8e6d6d4c014b9597375132696 (6.11-rc1)
-CVE-2024-42298 [ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value]
+CVE-2024-42298 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.10.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e62599902327d27687693f6e5253a5d56583db58 (6.11-rc1)
-CVE-2024-42297 [f2fs: fix to don't dirty inode for readonly filesystem]
+CVE-2024-42297 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/192b8fb8d1c8ca3c87366ebbef599fa80bb626b8 (6.11-rc1)
-CVE-2024-42296 [f2fs: fix return value of f2fs_convert_inline_inode()]
+CVE-2024-42296 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/a8eb3de28e7a365690c61161e7a07a4fc7c60bbf (6.11-rc1)
-CVE-2024-42295 [nilfs2: handle inconsistent state in nilfs_btnode_create_block()]
+CVE-2024-42295 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/4811f7af6090e8f5a398fbdd766f903ef6c0d787 (6.11-rc1)
-CVE-2024-42294 [block: fix deadlock between sd_remove Description: sd_release]
+CVE-2024-42294 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.10.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7e04da2dc7013af50ed3a2beb698d5168d1e594b (6.11-rc1)
-CVE-2024-42293 [arm64: mm: Fix lockless walks with static and dynamic page-table folding]
+CVE-2024-42293 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.10.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/36639013b3462c06ff8e3400a427f775b4fc97f5 (6.11-rc1)
-CVE-2024-42292 [kobject_uevent: Fix OOB access within zap_modalias_env()]
+CVE-2024-42292 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc (6.11-rc1)
-CVE-2024-42291 [ice: Add a per-VF limit on number of FDIR filters]
+CVE-2024-42291 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6ebbe97a488179f5dc85f2f1e0c89b486e99ee97 (6.11-rc1)
-CVE-2024-42290 [irqchip/imx-irqsteer: Handle runtime power management correctly]
+CVE-2024-42290 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/33b1c47d1fc0b5f06a393bb915db85baacba18ea (6.11-rc1)
-CVE-2024-42289 [scsi: qla2xxx: During vport delete send async logout explicitly]
+CVE-2024-42289 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/76f480d7c717368f29a3870f7d64471ce0ff8fb2 (6.11-rc1)
-CVE-2024-42288 [scsi: qla2xxx: Fix for possible memory corruption]
+CVE-2024-42288 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/c03d740152f78e86945a75b2ad541bf972fab92a (6.11-rc1)
-CVE-2024-42287 [scsi: qla2xxx: Complete command early within lock]
+CVE-2024-42287 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/4475afa2646d3fec176fc4d011d3879b26cb26e3 (6.11-rc1)
-CVE-2024-42286 [scsi: qla2xxx: validate nvme_local_port correctly]
+CVE-2024-42286 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/eb1d4ce2609584eeb7694866f34d4b213caa3af9 (6.11-rc1)
-CVE-2024-42285 [RDMA/iwcm: Fix a use-after-free related to destroying CM IDs]
+CVE-2024-42285 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/aee2424246f9f1dadc33faa78990c1e2eb7826e4 (6.11-rc1)
-CVE-2024-42284 [tipc: Return non-zero value from tipc_udp_addr2str() on error]
+CVE-2024-42284 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/fa96c6baef1b5385e2f0c0677b32b3839e716076 (6.11-rc1)
-CVE-2024-42283 [net: nexthop: Initialize all fields in dumped nexthops]
+CVE-2024-42283 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/6d745cd0e9720282cd291d36b9db528aea18add2 (6.11-rc1)
-CVE-2024-42282 [net: mediatek: Fix potential NULL pointer dereference in dummy net_device handling]
+CVE-2024-42282 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/16f3a28cf5f876a7f3550d8f4c870a7b41bcfaef (6.11-rc1)
-CVE-2024-42281 [bpf: Fix a segment issue when downgrading gso_size]
+CVE-2024-42281 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/fa5ef655615a01533035c6139248c5b33aa27028 (6.11-rc1)
-CVE-2024-42280 [mISDN: Fix a use after free in hfcmulti_tx()]
+CVE-2024-42280 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/61ab751451f5ebd0b98e02276a44e23a10110402 (6.11-rc1)
-CVE-2024-42279 [spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer]
+CVE-2024-42279 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9cf71eb0faef4bff01df4264841b8465382d7927 (6.11-rc1)
-CVE-2024-42278 [ASoC: TAS2781: Fix tasdev_load_calibrated_data()]
+CVE-2024-42278 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.10.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/92c78222168e9035a9bfb8841c2e56ce23e51f73 (6.11-rc1)
-CVE-2024-42277 [iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en]
+CVE-2024-42277 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.10.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/630482ee0653decf9e2482ac6181897eb6cde5b8 (6.11-rc1)
-CVE-2024-42276 [nvme-pci: add missing condition check for existence of mapped data]
+CVE-2024-42276 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/c31fad1470389666ac7169fe43aa65bf5b7e2cfd (6.11-rc1)
-CVE-2023-52889 [apparmor: Fix null pointer deref when receiving skb during sock creation]
+CVE-2023-52889 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.10.3-1
NOTE: https://git.kernel.org/linus/fce09ea314505a52f2436397608fa0a5d0934fb1 (6.11-rc1)
-CVE-2024-42275 [drm/client: Fix error code in drm_client_buffer_vmap_local()]
+CVE-2024-42275 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.4-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b5fbf924f125ba3638cfdc21c0515eb7e76264ca (6.11-rc2)
-CVE-2024-42274 [Revert "ALSA: firewire-lib: operate for period elapse event in process context"]
+CVE-2024-42274 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.10.4-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3dab73ab925a51ab05543b491bf17463a48ca323 (6.11-rc2)
-CVE-2024-42273 [f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid]
+CVE-2024-42273 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.10.4-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1 (6.11-rc1)
-CVE-2024-42272 [sched: act_ct: take care of padding in struct zones_ht_key]
+CVE-2024-42272 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.4-1
NOTE: https://git.kernel.org/linus/2191a54f63225b548fd8346be3611c3219a24738 (6.11-rc2)
-CVE-2024-42271 [net/iucv: fix use after free in iucv_sock_close()]
+CVE-2024-42271 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.4-1
NOTE: https://git.kernel.org/linus/f558120cd709682b739207b48cf7479fd9568431 (6.11-rc2)
-CVE-2024-42270 [netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().]
+CVE-2024-42270 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.4-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5830aa863981d43560748aa93589c0695191d95d (6.11-rc2)
-CVE-2024-42269 [netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().]
+CVE-2024-42269 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.4-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c22921df777de5606f1047b1345b8d22ef1c0b34 (6.11-rc2)
-CVE-2024-42268 [net/mlx5: Fix missing lock on sync reset reload]
+CVE-2024-42268 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.4-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/572f9caa9e7295f8c8822e4122c7ae8f1c412ff9 (6.11-rc2)
-CVE-2024-42267 [riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()]
+CVE-2024-42267 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.10.4-1
NOTE: https://git.kernel.org/linus/0c710050c47d45eb77b28c271cddefc5c785cb40 (6.11-rc2)
-CVE-2024-42266 [btrfs: make cow_file_range_inline() honor locked_page on error]
+CVE-2024-42266 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.10.4-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/478574370bef7951fbd9ef5155537d6cbed49472 (6.11-rc2)
-CVE-2024-42265 [protect the fetch of ->fd[fd] in do_dup2() from mispredictions]
+CVE-2024-42265 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.10.4-1
NOTE: https://git.kernel.org/linus/8aa37bde1a7b645816cda8b80df4753ecf172bf1 (6.11-rc2)
-CVE-2024-42264 [drm/v3d: Prevent out of bounds access in performance query extensions]
+CVE-2024-42264 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.4-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2 (6.11-rc2)
-CVE-2024-42263 [drm/v3d: Fix potential memory leak in the timestamp extension]
+CVE-2024-42263 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.4-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0e50fcc20bd87584840266e8004f9064a8985b4f (6.11-rc2)
-CVE-2024-42262 [drm/v3d: Fix potential memory leak in the performance extension]
+CVE-2024-42262 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.4-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/32df4abc44f24dbec239d43e2b26d5768c5d1a78 (6.11-rc2)
-CVE-2024-42261 [drm/v3d: Validate passed in drm syncobj handles in the timestamp extension]
+CVE-2024-42261 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.4-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/023d22e8bb0cdd6900382ad1ed06df3b6c2ea791 (6.11-rc2)
-CVE-2024-42260 [drm/v3d: Validate passed in drm syncobj handles in the performance extension]
+CVE-2024-42260 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.4-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -117610,8 +117634,8 @@ CVE-2023-0716 (The Wicked Folders plugin for WordPress is vulnerable to authoriz
NOT-FOR-US: Wicked Folders plugin for WordPress
CVE-2023-0715 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...)
NOT-FOR-US: Wicked Folders plugin for WordPress
-CVE-2023-0714
- RESERVED
+CVE-2023-0714 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...)
+ TODO: check
CVE-2023-0713 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...)
NOT-FOR-US: Wicked Folders plugin for WordPress
CVE-2023-0712 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b86755980f1856873d595725c734a0214cbff06
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b86755980f1856873d595725c734a0214cbff06
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240817/6d8c9c3b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list