[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Wed Aug 21 05:27:18 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3946c0d1 by Salvatore Bonaccorso at 2024-08-21T06:26:33+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2024-43882 [exec: Fix ToCToU between perm check and set-uid/gid usage]
+	- linux 6.10.6-1
+	NOTE: https://git.kernel.org/linus/f50733b45d865f91db90919f8311e2127ce5a0cb (6.11-rc4)
+CVE-2024-43881 [wifi: ath12k: change DMA direction while mapping reinjected packets]
+	- linux 6.10.3-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/33322e3ef07409278a18c6919c448e369d66a18e (6.11-rc1)
+CVE-2024-43880 [mlxsw: spectrum_acl_erp: Fix object nesting warning]
+	- linux 6.10.3-1
+	NOTE: https://git.kernel.org/linus/97d833ceb27dc19f8777d63f90be4a27b5daeedf (6.11-rc1)
+CVE-2024-43879 [wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()]
+	- linux 6.10.3-1
+	NOTE: https://git.kernel.org/linus/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6 (6.11-rc1)
+CVE-2024-43878 [xfrm: Fix input error path memory access]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/54fcc6189dfb822eea984fa2b3e477a02447279d (6.11-rc1)
+CVE-2024-43877 [media: pci: ivtv: Add check for DMA map result]
+	- linux 6.10.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/629913d6d79508b166c66e07e4857e20233d85a9 (6.11-rc1)
+CVE-2024-43876 [PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()]
+	- linux 6.10.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c93637e6a4c4e1d0e85ef7efac78d066bbb24d96 (6.11-rc1)
+CVE-2024-43875 [PCI: endpoint: Clean up error handling in vpci_scan_bus()]
+	- linux 6.10.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8e0f5a96c534f781e8c57ca30459448b3bfe5429 (6.11-rc1)
+CVE-2024-43874 [crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked]
+	- linux 6.10.3-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/468e3295774d0edce15f4ae475913b5076dd4f40 (6.11-rc1)
+CVE-2024-43873 [vhost/vsock: always initialize seqpacket_allow]
+	- linux 6.10.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22 (6.11-rc1)
+CVE-2024-43872 [RDMA/hns: Fix soft lockup under heavy CEQE load]
+	- linux 6.10.3-1
+	NOTE: https://git.kernel.org/linus/2fdf34038369c0a27811e7b4680662a14ada1d6b (6.11-rc1)
+CVE-2024-43871 [devres: Fix memory leakage caused by driver API devm_free_percpu()]
+	- linux 6.10.3-1
+	NOTE: https://git.kernel.org/linus/bd50a974097bb82d52a458bd3ee39fb723129a0c (6.11-rc1)
+CVE-2024-43870 [perf: Fix event leak upon exit]
+	- linux 6.10.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/2fd5ad3f310de22836cdacae919dd99d758a1f1b (6.11-rc1)
+CVE-2024-43869 [perf: Fix event leak upon exec and file release]
+	- linux 6.10.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3a5465418f5fd970e86a86c7f4075be262682840 (6.11-rc1)
+CVE-2024-43868 [riscv/purgatory: align riscv_kernel_entry]
+	- linux 6.10.4-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/fb197c5d2fd24b9af3d4697d0cf778645846d6d5 (6.11-rc2)
+CVE-2024-43867 [drm/nouveau: prime: fix refcount underflow]
+	- linux 6.10.4-1
+	NOTE: https://git.kernel.org/linus/a9bf3efc33f1fbf88787a277f7349459283c9b95 (6.11-rc2)
+CVE-2024-43866 [net/mlx5: Always drain health in shutdown callback]
+	- linux 6.10.4-1
+	NOTE: https://git.kernel.org/linus/1b75da22ed1e6171e261bc9265370162553d5393 (6.11-rc2)
+CVE-2024-43865 [s390/fpu: Re-add exception handling in load_fpu_state()]
+	- linux 6.10.4-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4734406c39238cbeafe66f0060084caa3247ff53 (6.11-rc2)
+CVE-2024-43864 [net/mlx5e: Fix CT entry update leaks of modify header context]
+	- linux 6.10.4-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/025f2b85a5e5a46df14ecf162c3c80a957a36d0b (6.11-rc2)
+CVE-2024-43863 [drm/vmwgfx: Fix a deadlock in dma buf fence polling]
+	- linux 6.10.4-1
+	NOTE: https://git.kernel.org/linus/e58337100721f3cc0c7424a18730e4f39844934f (6.11-rc2)
+CVE-2024-43862 [net: wan: fsl_qmc_hdlc: Convert carrier_lock spinlock to a mutex]
+	- linux 6.10.4-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c4d6a347ba7babdf9d90a0eb24048c266cae0532 (6.11-rc2)
 CVE-2024-43861 [net: usb: qmi_wwan: fix memory leak for not ip packets]
 	- linux 6.10.6-1
 	NOTE: https://git.kernel.org/linus/7ab107544b777c3bd7feb9fe447367d8edd5b202 (6.11-rc3)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3946c0d11df5149f0fef4ffba4ff9ac58ec8cf1b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3946c0d11df5149f0fef4ffba4ff9ac58ec8cf1b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240821/c7c62ea1/attachment-0001.htm>
