[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 22 05:39:54 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b0a37538 by Salvatore Bonaccorso at 2024-08-22T06:39:17+02:00
Merge Linux CVEs from kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,178 @@
+CVE-2022-48943 [KVM: x86/mmu: make apf token non-zero to fix bug]
+ - linux 5.16.12-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/6f3c1fc53d86d580d8d6d749c4af23705e4f6f79 (5.17-rc6)
+CVE-2022-48942 [hwmon: Handle failure to register sensor with thermal zone correctly]
+ - linux 5.16.12-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/1b5f517cca36292076d9e38fa6e33a257703e62e (5.17-rc6)
+CVE-2022-48941 [ice: fix concurrent reset and removal of VFs]
+ - linux 5.16.12-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/fadead80fe4c033b5e514fcbadd20b55c4494112 (5.17-rc6)
+CVE-2022-48940 [bpf: Fix crash due to incorrect copy_map_value]
+ - linux 5.16.12-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/a8abb0c3dc1e28454851a00f8b7333d9695d566c (5.17-rc6)
+CVE-2022-48939 [bpf: Add schedule points in batch ops]
+ - linux 5.16.12-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/75134f16e7dd0007aa474b281935c5f42e79f2c8 (5.17-rc6)
+CVE-2022-48938 [CDC-NCM: avoid overflow in sanity checking]
+ - linux 5.16.12-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/8d2b1a1ec9f559d30b724877da4ce592edc41fdc (5.17-rc5)
+CVE-2022-48937 [io_uring: add a schedule point in io_add_buffers()]
+ - linux 5.16.12-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/f240762f88b4b1b58561939ffd44837759756477 (5.17-rc6)
+CVE-2022-48936 [gso: do not skip outer ip header in case of ipip and net_failover]
+ - linux 5.16.12-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/cc20cced0598d9a5ff91ae4ab147b3b5e99ee819 (5.17-rc6)
+CVE-2022-48935 [netfilter: nf_tables: unregister flowtable hooks on netns exit]
+ - linux 5.16.12-1
+ [bullseye] - linux 5.10.205-1
+ NOTE: https://git.kernel.org/linus/6069da443bf65f513bb507bb21e2f87cfb1ad0b6 (5.17-rc6)
+CVE-2022-48934 [nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()]
+ - linux 5.16.12-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/3a14d0888eb4b0045884126acc69abfb7b87814d (5.17-rc6)
+CVE-2022-48933 [netfilter: nf_tables: fix memory leak during stateful obj update]
+ - linux 5.16.12-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/dad3bdeef45f81a6e90204bcc85360bb76eccec7 (5.17-rc6)
+CVE-2022-48932 [net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte]
+ - linux 5.16.12-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/0aec12d97b2036af0946e3d582144739860ac07b (5.17-rc6)
+CVE-2022-48931 [configfs: fix a race in configfs_{,un}register_subsystem()]
+ - linux 5.16.12-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/84ec758fb2daa236026506868c8796b0500c047d (5.17-rc6)
+CVE-2022-48930 [RDMA/ib_srp: Fix a deadlock]
+ - linux 5.16.12-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/081bdc9fe05bb23248f5effb6f811da3da4b8252 (5.17-rc6)
+CVE-2022-48929 [bpf: Fix crash due to out of bounds access into reg2btf_ids.]
+ - linux 5.16.12-1
+ NOTE: https://git.kernel.org/linus/45ce4b4f9009102cd9f581196d480a59208690c1 (5.17-rc6)
+CVE-2022-48928 [iio: adc: men_z188_adc: Fix a resource leak in an error handling path]
+ - linux 5.16.12-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/e0a2e37f303828d030a83f33ffe14b36cb88d563 (5.17-rc6)
+CVE-2022-48927 [iio: adc: tsc2046: fix memory corruption by preventing array overflow]
+ - linux 5.16.12-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b7a78a8adaa8849c02f174d707aead0f85dca0da (5.17-rc6)
+CVE-2022-48926 [usb: gadget: rndis: add spinlock for rndis response list]
+ - linux 5.16.12-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/aaaba1c86d04dac8e49bf508b492f81506257da3 (5.17-rc6)
+CVE-2022-48925 [RDMA/cma: Do not change route.addr.src_addr outside state checks]
+ - linux 5.16.12-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/22e9f71072fa605cbf033158db58e0790101928d (5.17-rc6)
+CVE-2022-48924 [thermal: int340x: fix memory leak in int3400_notify()]
+ - linux 5.16.12-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/3abea10e6a8f0e7804ed4c124bea2d15aca977c8 (5.17-rc6)
+CVE-2022-48923 [btrfs: prevent copying too big compressed lzo segment]
+ - linux 5.16.12-1
+ NOTE: https://git.kernel.org/linus/741b23a970a79d5d3a1db2d64fa2c7b375a4febb (5.17-rc6)
+CVE-2022-48922 [riscv: fix oops caused by irqsoff latency tracer]
+ - linux 5.16.12-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/22e2100b1b07d6f5acc71cc1acb53f680c677d77 (5.17-rc6)
+CVE-2022-48921 [sched/fair: Fix fault in reweight_entity]
+ - linux 5.16.14-1
+ [bullseye] - linux 5.10.140-1
+ NOTE: https://git.kernel.org/linus/13765de8148f71fa795e0a6607de37c49ea5915a (5.17-rc4)
+CVE-2022-48920 [btrfs: get rid of warning on transaction commit when using flushoncommit]
+ - linux 5.16.14-1
+ NOTE: https://git.kernel.org/linus/a0f0cf8341e34e5d2265bfd3a7ad68342da1e2aa (5.17-rc5)
+CVE-2022-48919 [cifs: fix double free race when mount fails in cifs_get_root()]
+ - linux 5.16.14-1
+ [bullseye] - linux 5.10.106-1
+ NOTE: https://git.kernel.org/linus/3d6cc9898efdfb062efb74dc18cfc700e082f5d5 (5.17-rc5)
+CVE-2022-48918 [iwlwifi: mvm: check debugfs_dir ptr before use]
+ - linux 5.16.14-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/5a6248c0a22352f09ea041665d3bd3e18f6f872c (5.17-rc7)
+CVE-2022-48917 [ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min]
+ - linux 5.16.14-1
+ [bullseye] - linux 5.10.106-1
+ NOTE: https://git.kernel.org/linus/9bdd10d57a8807dba0003af0325191f3cec0f11c (5.17-rc7)
+CVE-2022-48916 [iommu/vt-d: Fix double list_add when enabling VMD in scalable mode]
+ - linux 5.16.14-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b00833768e170a31af09268f7ab96aecfcca9623 (5.17-rc7)
+CVE-2022-48915 [thermal: core: Fix TZ_GET_TRIP NULL pointer dereference]
+ - linux 5.16.14-1
+ [bullseye] - linux 5.10.106-1
+ NOTE: https://git.kernel.org/linus/5838a14832d447990827d85e90afe17e6fb9c175 (5.17-rc7)
+CVE-2022-48914 [xen/netfront: destroy queues before real_num_tx_queues is zeroed]
+ - linux 5.16.14-1
+ [bullseye] - linux 5.10.106-1
+ NOTE: https://git.kernel.org/linus/dcf4ff7a48e7598e6b10126cc02177abb8ae4f3f (5.17-rc7)
+CVE-2022-48913 [blktrace: fix use after free for struct blk_trace]
+ - linux 5.16.14-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/30939293262eb433c960c4532a0d59c4073b2b84 (5.17-rc7)
+CVE-2022-48912 [netfilter: fix use-after-free in __nf_register_net_hook()]
+ - linux 5.16.14-1
+ [bullseye] - linux 5.10.106-1
+ NOTE: https://git.kernel.org/linus/56763f12b0f02706576a088e85ef856deacc98a0 (5.17-rc7)
+CVE-2022-48911 [netfilter: nf_queue: fix possible use-after-free]
+ - linux 5.16.14-1
+ [bullseye] - linux 5.10.106-1
+ NOTE: https://git.kernel.org/linus/c3873070247d9e3c7a6b0cf9bf9b45e8018427b1 (5.17-rc7)
+CVE-2022-48910 [net: ipv6: ensure we call ipv6_mc_down() at most once]
+ - linux 5.16.14-1
+ [bullseye] - linux 5.10.106-1
+ NOTE: https://git.kernel.org/linus/9995b408f17ff8c7f11bc725c8aa225ba3a63b1c (5.17-rc7)
+CVE-2022-48909 [net/smc: fix connection leak]
+ - linux 5.16.14-1
+ [bullseye] - linux 5.10.106-1
+ NOTE: https://git.kernel.org/linus/9f1c50cf39167ff71dc5953a3234f3f6eeb8fcb5 (5.17-rc7)
+CVE-2022-48908 [net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()]
+ - linux 5.16.14-1
+ [bullseye] - linux 5.10.106-1
+ NOTE: https://git.kernel.org/linus/bd6f1fd5d33dfe5d1b4f2502d3694a7cc13f166d (5.17-rc7)
+CVE-2022-48907 [auxdisplay: lcd2s: Fix memory leak in ->remove()]
+ - linux 5.16.14-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/898c0a15425a5bcaa8d44bd436eae5afd2483796 (5.17-rc7)
+CVE-2022-48906 [mptcp: Correctly set DATA_FIN timeout when number of retransmits is large]
+ - linux 5.16.14-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/877d11f0332cd2160e19e3313e262754c321fa36 (5.17-rc7)
+CVE-2022-48905 [ibmvnic: free reset-work-item when flushing]
+ - linux 5.16.14-1
+ [bullseye] - linux 5.10.106-1
+ NOTE: https://git.kernel.org/linus/8d0657f39f487d904fca713e0bc39c2707382553 (5.17-rc7)
+CVE-2022-48904 [iommu/amd: Fix I/O page table memory leak]
+ - linux 5.16.14-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/6b0b2d9a6a308bcd9300c2d83000a82812c56cea (5.17-rc7)
+CVE-2022-48903 [btrfs: fix relocation crash due to premature return from btrfs_commit_transaction()]
+ - linux 5.16.14-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/5fd76bf31ccfecc06e2e6b29f8c809e934085b99 (5.17-rc7)
+CVE-2022-48902 [btrfs: do not WARN_ON() if we have PageError set]
+ - linux 5.16.14-1
+ NOTE: https://git.kernel.org/linus/a50e1fcbc9b85fd4e95b89a75c0884cb032a3e06 (5.17-rc7)
+CVE-2022-48901 [btrfs: do not start relocation until in progress drops are done]
+ - linux 5.16.14-1
+ NOTE: https://git.kernel.org/linus/b4be6aefa73c9a6899ef3ba9c5faaa8a66e333ef (5.17-rc7)
+CVE-2022-48900 [xen/netfront: react properly to failing gnttab_end_foreign_access_ref()]
+ - linux 5.16.14-1
+ [bullseye] - linux 5.10.106-1
+ NOTE: https://git.kernel.org/linus/66e3531b33ee51dad17c463b4d9c9f52e341503d (5.17-rc8)
+CVE-2021-4441 [spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op()]
+ - linux 5.16.12-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/ab3824427b848da10e9fe2727f035bbeecae6ff4 (5.17-rc6)
CVE-2024-8035
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0a3753888defcb4e3ce7df2cf91979306109675
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0a3753888defcb4e3ce7df2cf91979306109675
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240822/a6c0f47c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list