[Git][security-tracker-team/security-tracker][master] Merge CVEs from kernel-sec

Mon Dec 2 18:14:43 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f0907d8b by Salvatore Bonaccorso at 2024-12-02T19:13:56+01:00
Merge CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,92 @@
+CVE-2024-53124 [net: fix data-races around sk->sk_forward_alloc]
+	- linux 6.11.10-1
+	NOTE: https://git.kernel.org/linus/073d89808c065ac4c672c0a613a71b27a80691cb (6.12)
+CVE-2024-53123 [mptcp: error out earlier on disconnect]
+	- linux 6.11.10-1
+	[bookworm] - linux 6.1.119-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/581302298524e9d77c4c44ff5156a6cd112227ae (6.12)
+CVE-2024-53122 [mptcp: cope racing subflow creation in mptcp_rcv_space_adjust]
+	- linux 6.11.10-1
+	[bookworm] - linux 6.1.119-1
+	NOTE: https://git.kernel.org/linus/ce7356ae35943cc6494cc692e62d51a734062b7d (6.12)
+CVE-2024-53121 [net/mlx5: fs, lock FTE when checking if active]
+	- linux 6.11.10-1
+	[bookworm] - linux 6.1.119-1
+	NOTE: https://git.kernel.org/linus/9ca314419930f9135727e39d77e66262d5f7bef6 (6.12)
+CVE-2024-53120 [net/mlx5e: CT: Fix null-ptr-deref in add rule err flow]
+	- linux 6.11.10-1
+	[bookworm] - linux 6.1.119-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/e99c6873229fe0482e7ceb7d5600e32d623ed9d9 (6.12)
+CVE-2024-53119 [virtio/vsock: Fix accept_queue memory leak]
+	- linux 6.11.10-1
+	[bookworm] - linux 6.1.119-1
+	NOTE: https://git.kernel.org/linus/d7b0ff5a866724c3ad21f2628c22a63336deec3f (6.12)
+CVE-2024-53118 [vsock: Fix sk_error_queue memory leak]
+	- linux 6.11.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/fbf7085b3ad1c7cc0677834c90f985f1b4f77a33 (6.12)
+CVE-2024-53117 [virtio/vsock: Improve MSG_ZEROCOPY error handling]
+	- linux 6.11.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/60cf6206a1f513512f5d73fa4d3dbbcad2e7dcd6 (6.12)
+CVE-2024-53116 [drm/panthor: Fix handling of partial GPU mapping of BOs]
+	- linux 6.11.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3387e043918e154ca08d83954966a8b087fe2835 (6.12)
+CVE-2024-53115 [drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle]
+	- linux 6.11.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/93d1f41a82de382845af460bf03bcb17dcbf08c5 (6.12)
+CVE-2024-53114 [x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client]
+	- linux 6.11.10-1
+	NOTE: https://git.kernel.org/linus/a5ca1dc46a6b610dd4627d8b633d6c84f9724ef0 (6.12)
+CVE-2024-53113 [mm: fix NULL pointer dereference in alloc_pages_bulk_noprof]
+	- linux 6.11.10-1
+	[bookworm] - linux 6.1.119-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8ce41b0f9d77cca074df25afd39b86e2ee3aa68e (6.12)
+CVE-2024-53112 [ocfs2: uncache inode which has failed entering the group]
+	- linux 6.11.10-1
+	[bookworm] - linux 6.1.119-1
+	NOTE: https://git.kernel.org/linus/737f34137844d6572ab7d473c998c7f977ff30eb (6.12)
+CVE-2024-53111 [mm/mremap: fix address wraparound in move_page_tables()]
+	- linux 6.11.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a4a282daf1a190f03790bf163458ea3c8d28d217 (6.12)
+CVE-2024-53110 [vp_vdpa: fix id_table array not null terminated error]
+	- linux 6.11.10-1
+	[bookworm] - linux 6.1.119-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4e39ecadf1d2a08187139619f1f314b64ba7d947 (6.12)
+CVE-2024-53109 [nommu: pass NULL argument to vma_iter_prealloc()]
+	- linux 6.11.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/247d720b2c5d22f7281437fd6054a138256986ba (6.12)
+CVE-2024-53108 [drm/amd/display: Adjust VSDB parser for replay feature]
+	- linux 6.11.10-1
+	NOTE: https://git.kernel.org/linus/16dd2825c23530f2259fc671960a3a65d2af69bd (6.12)
+CVE-2024-53107 [fs/proc/task_mmu: prevent integer overflow in pagemap_scan_get_args()]
+	- linux 6.11.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/669b0cb81e4e4e78cff77a5b367c7f70c0c6c05e (6.12)
+CVE-2024-53106 [ima: fix buffer overrun in ima_eventdigest_init_common]
+	- linux 6.11.10-1
+	[bookworm] - linux 6.1.119-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/923168a0631bc42fffd55087b337b1b6c54dcff5 (6.12)
+CVE-2024-53105 [mm: page_alloc: move mlocked flag clearance into free_pages_prepare()]
+	- linux 6.11.10-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/66edc3a5894c74f8887c8af23b97593a0dd0df4d (6.12)
 CVE-2024-53752 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-53750 (Cross-Site Request Forgery (CSRF) vulnerability in Maeve Lander PayPal ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0907d8bfeb4ec2f3e07ac8b064f42071f30e0b8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0907d8bfeb4ec2f3e07ac8b064f42071f30e0b8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241202/c29d633c/attachment.htm>
