[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 4 17:01:11 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f604af03 by Salvatore Bonaccorso at 2024-12-04T18:00:38+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2024-53140 [netlink: terminate outstanding dump on socket close]
+	- linux 6.11.10-1
+	[bookworm] - linux 6.1.119-1
+	NOTE: https://git.kernel.org/linus/1904fb9ebf911441f90a68e96b22aa73e4410505 (6.12)
+CVE-2024-53139 [sctp: fix possible UAF in sctp_v6_available()]
+	- linux 6.11.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/eb72e7fcc83987d5d5595b43222f23b295d5de7f (6.12)
+CVE-2024-53138 [net/mlx5e: kTLS, Fix incorrect page refcounting]
+	- linux 6.11.10-1
+	[bookworm] - linux 6.1.119-1
+	NOTE: https://git.kernel.org/linus/dd6e972cc5890d91d6749bb48e3912721c4e4b25 (6.12)
+CVE-2024-53137 [ARM: fix cacheflush with PAN]
+	- linux 6.11.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ca29cfcc4a21083d671522ad384532e28a43f033 (6.12)
+CVE-2024-53136 [mm: revert "mm: shmem: fix data-race in shmem_getattr()"]
+	- linux 6.11.10-1
+	[bookworm] - linux 6.1.119-1
+	NOTE: https://git.kernel.org/linus/d1aa0c04294e29883d65eac6c2f72fe95cc7c049 (6.12)
+CVE-2024-53135 [KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN]
+	- linux 6.11.10-1
+	[bookworm] - linux 6.1.119-1
+	NOTE: https://git.kernel.org/linus/aa0d42cacf093a6fcca872edc954f6f812926a17 (6.12)
+CVE-2024-53134 [pmdomain: imx93-blk-ctrl: correct remove path]
+	- linux 6.11.10-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f7c7c5aa556378a2c8da72c1f7f238b6648f95fb (6.12)
+CVE-2024-53133 [drm/amd/display: Handle dml allocation failure to avoid crash]
+	- linux 6.11.10-1
+	NOTE: https://git.kernel.org/linus/6825cb07b79ffeb1d90ffaa7a1227462cdca34ae (6.12)
+CVE-2024-53132 [drm/xe/oa: Fix "Missing outer runtime PM protection" warning]
+	- linux 6.11.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c0403e4ceecaefbeaf78263dffcd3e3f06a19f6b (6.12)
+CVE-2024-53131 [nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint]
+	- linux 6.11.10-1
+	[bookworm] - linux 6.1.119-1
+	NOTE: https://git.kernel.org/linus/cd45e963e44b0f10d90b9e6c0e8b4f47f3c92471 (6.12)
+CVE-2024-53130 [nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint]
+	- linux 6.11.10-1
+	[bookworm] - linux 6.1.119-1
+	NOTE: https://git.kernel.org/linus/2026559a6c4ce34db117d2db8f710fe2a9420d5a (6.12)
+CVE-2024-53129 [drm/rockchip: vop: Fix a dereferenced before check warning]
+	- linux 6.11.10-1
+	[bookworm] - linux 6.1.119-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ab1c793f457f740ab7108cc0b1340a402dbf484d (6.12)
+CVE-2024-53128 [sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers]
+	- linux 6.11.10-1
+	NOTE: https://git.kernel.org/linus/fd7b4f9f46d46acbc7af3a439bb0d869efdc5c58 (6.12)
+CVE-2024-53127 [Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"]
+	- linux 6.11.10-1
+	[bookworm] - linux 6.1.119-1
+	NOTE: https://git.kernel.org/linus/1635e407a4a64d08a8517ac59ca14ad4fc785e75 (6.12)
+CVE-2024-53126 [vdpa: solidrun: Fix UB bug with devres]
+	- linux 6.11.10-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/0b364cf53b20204e92bac7c6ebd1ee7d3ec62931 (6.12)
+CVE-2024-53125 [bpf: sync_linked_regs() must preserve subreg_def]
+	- linux 6.11.6-1
+	NOTE: https://git.kernel.org/linus/e9bd9c498cb0f5843996dbe5cbce7a1836a83c70 (6.12-rc4)
 CVE-2024-9404 (Moxa\u2019s IP Cameras are affected by a medium-severity vulnerability ...)
 	NOT-FOR-US: Moxa
 CVE-2024-54664 (An issue was discovered in Veritas NetBackup before 10.5. This only ap ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f604af0331867fe102a0d16c7a54823213c96a5d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f604af0331867fe102a0d16c7a54823213c96a5d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241204/662acad9/attachment.htm>

More information about the debian-security-tracker-commits mailing list