[Git][security-tracker-team/security-tracker][master] Sync three Linux kernel CVEs with kernel-sec

Wed Dec 25 05:59:28 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3cc63dc9 by Salvatore Bonaccorso at 2024-12-25T06:58:55+01:00
Sync three Linux kernel CVEs with kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -89593,6 +89593,7 @@ CVE-2024-25741 (printer_write in drivers/usb/gadget/function/f_printer.c in the
 CVE-2024-25740 (A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/atta ...)
 	- linux <unfixed>
 	NOTE: https://lore.kernel.org/lkml/0171b6cc-95ee-3538-913b-65a391a446b3%40huawei.com/T/
+	NOTE: https://git.kernel.org/linus/2420baa8e0460b1c35008d6bf21b4e6bff023867 (6.13-rc1)
 CVE-2024-25739 (create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel throug ...)
 	{DLA-3842-1 DLA-3840-1}
 	- linux 6.7.12-1
@@ -91039,8 +91040,12 @@ CVE-2024-22667 (Vim before 9.0.2142 has a stack-based buffer overflow because di
 	NOTE: https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 (v9.0.2142)
 	NOTE: https://gist.githubusercontent.com/henices/2467e7f22dcc2aa97a2453e197b55a0c/raw/7b54bccc9a129c604fb139266f4497ab7aaa94c7/gistfile1.txt
 CVE-2024-22386 (A race condition was found in the Linux kernel's drm/exynos device dri ...)
-	- linux <unfixed>
+	- linux 6.5.6-1
+	[bookworm] - linux 6.1.55-1
+	[bullseye] - linux 5.10.197-1
+	[buster] - linux 4.19.304-1
 	NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8147
+	NOTE: https://git.kernel.org/linus/2e63972a2de14482d0eae1a03a73e379f1c3f44c (6.6-rc1)
 CVE-2024-20016 (In ged, there is a possible out of bounds write due to an integer over ...)
 	NOT-FOR-US: MediaTek
 CVE-2024-20015 (In telephony, there is a possible escalation of privilege due to a per ...)
@@ -159119,8 +159124,11 @@ CVE-2023-0162 (The CPO Companion plugin for WordPress is vulnerable to Stored Cr
 CVE-2023-0161
 	REJECTED
 CVE-2023-0160 (A deadlock flaw was found in the Linux kernel\u2019s BPF subsystem. Th ...)
-	- linux <unfixed>
+	- linux 6.8.9-1
+	[bookworm] - linux 6.1.85-1
+	[bullseye] - linux 5.10.216-1
 	NOTE: https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/
+	NOTE: https://git.kernel.org/linus/ff91059932401894e6c86341915615c5eb0eca48 (6.9-rc3)
 CVE-2023-0159 (The Extensive VC Addons for WPBakery page builder WordPress plugin bef ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0158 (NLnet Labs Krill supports direct access to the RRDP repository content ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cc63dc9c744c5834f70a1c17399c042d18f99bf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cc63dc9c744c5834f70a1c17399c042d18f99bf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241225/9c59a721/attachment.htm>
