[Git][security-tracker-team/security-tracker][master] Add new Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Dec 29 13:53:40 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f31a37c2 by Salvatore Bonaccorso at 2024-12-29T14:45:21+01:00
Add new Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,147 @@
+CVE-2024-56756 [nvme-pci: fix freeing of the HMB descriptor table]
+	- linux 6.12.3-1
+	NOTE: https://git.kernel.org/linus/3c2fb1ca8086eb139b2a551358137525ae8e0d7a (6.13-rc1)
+CVE-2024-56755 [netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING]
+	- linux 6.12.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/22f9400a6f3560629478e0a64247b8fcc811a24d (6.13-rc1)
+CVE-2024-56754 [crypto: caam - Fix the pointer passed to caam_qi_shutdown()]
+	- linux 6.12.3-1
+	NOTE: https://git.kernel.org/linus/ad980b04f51f7fb503530bd1cb328ba5e75a250e (6.13-rc1)
+CVE-2024-56753 [drm/amdgpu/gfx9: Add Cleaner Shader Deinitialization in gfx_v9_0 Module]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/e47cb9d2533200d49dd5364d4a148119492f8a3d (6.13-rc1)
+CVE-2024-56752 [drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new()]
+	- linux 6.12.3-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a2f599046c671d6b46d93aed95b37241ce4504cf (6.13-rc1)
+CVE-2024-56751 [ipv6: release nexthop on device removal]
+	- linux 6.12.3-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/eb02688c5c45c3e7af7e71f036a7144f5639cbfe (6.13-rc1)
+CVE-2024-56750 [erofs: fix blksize < PAGE_SIZE for file-backed mounts]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/bae0854160939a64a092516ff1b2f221402b843b (6.13-rc1)
+CVE-2024-56749 [dlm: fix dlm_recover_members refcount on error]
+	- linux 6.12.3-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/200b977ebbc313a59174ba971006a231b3533dc5 (6.13-rc1)
+CVE-2024-56748 [scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()]
+	- linux 6.12.3-1
+	NOTE: https://git.kernel.org/linus/c62c30429db3eb4ced35c7fcf6f04a61ce3a01bb (6.13-rc1)
+CVE-2024-56747 [scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()]
+	- linux 6.12.3-1
+	NOTE: https://git.kernel.org/linus/95bbdca4999bc59a72ebab01663d421d6ce5775d (6.13-rc1)
+CVE-2024-56746 [fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()]
+	- linux 6.12.3-1
+	NOTE: https://git.kernel.org/linus/f89d17ae2ac42931be2a0153fecbf8533280c927 (6.13-rc1)
+CVE-2024-56745 [PCI: Fix reset_method_store() memory leak]
+	- linux 6.12.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/2985b1844f3f3447f2d938eff1ef6762592065a5 (6.13-rc1)
+CVE-2024-56744 [f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason()]
+	- linux 6.12.3-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f10a890308a7cd8794e21f646f09827c6cb4bf5d (6.13-rc1)
+CVE-2024-56743 [nfs_common: must not hold RCU while calling nfsd_file_put_local]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c840b8e1f039e90f97ca55525667eb961422f86c (6.13-rc1)
+CVE-2024-56742 [vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages()]
+	- linux 6.12.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/22e87bf3f77c18f5982c19ffe2732ef0c7a25f16 (6.13-rc1)
+CVE-2024-56741 [apparmor: test: Fix memory leak for aa_unpack_strdup()]
+	- linux 6.12.3-1
+	NOTE: https://git.kernel.org/linus/7290f59231910ccba427d441a6e8b8c6f6112448 (6.13-rc1)
+CVE-2024-56740 [nfs/localio: must clear res.replen in nfs_local_read_done]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/650703bc4ed3edf841e851c99ab8e7ba9e5262a3 (6.13-rc1)
+CVE-2024-56739 [rtc: check if __rtc_read_time was successful in rtc_timer_do_work()]
+	- linux 6.12.3-1
+	NOTE: https://git.kernel.org/linus/e8ba8a2bc4f60a1065f23d6a0e7cbea945a0f40d (6.13-rc1)
+CVE-2024-56730 [net/9p/usbg: fix handling of the failed kzalloc() memory allocation]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ff1060813d9347e8c45c8b8cff93a4dfdb6726ad (6.13-rc1)
+CVE-2024-56729 [smb: Initialize cfid->tcon before performing network ops]
+	- linux 6.12.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c353ee4fb119a2582d0e011f66a76a38f5cf984d (6.13-rc1)
+CVE-2024-56728 [octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c]
+	- linux 6.12.3-1
+	NOTE: https://git.kernel.org/linus/e26f8eac6bb20b20fdb8f7dc695711ebce4c7c5c (6.13-rc1)
+CVE-2024-56727 [octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c]
+	- linux 6.12.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/bd3110bc102ab6292656b8118be819faa0de8dd0 (6.13-rc1)
+CVE-2024-56726 [octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c]
+	- linux 6.12.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ac9183023b6a9c09467516abd8aab04f9a2f9564 (6.13-rc1)
+CVE-2024-56725 [octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c]
+	- linux 6.12.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/69297b0d3369488af259e3a7cf53d69157938ea1 (6.13-rc1)
+CVE-2024-56724 [mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device]
+	- linux 6.12.3-1
+	NOTE: https://git.kernel.org/linus/9b79d59e6b2b515eb9a22bc469ef7b8f0904fc73 (6.13-rc1)
+CVE-2024-56723 [mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices]
+	- linux 6.12.3-1
+	NOTE: https://git.kernel.org/linus/0350d783ab888cb1cb48ced36cc28b372723f1a4 (6.13-rc1)
+CVE-2024-56722 [RDMA/hns: Fix cpu stuck caused by printings during reset]
+	- linux 6.12.3-1
+	NOTE: https://git.kernel.org/linus/323275ac2ff15b2b7b3eac391ae5d8c5a3c3a999 (6.13-rc1)
+CVE-2024-56721 [x86/CPU/AMD: Terminate the erratum_1386_microcode array]
+	- linux 6.12.3-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ff6cdc407f4179748f4673c39b0921503199a0ad (6.13-rc1)
+CVE-2024-56720 [bpf, sockmap: Several fixes to bpf_msg_pop_data]
+	- linux 6.12.3-1
+	NOTE: https://git.kernel.org/linus/5d609ba262475db450ba69b8e8a557bd768ac07a (6.13-rc1)
+CVE-2024-56719 [net: stmmac: fix TSO DMA API usage causing oops]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4c49f38e20a57f8abaebdf95b369295b153d1f8e (6.13-rc3)
+CVE-2024-56718 [net/smc: protect link down work from execute after lgr freed]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/2b33eb8f1b3e8c2f87cfdbc8cc117f6bdfabc6ec (6.13-rc4)
+CVE-2024-56717 [net: mscc: ocelot: fix incorrect IFH SRC_PORT field in ocelot_ifh_set_basic()]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/2d5df3a680ffdaf606baa10636bdb1daf757832e (6.13-rc4)
+CVE-2024-56716 [netdevsim: prevent bad user input in nsim_dev_health_break_write()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/ee76746387f6233bdfa93d7406990f923641568f (6.13-rc4)
+CVE-2024-56715 [ionic: Fix netdev notifier unregister on failure]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/9590d32e090ea2751e131ae5273859ca22f5ac14 (6.13-rc4)
+CVE-2024-56714 [ionic: no double destroy workqueue]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/746e6ae2e202b062b9deee7bd86d94937997ecd7 (6.13-rc4)
+CVE-2024-56713 [net: netdevsim: fix nsim_pp_hold_write()]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/b9b8301d369b4c876de5255dbf067b19ba88ac71 (6.13-rc4)
+CVE-2024-56712 [udmabuf: fix memory leak on last export_udmabuf() error path]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/f49856f525acd5bef52ae28b7da2e001bbe7439e (6.13-rc4)
+CVE-2024-56711 [drm/panel: himax-hx83102: Add a check to prevent NULL pointer dereference]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/e1e1af9148dc4c866eda3fb59cd6ec3c7ea34b1d (6.13-rc4)
+CVE-2024-56710 [ceph: fix memory leak in ceph_direct_read_write()]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/66e0c4f91461d17d48071695271c824620bed4ef (6.13-rc4)
 CVE-2024-56709 [io_uring: check if iowq is killed before queuing]
 	- linux <unfixed>
 	[bullseye] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f31a37c2a4919b409f9e8e1e034be28b809c7fac

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f31a37c2a4919b409f9e8e1e034be28b809c7fac
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241229/98b1f955/attachment.htm>

More information about the debian-security-tracker-commits mailing list