[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 23 18:58:21 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e83124e3 by Salvatore Bonaccorso at 2024-02-23T19:56:54+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2024-26599 [pwm: Fix out-of-bounds access in of_pwm_single_xlate()]
+	- linux 6.6.15-1
+	[bookworm] - linux 6.1.76-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a297d07b9a1e4fb8cda25a4a2363a507d294b7c9 (6.8-rc1)
+CVE-2024-26598 [KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache]
+	- linux 6.6.15-1
+	[bookworm] - linux 6.1.76-1
+	[bullseye] - linux 5.10.209-1
+	NOTE: https://git.kernel.org/linus/ad362fe07fecf0aba839ff2cc59a3617bd42c33f (6.8-rc1)
+CVE-2024-26596 [net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/844f104790bd69c2e4dbb9ee3eba46fde1fcea7b (6.8-rc1)
+CVE-2024-26595 [mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path]
+	- linux 6.6.15-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/efeb7dfea8ee10cdec11b6b6ba4e405edbe75809 (6.8-rc1)
+CVE-2023-52461 [drm/sched: Fix bounds limiting when given a malformed entity]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/2bbe6ab2be53858507f11f99f856846d04765ae3 (6.8-rc1)
+CVE-2023-52462 [bpf: fix check for attempt to corrupt spilled pointer]
+	- linux 6.6.15-1
+	[bookworm] - linux 6.1.76-1
+	[bullseye] - linux 5.10.209-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ab125ed3ec1c10ccc36bc98c7a4256ad114a3dae (6.8-rc1)
+CVE-2023-52460 [drm/amd/display: Fix NULL pointer dereference at hibernate]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/b719a9c15d52d4f56bdea8241a5d90fd9197ce99 (6.8-rc1)
+CVE-2023-52458 [block: add check that partition length needs to be aligned with block size]
+	- linux 6.6.15-1
+	[bookworm] - linux 6.1.76-1
+	NOTE: https://git.kernel.org/linus/6f64f866aa1ae6975c95d805ed51d7e9433a0016 (6.8-rc1)
+CVE-2023-52456 [serial: imx: fix tx statemachine deadlock]
+	- linux 6.6.15-1
+	[bookworm] - linux 6.1.76-1
+	[bullseye] - linux 5.10.209-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/78d60dae9a0c9f09aa3d6477c94047df2fe6f7b0 (6.8-rc1)
+CVE-2023-52455 [iommu: Don't reserve 0-length IOVA region]
+	- linux 6.6.15-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/bb57f6705960bebeb832142ce9abf43220c3eab1 (6.8-rc1)
+CVE-2023-52454 [nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length]
+	- linux 6.6.15-1
+	[bookworm] - linux 6.1.76-1
+	[bullseye] - linux 5.10.209-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/efa56305908ba20de2104f1b8508c6a7401833be (6.8-rc1)
 CVE-2023-52453 [hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume]
 	- linux 6.6.15-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e83124e3ccb5c0a7757a3fa618a766faf54cc9d7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e83124e3ccb5c0a7757a3fa618a766faf54cc9d7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240223/1ddfd58c/attachment.htm>

More information about the debian-security-tracker-commits mailing list