[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Thu Feb 29 06:56:33 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
99063e80 by Salvatore Bonaccorso at 2024-02-29T07:55:45+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2023-52484 [iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range]
+	- linux 6.5.6-1
+	[bookworm] - linux 6.1.64-1
+	NOTE: https://git.kernel.org/linus/d5afb4b47e13161b3f33904d45110f9e6463bad6 (6.6-rc5)
+CVE-2023-52483 [mctp: perform route lookups under a RCU read-side lock]
+	- linux 6.5.8-1
+	[bookworm] - linux 6.1.64-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/5093bbfc10ab6636b32728e35813cbd79feb063c (6.6-rc6)
+CVE-2023-52482 [x86/srso: Add SRSO mitigation for Hygon processors]
+	- linux 6.5.6-1
+	[bookworm] - linux 6.1.64-1
+	NOTE: https://git.kernel.org/linus/a5ef7d68cea1344cf524f04981c2b3f80bedbb0d (6.6-rc4)
+CVE-2023-52481 [arm64: errata: Add Cortex-A520 speculative unprivileged load workaround]
+	- linux 6.5.8-1
+	[bookworm] - linux 6.1.64-1
+	NOTE: https://git.kernel.org/linus/471470bc7052d28ce125901877dd10e4c048e513 (6.6-rc5)
+CVE-2023-52480 [ksmbd: fix race condition between session lookup and expire]
+	- linux 6.5.8-1
+	[bookworm] - linux 6.1.64-1
+	NOTE: https://git.kernel.org/linus/53ff5cf89142b978b1a5ca8dc4d4425e6a09745f (6.6-rc5)
+CVE-2023-52479 [ksmbd: fix uaf in smb20_oplock_break_ack]
+	- linux 6.5.8-1
+	[bookworm] - linux 6.1.64-1
+	NOTE: https://git.kernel.org/linus/c69813471a1ec081a0b9bf0c6bd7e8afd818afce (6.6-rc5)
+CVE-2023-52478 [HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect]
+	- linux 6.5.8-1
+	[bookworm] - linux 6.1.64-1
+	[bullseye] - linux 5.10.205-1
+	[buster] - linux 4.19.304-1
+	NOTE: https://git.kernel.org/linus/dac501397b9d81e4782232c39f94f4307b137452 (6.6-rc6)
+CVE-2023-52477 [usb: hub: Guard against accesses to uninitialized BOS descriptors]
+	- linux 6.5.8-1
+	[bookworm] - linux 6.1.64-1
+	[bullseye] - linux 5.10.205-1
+	[buster] - linux 4.19.304-1
+	NOTE: https://git.kernel.org/linus/f74a7afc224acd5e922c7a2e52244d891bbe44ee (6.6-rc6)
+CVE-2023-52476 [perf/x86/lbr: Filter vsyscall addresses]
+	- linux 6.5.8-1
+	[bookworm] - linux 6.1.64-1
+	NOTE: https://git.kernel.org/linus/e53899771a02f798d436655efbd9d4b46c0f9265 (6.6-rc6)
+CVE-2023-52475 [Input: powermate - fix use-after-free in powermate_config_complete]
+	- linux 6.5.8-1
+	[bookworm] - linux 6.1.64-1
+	[bullseye] - linux 5.10.205-1
+	[buster] - linux 4.19.304-1
+	NOTE: https://git.kernel.org/linus/5c15c60e7be615f05a45cd905093a54b11f461bc (6.6-rc6)
 CVE-2024-27948 (Cross-Site Request Forgery (CSRF) vulnerability in bytesforall Atahual ...)
 	NOT-FOR-US: bytesforall Atahualpa
 CVE-2024-27517 (Webasyst 2.9.9 has a Cross-Site Scripting (XSS) vulnerability, Attacke ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99063e807c4c4711fefec9c610d2cc1beee2536a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99063e807c4c4711fefec9c610d2cc1beee2536a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240229/4de0a3db/attachment.htm>
