[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 16 17:35:40 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2cce469a by Salvatore Bonaccorso at 2024-07-16T18:34:58+02:00
Merge Linux CVEs from kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,383 @@
+CVE-2023-52886 [USB: core: Fix race by not overwriting udev->descriptor in hub_port_init()]
+ - linux 6.5.3-1
+ [bookworm] - linux 6.1.55-1
+ [bullseye] - linux 5.10.197-1
+ NOTE: https://git.kernel.org/linus/ff33299ec8bb80cdcc073ad9c506bd79bb2ed20b (6.6-rc1)
+CVE-2022-48866 [HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts]
+ - linux 5.16.18-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/fc3ef2e3297b3c0e2006b5d7b3d66965e3392036 (5.17-rc8)
+CVE-2022-48865 [tipc: fix kernel panic when enabling bearer]
+ - linux 5.16.18-1
+ [bullseye] - linux 5.10.106-1
+ NOTE: https://git.kernel.org/linus/be4977b847f5d5cedb64d50eaaf2218c3a55a3a3 (5.17-rc8)
+CVE-2022-48864 [vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command]
+ - linux 5.16.18-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ed0f849fc3a63ed2ddf5e72cdb1de3bdbbb0f8eb (5.17-rc8)
+CVE-2022-48863 [mISDN: Fix memory leak in dsp_pipeline_build()]
+ - linux 5.16.18-1
+ [bullseye] - linux 5.10.106-1
+ NOTE: https://git.kernel.org/linus/c6a502c2299941c8326d029cfc8a3bc8a4607ad5 (5.17-rc8)
+CVE-2022-48862 [vhost: fix hung thread due to erroneous iotlb entries]
+ - linux 5.16.18-1
+ NOTE: https://git.kernel.org/linus/e2ae38cf3d91837a493cb2093c87700ff3cbe667 (5.17-rc8)
+CVE-2022-48861 [vdpa: fix use-after-free on vp_vdpa_remove]
+ - linux 5.16.18-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/eb057b44dbe35ae14527830236a92f51de8f9184 (5.17-rc8)
+CVE-2022-48860 [ethernet: Fix error handling in xemaclite_of_probe]
+ - linux 5.16.18-1
+ [bullseye] - linux 5.10.106-1
+ NOTE: https://git.kernel.org/linus/b19ab4b38b06aae12442b2de95ccf58b5dc53584 (5.17-rc8)
+CVE-2022-48859 [net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr]
+ - linux 5.16.18-1
+ NOTE: https://git.kernel.org/linus/c9ffa3e2bc451816ce0295e40063514fabf2bd36 (5.17-rc8)
+CVE-2022-48858 [net/mlx5: Fix a race on command flush flow]
+ - linux 5.16.18-1
+ [bullseye] - linux 5.10.106-1
+ NOTE: https://git.kernel.org/linus/063bd355595428750803d8736a9bb7c8db67d42d (5.17-rc8)
+CVE-2022-48857 [NFC: port100: fix use-after-free in port100_send_complete]
+ - linux 5.16.18-1
+ [bullseye] - linux 5.10.106-1
+ NOTE: https://git.kernel.org/linus/f80cfe2f26581f188429c12bd937eb905ad3ac7b (5.17-rc8)
+CVE-2022-48856 [gianfar: ethtool: Fix refcount leak in gfar_get_ts_info]
+ - linux 5.16.18-1
+ [bullseye] - linux 5.10.106-1
+ NOTE: https://git.kernel.org/linus/2ac5b58e645c66932438bb021cb5b52097ce70b0 (5.17-rc8)
+CVE-2022-48855 [sctp: fix kernel-infoleak for SCTP sockets]
+ - linux 5.16.18-1
+ [bullseye] - linux 5.10.106-1
+ NOTE: https://git.kernel.org/linus/633593a808980f82d251d0ca89730d8bb8b0220c (5.17-rc8)
+CVE-2022-48854 [net: arc_emac: Fix use after free in arc_mdio_probe()]
+ - linux 5.16.18-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/bc0e610a6eb0d46e4123fafdbe5e6141d9fff3be (5.17-rc8)
+CVE-2022-48853 [swiotlb: fix info leak with DMA_FROM_DEVICE]
+ - linux 5.16.18-1
+ [bullseye] - linux 5.10.113-1
+ NOTE: https://git.kernel.org/linus/ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e (5.17-rc6)
+CVE-2022-48852 [drm/vc4: hdmi: Unregister codec device on unbind]
+ - linux 5.16.18-1
+ NOTE: https://git.kernel.org/linus/e40945ab7c7f966d0c37b7bd7b0596497dfe228d (5.17-rc6)
+CVE-2022-48851 [staging: gdm724x: fix use after free in gdm_lte_rx()]
+ - linux 5.16.18-1
+ [bullseye] - linux 5.10.106-1
+ NOTE: https://git.kernel.org/linus/fc7f750dc9d102c1ed7bbe4591f991e770c99033 (5.17-rc8)
+CVE-2022-48850 [net-sysfs: add check for netdevice being present to speed_show]
+ - linux 5.16.18-1
+ [bullseye] - linux 5.10.106-1
+ NOTE: https://git.kernel.org/linus/4224cfd7fb6523f7a9d1c8bb91bb5df1e38eb624 (5.17-rc6)
+CVE-2022-48849 [drm/amdgpu: bypass tiling flag check in virtual display case (v2)]
+ - linux 5.16.18-1
+ NOTE: https://git.kernel.org/linus/e2b993302f40c4eb714ecf896dd9e1c5be7d4cd7 (5.17-rc6)
+CVE-2022-48848 [tracing/osnoise: Do not unregister events twice]
+ - linux 5.16.18-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f0cfe17bcc1dd2f0872966b554a148e888833ee9 (5.17-rc8)
+CVE-2022-48847 [watch_queue: Fix filter limit check]
+ - linux 5.16.18-1
+ [bullseye] - linux 5.10.106-1
+ NOTE: https://git.kernel.org/linus/c993ee0f9f81caf5767a50d1faeba39a0dc82af2 (5.17-rc8)
+CVE-2022-48846 [block: release rq qos structures for queue without disk]
+ - linux 5.17.3-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/daaca3522a8e67c46e39ef09c1d542e866f85f3b (5.17)
+CVE-2022-48845 [MIPS: smp: fill in sibling and core maps earlier]
+ - linux 5.16.18-1
+ [bullseye] - linux 5.10.113-1
+ NOTE: https://git.kernel.org/linus/f2703def339c793674010cc9f01bfe4980231808 (5.17-rc7)
+CVE-2022-48844 [Bluetooth: hci_core: Fix leaking sent_cmd skb]
+ - linux 5.16.18-1
+ NOTE: https://git.kernel.org/linus/dd3b1dc3dd050f1f47cd13e300732852414270f8 (5.17-rc7)
+CVE-2022-48843 [drm/vrr: Set VRR capable prop only if it is attached to connector]
+ - linux 5.16.18-1
+ [bullseye] - linux 5.10.113-1
+ NOTE: https://git.kernel.org/linus/62929726ef0ec72cbbe9440c5d125d4278b99894 (5.17-rc7)
+CVE-2022-48842 [ice: Fix race condition during interface enslave]
+ - linux 5.16.18-1
+ NOTE: https://git.kernel.org/linus/5cb1ebdbc4342b1c2ce89516e19808d64417bdbc (5.17-rc8)
+CVE-2022-48841 [ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats()]
+ - linux 5.17.3-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f153546913bada41a811722f2c6d17c3243a0333 (5.17)
+CVE-2022-48840 [iavf: Fix hang during reboot/shutdown]
+ - linux 5.17.3-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b04683ff8f0823b869c219c78ba0d974bddea0b5 (5.17)
+CVE-2022-48839 [net/packet: fix slab-out-of-bounds access in packet_recvmsg()]
+ - linux 5.17.3-1
+ [bullseye] - linux 5.10.113-1
+ NOTE: https://git.kernel.org/linus/c700525fcc06b05adfea78039de02628af79e07a (5.17)
+CVE-2022-48838 [usb: gadget: Fix use-after-free bug by not setting udc->dev.driver]
+ - linux 5.17.3-1
+ [bullseye] - linux 5.10.113-1
+ NOTE: https://git.kernel.org/linus/16b1941eac2bd499f065a6739a40ce0011a3d740 (5.17)
+CVE-2022-48837 [usb: gadget: rndis: prevent integer overflow in rndis_set_response()]
+ - linux 5.17.3-1
+ [bullseye] - linux 5.10.113-1
+ NOTE: https://git.kernel.org/linus/65f3324f4b6fed78b8761c3b74615ecf0ffa81fa (5.17)
+CVE-2022-48836 [Input: aiptek - properly check endpoint type]
+ - linux 5.17.3-1
+ [bullseye] - linux 5.10.113-1
+ NOTE: https://git.kernel.org/linus/5600f6986628dde8881734090588474f54a540a8 (5.17)
+CVE-2022-48835 [scsi: mpt3sas: Page fault in reply q processing]
+ - linux 5.17.3-1
+ [bullseye] - linux 5.10.113-1
+ NOTE: https://git.kernel.org/linus/69ad4ef868c1fc7609daa235dfa46d28ba7a3ba3 (5.17)
+CVE-2022-48834 [usb: usbtmc: Fix bug in pipe direction for control transfers]
+ - linux 5.17.3-1
+ [bullseye] - linux 5.10.113-1
+ NOTE: https://git.kernel.org/linus/e9b667a82cdcfe21d590344447d65daed52b353b (5.17)
+CVE-2022-48833 [btrfs: skip reserved bytes warning on unmount after log cleanup failure]
+ - linux 5.16.18-1
+ NOTE: https://git.kernel.org/linus/40cdc509877bacb438213b83c7541c5e24a1d9ec (5.17-rc3)
+CVE-2022-48832 [audit: don't deref the syscall args when checking the openat2 open_how::flags]
+ - linux 5.16.10-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/7a82f89de92aac5a244d3735b2bd162c1147620c (5.17-rc4)
+CVE-2022-48831 [ima: fix reference leak in asymmetric_verify()]
+ - linux 5.16.10-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/926fd9f23b27ca6587492c3f58f4c7f4cd01dad5 (5.17-rc4)
+CVE-2022-48830 [can: isotp: fix potential CAN frame reception race in isotp_rcv()]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/7c759040c1dd03954f650f147ae7175476d51314 (5.17-rc4)
+CVE-2022-48829 [NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.221-1
+ NOTE: https://git.kernel.org/linus/a648fdeb7c0e17177a2280344d015dba3fbe3314 (5.17-rc4)
+CVE-2022-48828 [NFSD: Fix ia_size underflow]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.221-1
+ NOTE: https://git.kernel.org/linus/e6faac3f58c7c4176b66f63def17a34232a17b0e (5.17-rc4)
+CVE-2022-48827 [NFSD: Fix the behavior of READ near OFFSET_MAX]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.221-1
+ NOTE: https://git.kernel.org/linus/0cb4d23ae08c48f6bf3c29a8e5c4a74b8388b960 (5.17-rc4)
+CVE-2022-48826 [drm/vc4: Fix deadlock on DSI device attach error]
+ - linux 5.16.10-1
+ NOTE: https://git.kernel.org/linus/0a3d12ab5097b1d045e693412e6b366b7e82031b (5.17-rc2)
+CVE-2022-48825 [scsi: qedf: Add stag_work to all the vports]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/b70a99fd13282d7885f69bf1372e28b7506a1613 (5.17-rc2)
+CVE-2022-48824 [scsi: myrs: Fix crash in error case]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/4db09593af0b0b4d7d4805ebb3273df51d7cc30d (5.17-rc2)
+CVE-2022-48823 [scsi: qedf: Fix refcount issue when LOGO is received during TMF]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/5239ab63f17cee643bd4bf6addfedebaa7d4f41e (5.17-rc2)
+CVE-2022-48822 [usb: f_fs: Fix use-after-free for epfile]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/ebe2b1add1055b903e2acd86b290a85297edc0b3 (5.17-rc4)
+CVE-2022-48821 [misc: fastrpc: avoid double fput() on failed usercopy]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/46963e2e0629cb31c96b1d47ddd89dc3d8990b34 (5.17-rc4)
+CVE-2022-48820 [phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable()]
+ - linux 5.16.10-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/cfc826c88a79e22ba5d8001556eb2c7efd8a01b6 (5.17-rc4)
+CVE-2022-48819 [tcp: take care of mixed splice()/sendmsg(MSG_ZEROCOPY) case]
+ - linux 5.16.10-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f8d9d938514f46c4892aff6bfe32f425e84d81cc (5.17-rc4)
+CVE-2022-48818 [net: dsa: mv88e6xxx: don't use devres for mdiobus]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/f53a2ce893b2c7884ef94471f170839170a4eba0 (5.17-rc4)
+CVE-2022-48817 [net: dsa: ar9331: register the mdiobus under devres]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/50facd86e9fbc4b93fe02e5fe05776047f45dbfb (5.17-rc4)
+CVE-2022-48816 [SUNRPC: lock against ->sock changing during sysfs read]
+ - linux 5.16.10-1
+ NOTE: https://git.kernel.org/linus/b49ea673e119f59c71645e2f65b3ccad857c90ee (5.17-rc4)
+CVE-2022-48815 [net: dsa: bcm_sf2: don't use devres for mdiobus]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/08f1a20822349004bb9cc1b153ecb516e9f2889d (5.17-rc4)
+CVE-2022-48814 [net: dsa: seville: register the mdiobus under devres]
+ - linux 5.16.10-1
+ NOTE: https://git.kernel.org/linus/bd488afc3b39e045ba71aab472233f2a78726e7b (5.17-rc4)
+CVE-2022-48813 [net: dsa: felix: don't use devres for mdiobus]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/209bdb7ec6a28c7cdf580a0a98afbc9fc3b98932 (5.17-rc4)
+CVE-2022-48812 [net: dsa: lantiq_gswip: don't use devres for mdiobus]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/0d120dfb5d67edc5bcd1804e167dba2b30809afd (5.17-rc4)
+CVE-2022-48811 [ibmvnic: don't release napi in __ibmvnic_open()]
+ - linux 5.16.10-1
+ NOTE: https://git.kernel.org/linus/61772b0908c640d0309c40f7d41d062ca4e979fa (5.17-rc4)
+CVE-2022-48810 [ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/5611a00697c8ecc5aad04392bea629e9d6a20463 (5.17-rc4)
+CVE-2022-48809 [net: fix a memleak when uncloning an skb dst and its metadata]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/9eeabdf17fa0ab75381045c867c370f4cc75a613 (5.17-rc4)
+CVE-2022-48808 [net: dsa: fix panic when DSA master device unbinds on shutdown]
+ - linux 5.16.10-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ee534378f00561207656663d93907583958339ae (5.17-rc4)
+CVE-2022-48807 [ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler]
+ - linux 5.16.10-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/bea1898f65b9b7096cb4e73e97c83b94718f1fa1 (5.17-rc4)
+CVE-2022-48806 [eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/c0689e46be23160d925dca95dfc411f1a0462708 (5.17-rc4)
+CVE-2022-48805 [net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581 (5.17-rc4)
+CVE-2022-48804 [vt_ioctl: fix array_index_nospec in vt_setactivate]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/61cc70d9e8ef5b042d4ed87994d20100ec8896d9 (5.17-rc4)
+CVE-2022-48803 [phy: ti: Fix missing sentinel for clk_div_table]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/6d1e6bcb31663ee83aaea1f171f3dbfe95dd4a69 (5.17-rc4)
+CVE-2022-48802 [fs/proc: task_mmu.c: don't read mapcount for migration entry]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/24d7275ce2791829953ed4e72f68277ceb2571c6 (5.17-rc4)
+CVE-2022-48801 [iio: buffer: Fix file related error handling in IIO_BUFFER_GET_FD_IOCTL]
+ - linux 5.16.10-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/c72ea20503610a4a7ba26c769357d31602769c01 (5.17-rc4)
+CVE-2022-48800 [mm: vmscan: remove deadlock due to throttling failing to make progress]
+ - linux 5.16.10-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b485c6f1f9f54b81443efda5f3d8a5036ba2cd91 (5.17-rc4)
+CVE-2022-48799 [perf: Fix list corruption in perf_cgroup_switch()]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/5f4e5ce638e6a490b976ade4a40017b40abb2da0 (5.17-rc4)
+CVE-2022-48798 [s390/cio: verify the driver availability for path_event call]
+ - linux 5.16.10-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/dd9cb842fa9d90653a9b48aba52f89c069f3bc50 (5.17-rc4)
+CVE-2022-48797 [mm: don't try to NUMA-migrate COW pages that have other uses]
+ - linux 5.16.11-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/80d47f5de5e311cbc0d01ebb6ee684e8f4c196c6 (5.17-rc5)
+CVE-2022-48796 [iommu: Fix potential use-after-free during probe]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/b54240ad494300ff0994c4539a531727874381f4 (5.17-rc3)
+CVE-2022-48795 [parisc: Fix data TLB miss in sba_unmap_sg]
+ - linux 5.16.11-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/b7d6f44a0fa716a82969725516dc0b16bc7cd514 (5.17-rc5)
+CVE-2022-48794 [net: ieee802154: at86rf230: Stop leaking skb's]
+ - linux 5.16.11-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/e5ce576d45bf72fd0e3dc37eff897bfcc488f6a9 (5.17-rc3)
+CVE-2022-48793 [KVM: x86: nSVM: fix potential NULL derefernce on nested migration]
+ - linux 5.16.11-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/e1779c2714c3023e4629825762bcbc43a3b943df (5.17-rc5)
+CVE-2022-48792 [scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task]
+ - linux 5.16.11-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/df7abcaa1246e2537ab4016077b5443bb3c09378 (5.17-rc3)
+CVE-2022-48791 [scsi: pm8001: Fix use-after-free for aborted TMF sas_task]
+ - linux 5.16.11-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/61f162aa4381845acbdc7f2be4dfb694d027c018 (5.17-rc3)
+CVE-2022-48790 [nvme: fix a possible use-after-free in controller reset during load]
+ - linux 5.16.11-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/0fa0f99fc84e41057cbdd2efbfe91c6b2f47dd9d (5.17-rc3)
+CVE-2022-48789 [nvme-tcp: fix possible use-after-free in transport error_recovery work]
+ - linux 5.16.11-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/ff9fc7ebf5c06de1ef72a69f9b1ab40af8b07f9e (5.17-rc3)
+CVE-2022-48788 [nvme-rdma: fix possible use-after-free in transport error_recovery work]
+ - linux 5.16.11-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/b6bb1722f34bbdbabed27acdceaf585d300c5fd2 (5.17-rc3)
+CVE-2022-48787 [iwlwifi: fix use-after-free]
+ - linux 5.16.11-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/bea2662e7818e15d7607d17d57912ac984275d94 (5.17-rc5)
+CVE-2022-48786 [vsock: remove vsock from connected table when connect is interrupted by a signal]
+ - linux 5.16.11-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/b9208492fcaecff8f43915529ae34b3bcb03877c (5.17-rc5)
+CVE-2022-48785 [ipv6: mcast: use rcu-safe version of ipv6_get_lladdr()]
+ - linux 5.16.11-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/26394fc118d6115390bd5b3a0fb17096271da227 (5.17-rc5)
+CVE-2022-48784 [cfg80211: fix race in netlink owner interface destruction]
+ - linux 5.16.11-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f0a6fd1527067da537e9c48390237488719948ed (5.17-rc5)
+CVE-2022-48783 [net: dsa: lantiq_gswip: fix use after free in gswip_remove()]
+ - linux 5.16.11-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/8c6ae46150a453f8ae9a6cd49b45f354f478587d (5.17-rc5)
+CVE-2022-48782 [mctp: fix use after free]
+ - linux 5.16.11-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/7e5b6a5c8c44310784c88c1c198dde79f6402f7b (5.17-rc5)
+CVE-2022-48781 [crypto: af_alg - get rid of alg_memory_allocated]
+ - linux 5.16.11-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/25206111512de994dfc914f5b2972a22aa904ef3 (5.17-rc5)
+CVE-2022-48780 [net/smc: Avoid overwriting the copies of clcsock callback functions]
+ - linux 5.16.11-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/1de9770d121ee9294794cca0e0be8fbfa0134ee8 (5.17-rc5)
+CVE-2022-48779 [net: mscc: ocelot: fix use-after-free in ocelot_vlan_del()]
+ - linux 5.16.11-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ef57640575406f57f5b3393cf57f457b0ace837e (5.17-rc5)
+CVE-2022-48778 [mtd: rawnand: gpmi: don't leak PM reference in error path]
+ - linux 5.16.11-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/9161f365c91614e5a3f5c6dcc44c3b1b33bc59c0 (5.17-rc5)
+CVE-2022-48777 [mtd: parsers: qcom: Fix kernel panic on skipped partition]
+ - linux 5.16.11-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/65d003cca335cabc0160d3cd7daa689eaa9dd3cd (5.17-rc5)
+CVE-2022-48776 [mtd: parsers: qcom: Fix missing free for pparts in cleanup]
+ - linux 5.16.11-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/3dd8ba961b9356c4113b96541c752c73d98fef70 (5.17-rc5)
+CVE-2022-48775 [Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj]
+ - linux 5.16.11-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/8bc69f86328e87a0ffa79438430cc82f3aa6a194 (5.17-rc5)
+CVE-2022-48774 [dmaengine: ptdma: Fix the error handling path in pt_core_init()]
+ - linux 5.16.11-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/3c62fd3406e0b2277c76a6984d3979c7f3f1d129 (5.17-rc5)
+CVE-2022-48773 [xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create]
+ - linux 5.16.11-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/a9c10b5b3b67b3750a10c8b089b2e05f5e176e33 (5.17-rc4)
+CVE-2021-47624 [net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change]
+ - linux 5.16.10-1
+ NOTE: https://git.kernel.org/linus/776d794f28c95051bc70405a7b1fa40115658a18 (5.17-rc2)
+CVE-2021-47623 [powerpc/fixmap: Fix VM debug warning on unmap]
+ - linux 5.16.10-1
+ [bullseye] - linux 5.10.103-1
+ NOTE: https://git.kernel.org/linus/aec982603aa8cc0a21143681feb5f60ecc69d718 (5.17-rc2)
+CVE-2021-47622 [scsi: ufs: Fix a deadlock in the error handler]
+ - linux 5.16.11-1
+ NOTE: https://git.kernel.org/linus/945c3cca05d78351bba29fa65d93834cb7934c7b (5.17-rc1)
CVE-2024-6780 (Improper permission control in the mobile application (com.android.ser ...)
NOT-FOR-US: mobile application (com.android.server.telecom)
CVE-2024-6559 (The Backup, Restore and Migrate WordPress Sites With the XCloner Plugi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2cce469a183bc589010fe072f54ed9617756ae07
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2cce469a183bc589010fe072f54ed9617756ae07
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240716/8e41fb92/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list