[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 19 15:34:03 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
32bd762d by Salvatore Bonaccorso at 2024-06-19T16:33:07+02:00
Merge Linux CVEs from kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,338 @@
+CVE-2024-38618 [ALSA: timer: Set lower bound of start tick time]
+ - linux <unfixed>
+ NOTE: https://git.kernel.org/linus/4a63bd179fa8d3fcc44a0d9d71d941ddd62f0c4e (6.10-rc1)
+CVE-2024-38617 [kunit/fortify: Fix mismatched kvalloc()/vfree() usage]
+ - linux 6.8.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/998b18072ceb0613629c256b409f4d299829c7ec (6.10-rc1)
+CVE-2024-38616 [wifi: carl9170: re-fix fortified-memset warning]
+ - linux 6.8.12-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/066afafc10c9476ee36c47c9062527a17e763901 (6.10-rc1)
+CVE-2024-38615 [cpufreq: exit() callback is optional]
+ - linux 6.8.12-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b8f85833c05730d631576008daaa34096bc7f3ce (6.10-rc1)
+CVE-2024-38614 [openrisc: traps: Don't send signals to kernel mode threads]
+ - linux 6.8.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/c88cfb5cea5f8f9868ef02cc9ce9183a26dcf20f (6.10-rc1)
+CVE-2024-38613 [m68k: Fix spinlock race in kernel thread creation]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/da89ce46f02470ef08f0f580755d14d547da59ed (6.10-rc1)
+CVE-2024-38612 [ipv6: sr: fix invalid unregister error path]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/160e9d2752181fcf18c662e74022d77d3164cd45 (6.10-rc1)
+CVE-2024-38611 [media: i2c: et8ek8: Don't strip remove function when driver is builtin]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/545b215736c5c4b354e182d99c578a472ac9bfce (6.10-rc1)
+CVE-2024-38610 [drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map()]
+ - linux 6.8.12-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/3d6586008f7b638f91f3332602592caa8b00b559 (6.10-rc1)
+CVE-2024-38609 [wifi: mt76: connac: check for null before dereferencing]
+ - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/cb47c7be0e93dd5acda078163799401ac3a78e10 (6.10-rc1)
+CVE-2024-38608 [net/mlx5e: Fix netif state handling]
+ - linux <unfixed>
+ NOTE: https://git.kernel.org/linus/3d5918477f94e4c2f064567875c475468e264644 (6.10-rc1)
+CVE-2024-38607 [macintosh/via-macii: Fix "BUG: sleeping function called from invalid context"]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/d301a71c76ee4c384b4e03cdc320a55f5cf1df05 (6.10-rc1)
+CVE-2024-38606 [crypto: qat - validate slices count returned by FW]
+ - linux 6.8.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/483fd65ce29317044d1d00757e3fd23503b6b04c (6.10-rc1)
+CVE-2024-38605 [ALSA: core: Fix NULL module pointer assignment at card init]
+ - linux 6.8.12-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/39381fe7394e5eafac76e7e9367e7351138a29c1 (6.10-rc1)
+CVE-2024-38604 [block: refine the EOF check in blkdev_iomap_begin]
+ - linux 6.8.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/0c12028aec837f5a002009bbf68d179d506510e8 (6.10-rc1)
+CVE-2024-38603 [drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset()]
+ - linux 6.8.12-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/582c1aeee0a9e73010cf1c4cef338709860deeb0 (6.10-rc1)
+CVE-2024-38602 [ax25: Fix reference count leak issues of ax25_dev]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/b505e0319852b08a3a716b64620168eab21f4ced (6.10-rc1)
+CVE-2024-38601 [ring-buffer: Fix a race between readers and resize checks]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/c2274b908db05529980ec056359fae916939fdaa (6.10-rc1)
+CVE-2024-38600 [ALSA: Fix deadlocks with kctl removals at disconnection]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/87988a534d8e12f2e6fc01fe63e6c1925dc5307c (6.10-rc1)
+CVE-2024-38599 [jffs2: prevent xattr node from overflowing the eraseblock]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/c6854e5a267c28300ff045480b5a7ee7f6f1d913 (6.10-rc1)
+CVE-2024-38598 [md: fix resync softlockup when bitmap size is less than array size]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/f0e729af2eb6bee9eb58c4df1087f14ebaefe26b (6.10-rc1)
+CVE-2024-38597 [eth: sungem: remove .ndo_poll_controller to avoid deadlocks]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/ac0a230f719b02432d8c7eba7615ebd691da86f4 (6.10-rc1)
+CVE-2024-38596 [af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/540bf24fba16b88c1b3b9353927204b4f1074e25 (6.10-rc1)
+CVE-2024-38595 [net/mlx5: Fix peer devlink set for SF representor devlink port]
+ - linux 6.8.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/3c453e8cc672de1f9c662948dba43176bc68d7f0 (6.10-rc1)
+CVE-2024-38594 [net: stmmac: move the EST lock to struct stmmac_priv]
+ - linux 6.8.12-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/36ac9e7f2e5786bd37c5cd91132e1f39c29b8197 (6.10-rc1)
+CVE-2024-38593 [net: micrel: Fix receiving the timestamp in the frame for lan8841]
+ - linux 6.8.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/aea27a92a41dae14843f92c79e9e42d8f570105c (6.10-rc1)
+CVE-2024-38592 [drm/mediatek: Init `ddp_comp` with devm_kcalloc()]
+ - linux 6.8.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/01a2c5123e27b3c4685bf2fc4c2e879f6e0c7b33 (6.10-rc1)
+CVE-2024-38591 [RDMA/hns: Fix deadlock on SRQ async events.]
+ - linux 6.8.12-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b46494b6f9c19f141114a57729e198698f40af37 (6.10-rc1)
+CVE-2024-38590 [RDMA/hns: Modify the print level of CQE error]
+ - linux 6.8.12-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/349e859952285ab9689779fb46de163f13f18f43 (6.10-rc1)
+CVE-2024-38589 [netrom: fix possible dead-lock in nr_rt_ioctl()]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6 (6.10-rc1)
+CVE-2024-38588 [ftrace: Fix possible use-after-free issue in ftrace_location()]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/e60b613df8b6253def41215402f72986fee3fc8d (6.10-rc1)
+CVE-2024-38587 [speakup: Fix sizeof() vs ARRAY_SIZE() bug]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/008ab3c53bc4f0b2f20013c8f6c204a3203d0b8b (6.10-rc1)
+CVE-2024-38586 [r8169: Fix possible ring buffer corruption on fragmented Tx packets.]
+ - linux 6.8.12-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/c71e3a5cffd5309d7f84444df03d5b72600cc417 (6.10-rc1)
+CVE-2024-38585 [tools/nolibc/stdlib: fix memory error in realloc()]
+ - linux 6.8.12-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/791f4641142e2aced85de082e5783b4fb0b977c2 (6.10-rc1)
+CVE-2024-38584 [net: ti: icssg_prueth: Fix NULL pointer dereference in prueth_probe()]
+ - linux 6.8.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b31c7e78086127a7fcaa761e8d336ee855a920c6 (6.10-rc1)
+CVE-2024-38583 [nilfs2: fix use-after-free of timer for log writer thread]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/f5d4e04634c9cf68bdf23de08ada0bb92e8befe7 (6.10-rc1)
+CVE-2024-38582 [nilfs2: fix potential hang in nilfs_detach_log_writer()]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/eb85dace897c5986bc2f36b3c783c6abb8a4292e (6.10-rc1)
+CVE-2024-38581 [drm/amdgpu/mes: fix use-after-free issue]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/948255282074d9367e01908b3f5dcf8c10fc9c3d (6.9-rc6)
+CVE-2024-38580 [epoll: be better about file lifetimes]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/4efaa5acf0a1d2b5947f98abb3acf8bfd966422b (6.9-rc7)
+CVE-2024-38579 [crypto: bcm - Fix pointer arithmetic]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/2b3460cbf454c6b03d7429e9ffc4fe09322eb1a9 (6.10-rc1)
+CVE-2024-38578 [ecryptfs: Fix buffer size for tag 66 packet]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/85a6a1aff08ec9f5b929d345d066e2830e8818e5 (6.10-rc1)
+CVE-2024-38577 [rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow]
+ - linux 6.8.12-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/cc5645fddb0ce28492b15520306d092730dffa48 (6.10-rc1)
+CVE-2024-38576 [rcu: Fix buffer overflow in print_cpu_stall_info()]
+ - linux 6.8.12-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/3758f7d9917bd7ef0482c4184c0ad673b4c4e069 (6.10-rc1)
+CVE-2024-38575 [wifi: brcmfmac: pcie: handle randbuf allocation failure]
+ - linux 6.8.12-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/316f790ebcf94bdf59f794b7cdea4068dc676d4c (6.10-rc1)
+CVE-2024-38574 [libbpf: Prevent null-pointer dereference when prog to load has no BTF]
+ - linux 6.8.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9bf48fa19a4b1d186e08b20bf7e5de26a15644fb (6.10-rc1)
+CVE-2024-38573 [cppc_cpufreq: Fix possible null pointer dereference]
+ - linux 6.8.12-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/cf7de25878a1f4508c69dc9f6819c21ba177dbfe (6.10-rc1)
+CVE-2024-38572 [wifi: ath12k: fix out-of-bound access of qmi_invoke_handler()]
+ - linux 6.8.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/e1bdff48a1bb4a4ac660c19c55a820968c48b3f2 (6.10-rc1)
+CVE-2024-38571 [thermal/drivers/tsens: Fix null pointer dereference]
+ - linux 6.8.12-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/d998ddc86a27c92140b9f7984ff41e3d1d07a48f (6.10-rc1)
+CVE-2024-38570 [gfs2: Fix potential glock use-after-free on unmount]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/d98779e687726d8f8860f1c54b5687eec5f63a73 (6.10-rc1)
+CVE-2024-38569 [drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group]
+ - linux 6.8.12-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/77fce82678ea5fd51442e62febec2004f79e041b (6.10-rc1)
+CVE-2024-38568 [drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group]
+ - linux 6.8.12-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/81bdd60a3d1d3b05e6cc6674845afb1694dd3a0e (6.10-rc1)
+CVE-2024-38567 [wifi: carl9170: add a proper sanity check for endpoints]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/b6dd09b3dac89b45d1ea3e3bd035a3859c0369a0 (6.10-rc1)
+CVE-2024-38566 [bpf: Fix verifier assumptions about socket->sk]
+ - linux 6.8.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/0db63c0b86e981a1e97d2596d64ceceba1a5470e (6.10-rc1)
+CVE-2024-38565 [wifi: ar5523: enable proper endpoint verification]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/e120b6388d7d88635d67dcae6483f39c37111850 (6.10-rc1)
+CVE-2024-38564 [bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE]
+ - linux 6.8.12-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/543576ec15b17c0c93301ac8297333c7b6e84ac7 (6.10-rc1)
+CVE-2024-38563 [wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature]
+ - linux 6.8.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/474b9412f33be87076b40a49756662594598a85e (6.10-rc1)
+CVE-2024-38562 [wifi: nl80211: Avoid address calculations via out of bounds array indexing]
+ - linux 6.8.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/838c7b8f1f278404d9d684c34a8cb26dc41aaaa1 (6.10-rc1)
+CVE-2024-38561 [kunit: Fix kthread reference]
+ - linux 6.8.12-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f8aa1b98ce40184521ed95ec26cc115a255183b2 (6.10-rc1)
+CVE-2024-38560 [scsi: bfa: Ensure the copied buf is NUL terminated]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/13d0cecb4626fae67c00c84d3c7851f6b62f7df3 (6.10-rc1)
+CVE-2024-38559 [scsi: qedf: Ensure the copied buf is NUL terminated]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/d0184a375ee797eb657d74861ba0935b6e405c62 (6.10-rc1)
+CVE-2024-38558 [net: openvswitch: fix overwriting ct original tuple for ICMPv6]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/7c988176b6c16c516474f6fceebe0f055af5eb56 (6.10-rc1)
+CVE-2024-38557 [net/mlx5: Reload only IB representors upon lag disable/enable]
+ - linux 6.8.12-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/0f06228d4a2dcc1fca5b3ddb0eefa09c05b102c4 (6.10-rc1)
+CVE-2024-38556 [net/mlx5: Add a timeout to acquire the command queue semaphore]
+ - linux 6.8.12-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/485d65e1357123a697c591a5aeb773994b247ad7 (6.10-rc1)
+CVE-2024-38555 [net/mlx5: Discard command completions in internal error]
+ - linux 6.8.12-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40 (6.10-rc1)
+CVE-2024-38554 [ax25: Fix reference count leak issue of net_device]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/36e56b1b002bb26440403053f19f9e1a8bc075b2 (6.10-rc1)
+CVE-2024-38553 [net: fec: remove .ndo_poll_controller to avoid deadlocks]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/c2e0c58b25a0a0c37ec643255558c5af4450c9f5 (6.10-rc1)
+CVE-2024-38552 [drm/amd/display: Fix potential index out of bounds in color transformation function]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/63ae548f1054a0b71678d0349c7dc9628ddd42ca (6.10-rc1)
+CVE-2024-38551 [ASoC: mediatek: Assign dummy when codec not specified for a DAI link]
+ - linux 6.8.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/5f39231888c63f0a7708abc86b51b847476379d8 (6.10-rc1)
+CVE-2024-38550 [ASoC: kirkwood: Fix potential NULL dereference]
+ - linux 6.8.12-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ea60ab95723f5738e7737b56dda95e6feefa5b50 (6.10-rc1)
+CVE-2024-38549 [drm/mediatek: Add 0 size check to mtk_drm_gem_obj]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/1e4350095e8ab2577ee05f8c3b044e661b5af9a0 (6.10-rc1)
+CVE-2024-38548 [drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference]
+ - linux 6.8.12-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/935a92a1c400285545198ca2800a4c6c519c650a (6.10-rc1)
+CVE-2024-38547 [media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/3b621e9e9e148c0928ab109ac3d4b81487469acb (6.10-rc1)
+CVE-2024-38546 [drm: vc4: Fix possible null pointer dereference]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/c534b63bede6cb987c2946ed4d0b0013a52c5ba7 (6.10-rc1)
+CVE-2024-38545 [RDMA/hns: Fix UAF for cq async event]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/a942ec2745ca864cd8512142100e4027dc306a42 (6.10-rc1)
+CVE-2024-38544 [RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/2b23b6097303ed0ba5f4bc036a1c07b6027af5c6 (6.10-rc1)
+CVE-2024-38543 [lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure]
+ - linux 6.8.12-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/c2af060d1c18beaec56351cf9c9bcbbc5af341a3 (6.10-rc1)
+CVE-2024-38542 [RDMA/mana_ib: boundary check before installing cq callbacks]
+ - linux 6.8.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f79edef79b6a2161f4124112f9b0c46891bb0b74 (6.10-rc1)
+CVE-2024-38541 [of: module: add buffer overflow check in of_modalias()]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/cf7385cb26ac4f0ee6c7385960525ad534323252 (6.10-rc1)
+CVE-2024-38540 [bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq]
+ - linux 6.8.12-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/78cfd17142ef70599d6409cbd709d94b3da58659 (6.10-rc1)
+CVE-2024-38539 [RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw]
+ - linux 6.8.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9c0731832d3b7420cbadba6a7f334363bc8dfb15 (6.10-rc1)
+CVE-2024-38538 [net: bridge: xmit: make sure we have at least eth header len bytes]
+ - linux 6.8.12-1
+ NOTE: https://git.kernel.org/linus/8bd67ebb50c0145fd2ca8681ab65eb7e8cde1afc (6.10-rc1)
+CVE-2024-36979 [net: bridge: mst: fix vlan use-after-free]
+ - linux 6.8.12-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/3a7c1661ae1383364cd6092d851f5e5da64d476b (6.10-rc1)
CVE-2024-23443
- kibana <itp> (bug #700337)
CVE-2024-6146 (Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overf ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32bd762dd1dc99e301efe35df93d1f5681d0aa5f
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32bd762dd1dc99e301efe35df93d1f5681d0aa5f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240619/4021f7d7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list