[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1c99fcef by Salvatore Bonaccorso at 2024-06-24T16:46:00+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,74 @@
+CVE-2024-39292 [um: Add winch to winch_handlers before registering winch IRQ]
+	- linux <unfixed>
+	[bookworm] - linux 6.1.94-1
+	NOTE: https://git.kernel.org/linus/a0fbbd36c156b9f7b2276871d499c9943dfe5101 (6.10-rc1)
+CVE-2024-39291 [drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode()]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/acce6479e30f73ab0872e93a75aed1fb791d04ec (6.10-rc1)
+CVE-2024-38667 [riscv: prevent pt_regs corruption for secondary idle threads]
+	- linux <unfixed>
+	[bookworm] - linux 6.1.94-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a638b0461b58aa3205cd9d5f14d6f703d795b4af (6.10-rc2)
+CVE-2024-38664 [drm: zynqmp_dpsub: Always register bridge]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/be3f3042391d061cfca2bd22630e0d101acea5fc (6.10-rc1)
+CVE-2024-38663 [blk-cgroup: fix list corruption from resetting io stat]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/6da6680632792709cecf2b006f2fe3ca7857e791 (6.10-rc1)
+CVE-2024-38384 [blk-cgroup: fix list corruption from reorder of WRITE ->lqueued]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d0aac2363549e12cc79b8e285f13d5a9f42fd08e (6.10-rc1)
+CVE-2024-37026 [drm/xe: Only use reserved BCS instances for usm migrate exec queue]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c8ea2c31f5ea437199b239d76ad5db27343edb0c (6.10-rc2)
+CVE-2024-37021 [fpga: manager: add owner module and take its refcount]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/4d4d2d4346857bf778fafaa97d6f76bb1663e3c9 (6.10-rc1)
+CVE-2024-36479 [fpga: bridge: add owner module and take its refcount]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/1da11f822042eb6ef4b6064dc048f157a7852529 (6.10-rc1)
+CVE-2024-35247 [fpga: region: add owner module and take its refcount]
+	- linux <unfixed>
+	[bookworm] - linux 6.1.94-1
+	NOTE: https://git.kernel.org/linus/b7c0e1ecee403a43abc89eb3e75672b01ff2ece9 (6.10-rc1)
+CVE-2024-34030 [PCI: of_property: Return error for int_map allocation failure]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/e6f7d27df5d208b50cae817a91d128fb434bb12c (6.10-rc1)
+CVE-2024-34027 [f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock]
+	- linux <unfixed>
+	[bookworm] - linux 6.1.94-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/0a4ed2d97cb6d044196cc3e726b6699222b41019 (6.10-rc1)
+CVE-2024-33847 [f2fs: compress: don't allow unaligned truncation on released compress inode]
+	- linux <unfixed>
+	[bookworm] - linux 6.1.94-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/29ed2b5dd521ce7c5d8466cd70bf0cc9d07afeee (6.10-rc1)
+CVE-2024-32936 [media: ti: j721e-csi2rx: Fix races while restarting DMA]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ad79c9ecea5baa7b4f19677e4b1c881ed89b0c3b (6.10-rc1)
 CVE-2024-6280 (A vulnerability was found in SourceCodester Simple Online Bidding Syst ...)
 	NOT-FOR-US: SourceCodester Simple Online Bidding System
 CVE-2024-6279 (A vulnerability was found in lahirudanushka School Management System 1 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c99fcef2724f9fb90899944c0cf28f2096dc8a9

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c99fcef2724f9fb90899944c0cf28f2096dc8a9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240624/cfc9f0e6/attachment-0001.htm>