[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 15 20:49:56 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a1fd772a by Salvatore Bonaccorso at 2024-03-15T21:49:22+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,100 @@
+CVE-2021-47135 [mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d874e6c06952382897d35bf4094193cd44ae91bd (5.13-rc5)
+CVE-2021-47134 [efi/fdt: fix panic when no valid fdt found]
+	- linux 5.10.46-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/668a84c1bfb2b3fd5a10847825a854d63fac7baa (5.13-rc5)
+CVE-2021-47133 [HID: amd_sfh: Fix memory leak in amd_sfh_work]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/5ad755fd2b326aa2bc8910b0eb351ee6aece21b1 (5.13-rc5)
+CVE-2021-47132 [mptcp: fix sk_forward_memory corruption on retransmission]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/b5941f066b4ca331db225a976dae1d6ca8cf0ae3 (5.13-rc5)
+CVE-2021-47131 [net/tls: Fix use-after-free after the TLS device goes down and up]
+	- linux 5.10.46-1
+	NOTE: https://git.kernel.org/linus/c55dcdd435aa6c6ad6ccac0a4c636d010ee367a4 (5.13-rc5)
+CVE-2021-47130 [nvmet: fix freeing unallocated p2pmem]
+	- linux 5.10.46-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/bcd9a0797d73eeff659582f23277e7ab6e5f18f3 (5.13-rc5)
+CVE-2021-47129 [netfilter: nft_ct: skip expectations for confirmed conntrack]
+	- linux 5.10.46-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/1710eb913bdcda3917f44d383c32de6bdabfc836 (5.13-rc5)
+CVE-2021-47128 [bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks]
+	- linux 5.10.46-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ff40e51043af63715ab413995ff46996ecf9583f (5.13-rc5)
+CVE-2021-47127 [ice: track AF_XDP ZC enabled queues in bitmap]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/e102db780e1c14f10c70dafa7684af22a745b51d (5.13-rc5)
+CVE-2021-47126 [ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions]
+	- linux 5.10.46-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/821bbf79fe46a8b1d18aa456e8ed0a3c208c3754 (5.13-rc5)
+CVE-2021-47125 [sch_htb: fix refcount leak in htb_parent_to_leaf_offload]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/944d671d5faa0d78980a3da5c0f04960ef1ad893 (5.13-rc5)
+CVE-2021-47124 [io_uring: fix link timeout refs]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.70-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a298232ee6b9a1d5d732aa497ff8be0d45b5bd82 (5.13-rc2)
+CVE-2021-47123 [io_uring: fix ltout double free on completion race]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/447c19f3b5074409c794b350b10306e1da1ef4ba (5.13-rc2)
+CVE-2021-47122 [net: caif: fix memory leak in caif_device_notify]
+	- linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/b53558a950a89824938e9811eddfc8efcd94e1bb (5.13-rc5)
+CVE-2021-47121 [net: caif: fix memory leak in cfusbl_device_notify]
+	- linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/7f5d86669fa4d485523ddb1d212e0a2d90bd62bb (5.13-rc5)
+CVE-2021-47120 [HID: magicmouse: fix NULL-deref on disconnect]
+	- linux 5.10.46-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4b4f6cecca446abcb686c6e6c451d4f1ec1a7497 (5.13-rc5)
+CVE-2021-47119 [ext4: fix memory leak in ext4_fill_super]
+	- linux 5.10.46-1
+	NOTE: https://git.kernel.org/linus/afd09b617db3786b6ef3dc43e28fe728cfea84df (5.13-rc5)
+CVE-2021-47118 [pid: take a reference when initializing `cad_pid`]
+	- linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/0711f0d7050b9e07c44bc159bbc64ac0a1022c7f (5.13-rc5)
+CVE-2021-47117 [ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed]
+	- linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/082cd4ec240b8734a82a89ffb890216ac98fec68 (5.13-rc5)
+CVE-2021-47116 [ext4: fix memory leak in ext4_mb_init_backend on error path.]
+	- linux 5.10.46-1
+	NOTE: https://git.kernel.org/linus/a8867f4e3809050571c98de7a2d465aff5e4daf5 (5.13-rc5)
+CVE-2021-47115 [nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect]
+	- linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/4ac06a1e013cf5fdd963317ffd3b968560f33bba (5.13-rc5)
+CVE-2021-47114 [ocfs2: fix data corruption by fallocate]
+	- linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/6bba4471f0cc1296fe3c2089b9e52442d3074b2e (5.13-rc5)
+CVE-2021-47113 [btrfs: abort in rename_exchange if we fail to insert the second ref]
+	- linux 5.10.46-1
+	NOTE: https://git.kernel.org/linus/dc09ef3562726cd520c8338c1640872a60187af5 (5.13-rc5)
+CVE-2021-47112 [x86/kvm: Teardown PV features on boot CPU as well]
+	- linux 5.10.46-1
+	NOTE: https://git.kernel.org/linus/8b79feffeca28c5459458fe78676b081e87c93a4 (5.13-rc2)
+CVE-2021-47111 [xen-netback: take a reference to the RX task thread]
+	- linux 5.10.46-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/107866a8eb0b664675a260f1ba0655010fac1e08 (5.13-rc6)
+CVE-2021-47110 [x86/kvm: Disable kvmclock on all CPUs on shutdown]
+	- linux 5.10.46-1
+	NOTE: https://git.kernel.org/linus/c02027b5742b5aa804ef08a4a9db433295533046 (5.13-rc2)
+CVE-2021-47109 [neighbour: allow NUD_NOARP entries to be forced GCed]
+	- linux 5.10.46-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f (5.13-rc7)
 CVE-2024-2537 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
 	NOT-FOR-US: Logitech Logi Tune
 CVE-2024-2497 (A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1fd772a6f901b1fa8b44c9dafb5509aa088cac6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1fd772a6f901b1fa8b44c9dafb5509aa088cac6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240315/314a1927/attachment.htm>

More information about the debian-security-tracker-commits mailing list