[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Mon Mar 18 17:07:38 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b586321d by Salvatore Bonaccorso at 2024-03-18T18:07:23+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2024-26641 [ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()]
+	- linux 6.7.7-1
+	NOTE: https://git.kernel.org/linus/8d975c15c0cd744000ca386247432d57b21f9df0 (6.8-rc3)
+CVE-2024-26640 [tcp: add sanity checks to rx zerocopy]
+	- linux 6.7.7-1
+	NOTE: https://git.kernel.org/linus/577e4432f3ac810049cb7e6b71f4d96ec7c6e894 (6.8-rc3)
+CVE-2024-26639 [mm, kmsan: fix infinite recursion due to RCU critical section]
+	- linux 6.7.7-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f6564fce256a3944aa1bc76cb3c40e792d97c1eb (6.8-rc3)
+CVE-2024-26638 [nbd: always initialize struct msghdr completely]
+	- linux 6.6.15-1
+	[bookworm] - linux 6.1.76-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/78fbb92af27d0982634116c7a31065f24d092826 (6.8-rc1)
+CVE-2024-26637 [wifi: ath11k: rely on mac80211 debugfs handling for vif]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/556857aa1d0855aba02b1c63bc52b91ec63fc2cc (6.8-rc2)
+CVE-2024-26636 [llc: make llc_ui_sendmsg() more robust against bonding changes]
+	- linux 6.6.15-1
+	[bookworm] - linux 6.1.76-1
+	NOTE: https://git.kernel.org/linus/dad555c816a50c6a6a8a86be1f9177673918c647 (6.8-rc2)
+CVE-2024-26635 [llc: Drop support for ETH_P_TR_802_2.]
+	- linux 6.6.15-1
+	[bookworm] - linux 6.1.76-1
+	NOTE: https://git.kernel.org/linus/e3f9bed9bee261e3347131764e42aeedf1ffea61 (6.8-rc2)
+CVE-2024-26634 [net: fix removing a namespace with conflicting altnames]
+	- linux 6.6.15-1
+	[bookworm] - linux 6.1.76-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d09486a04f5da0a812c26217213b89a3b1acf836 (6.8-rc2)
+CVE-2024-26633 [ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()]
+	- linux 6.6.15-1
+	[bookworm] - linux 6.1.76-1
+	[bullseye] - linux 5.10.209-1
+	NOTE: https://git.kernel.org/linus/d375b98e0248980681e5e56b712026174d617198 (6.8-rc1)
+CVE-2024-26632 [block: Fix iterating over an empty bio with bio_for_each_folio_all]
+	- linux 6.6.15-1
+	[bookworm] - linux 6.1.76-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/7bed6f3d08b7af27b7015da8dc3acf2b9c1f21d7 (6.8-rc1)
+CVE-2024-26631 [ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work]
+	- linux 6.6.15-1
+	[bookworm] - linux 6.1.76-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/2e7ef287f07c74985f1bf2858bedc62bd9ebf155 (6.8-rc1)
+CVE-2023-52619 [pstore/ram: Fix crash when setting number of cpus to an odd number]
+	- linux 6.7.7-1
+	NOTE: https://git.kernel.org/linus/d49270a04623ce3c0afddbf3e984cb245aa48e9c (6.8-rc1)
+CVE-2023-52618 [block/rnbd-srv: Check for unlikely string overflow]
+	- linux 6.7.7-1
+	NOTE: https://git.kernel.org/linus/9e4bf6a08d1e127bcc4bd72557f2dfafc6bc7f41 (6.8-rc1)
+CVE-2023-52617 [PCI: switchtec: Fix stdev_release() crash after surprise hot remove]
+	- linux 6.7.7-1
+	NOTE: https://git.kernel.org/linus/df25461119d987b8c81d232cfe4411e91dcabe66 (6.8-rc1)
+CVE-2023-52616 [crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init]
+	- linux 6.6.15-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ba3c5574203034781ac4231acf117da917efcd2a (6.8-rc1)
+CVE-2023-52615 [hwrng: core - Fix page fault dead lock on mmap-ed hwrng]
+	- linux 6.6.15-1
+	[bookworm] - linux 6.1.76-1
+	NOTE: https://git.kernel.org/linus/78aafb3884f6bc6636efcc1760c891c8500b9922 (6.8-rc1)
+CVE-2023-52614 [PM / devfreq: Fix buffer overflow in trans_stat_show]
+	- linux 6.6.15-1
+	[bookworm] - linux 6.1.76-1
+	NOTE: https://git.kernel.org/linus/08e23d05fa6dc4fc13da0ccf09defdd4bbc92ff4 (6.8-rc1)
+CVE-2023-52613 [drivers/thermal/loongson2_thermal: Fix incorrect PTR_ERR() judgment]
+	- linux 6.6.15-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/15ef92e9c41124ee9d88b01208364f3fe1f45f84 (6.8-rc1)
+CVE-2023-52612 [crypto: scomp - fix req->dst buffer overflow]
+	- linux 6.6.15-1
+	[bookworm] - linux 6.1.76-1
+	[bullseye] - linux 5.10.209-1
+	NOTE: https://git.kernel.org/linus/744e1885922a9943458954cfea917b31064b4131 (6.8-rc1)
+CVE-2023-52611 [wifi: rtw88: sdio: Honor the host max_req_size in the RX path]
+	- linux 6.6.15-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/00384f565a91c08c4bedae167f749b093d10e3fe (6.8-rc1)
+CVE-2023-52610 [net/sched: act_ct: fix skb leak and crash on ooo frags]
+	- linux 6.6.15-1
+	[bookworm] - linux 6.1.76-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3f14b377d01d8357eba032b4cabc8c1149b458b6 (6.8-rc1)
+CVE-2023-52609 [binder: fix race between mmput() and do_exit()]
+	- linux 6.6.15-1
+	[bookworm] - linux 6.1.76-1
+	[bullseye] - linux 5.10.209-1
+	NOTE: https://git.kernel.org/linus/9a9ab0d963621d9d12199df9817e66982582d5a5 (6.8-rc1)
 CVE-2024-2581 (A vulnerability was found in Tenda AC10 16.03.10.13 and classified as  ...)
 	NOT-FOR-US: Tenda
 CVE-2024-2577 (A vulnerability has been found in SourceCodester Employee Task Managem ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b586321d4bccb122f7ea553db7923f0741200048

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b586321d4bccb122f7ea553db7923f0741200048
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240318/1d7f7a6e/attachment-0001.htm>
