[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 25 19:49:27 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
80fdb946 by Salvatore Bonaccorso at 2024-03-25T20:48:52+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,204 @@
+CVE-2021-47180 [NFC: nci: fix memory leak in nci_allocate_device]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/e0652f8bb44d6294eeeac06d703185357f25d50b (5.13-rc4)
+CVE-2021-47179 [NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/a421d218603ffa822a0b8045055c03eae394a7eb (5.13-rc4)
+CVE-2021-47178 [scsi: target: core: Avoid smp_processor_id() in preemptible code]
+	- linux 5.14.6-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/70ca3c57ff914113f681e657634f7fbfa68e1ad1 (5.13-rc4)
+CVE-2021-47177 [iommu/vt-d: Fix sysfs leak in alloc_iommu()]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/0ee74d5a48635c848c20f152d0d488bf84641304 (5.13-rc4)
+CVE-2021-47176 [s390/dasd: add missing discipline function]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.178-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c0c8a8397fa8a74d04915f4d3d28cb4a5d401427 (5.13-rc4)
+CVE-2021-47175 [net/sched: fq_pie: fix OOB access in the traffic path]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/e70f7a11876a1a788ceadf75e9e5f7af2c868680 (5.13-rc4)
+CVE-2021-47174 [netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f0b3d338064e1fe7531f0d2977e35f3b334abfb4 (5.13-rc4)
+CVE-2021-47173 [misc/uss720: fix memory leak in uss720_probe]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/dcb4b8ad6a448532d8b681b5d1a7036210b622de (5.13-rc4)
+CVE-2021-47172 [iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f2a772c51206b0c3f262e4f6a3812c89a650191b (5.13-rc4)
+CVE-2021-47171 [net: usb: fix memory leak in smsc75xx_bind]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/46a8b29c6306d8bbfd92b614ef65a47c900d8e70 (5.13-rc4)
+CVE-2021-47170 [USB: usbfs: Don't WARN about excessively large memory allocations]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/4f2629ea67e7225c3fd292c7fe4f5b3c9d6392de (5.13-rc4)
+CVE-2021-47169 [serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait']
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/016002848c82eeb5d460489ce392d91fe18c475c (5.13-rc4)
+CVE-2021-47168 [NFS: fix an incorrect limit in filelayout_decode_layout()]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/769b01ea68b6c49dc3cde6adf7e53927dacbd3a8 (5.13-rc4)
+CVE-2021-47167 [NFS: Fix an Oopsable condition in __nfs_pageio_add_request()]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	NOTE: https://git.kernel.org/linus/56517ab958b7c11030e626250c00b9b1a24b41eb (5.13-rc4)
+CVE-2021-47166 [NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/0d0ea309357dea0d85a82815f02157eb7fcda39f (5.13-rc4)
+CVE-2021-47165 [drm/meson: fix shutdown crash when component not probed]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/7cfc4ea78fc103ea51ecbacd9236abb5b1c490d2 (5.13-rc4)
+CVE-2021-47164 [net/mlx5e: Fix null deref accessing lag dev]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/83026d83186bc48bb41ee4872f339b83f31dfc55 (5.13-rc4)
+CVE-2021-47163 [tipc: wait and exit until all work queues are done]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	NOTE: https://git.kernel.org/linus/04c26faa51d1e2fe71cf13c45791f5174c37f986 (5.13-rc4)
+CVE-2021-47162 [tipc: skb_linearize the head skb when reassembling msgs]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/b7df21cf1b79ab7026f545e7bf837bd5750ac026 (5.13-rc4)
+CVE-2021-47161 [spi: spi-fsl-dspi: Fix a resource leak in an error handling path]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux 4.19.208-1
+	NOTE: https://git.kernel.org/linus/680ec0549a055eb464dce6ffb4bfb736ef87236e (5.13-rc4)
+CVE-2021-47160 [net: dsa: mt7530: fix VLAN traffic leaks]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/474a2ddaa192777522a7499784f1d60691cd831a (5.13-rc4)
+CVE-2021-47159 [net: dsa: fix a crash if ->get_sset_count() fails]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/a269333fa5c0c8e53c92b5a28a6076a28cde3e83 (5.13-rc4)
+CVE-2021-47158 [net: dsa: sja1105: add error handling in sja1105_setup()]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/cec279a898a3b004411682f212215ccaea1cd0fb (5.13-rc4)
+CVE-2021-47153 [i2c: i801: Don't generate an interrupt on bus reset]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/e4d8716c3dcec47f1557024add24e1f3c09eb24b (5.13-rc4)
+CVE-2021-47152 [mptcp: fix data stream corruption]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/29249eac5225429b898f278230a6ca2baa1ae154 (5.13-rc4)
+CVE-2021-47151 [interconnect: qcom: bcm-voter: add a missing of_node_put()]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a00593737f8bac2c9e97b696e7ff84a4446653e8 (5.13-rc4)
+CVE-2021-47150 [net: fec: fix the potential memory leak in fec_enet_init()]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/619fee9eb13b5d29e4267cb394645608088c28a8 (5.13-rc4)
+CVE-2021-47149 [net: fujitsu: fix potential null-ptr-deref]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/52202be1cd996cde6e8969a128dc27ee45a7cb5e (5.13-rc3)
+CVE-2021-47148 [octeontx2-pf: fix a buffer overflow in otx2_set_rxfh_context()]
+	- linux 5.14.6-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/e5cc361e21648b75f935f9571d4003aaee480214 (5.13-rc4)
+CVE-2021-47147 [ptp: ocp: Fix a resource leak in an error handling path]
+	- linux 5.14.6-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9c1bb37f8cad5e2ee1933fa1da9a6baa7876a8e4 (5.13-rc4)
+CVE-2021-47146 [mld: fix panic in mld_newpack()]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/020ef930b826d21c5446fdc9db80fd72a791bc21 (5.13-rc4)
+CVE-2021-47145 [btrfs: do not BUG_ON in link_to_fixup_dir]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/91df99a6eb50d5a1bc70fff4a09a0b7ae6aab96d (5.13-rc3)
+CVE-2021-47144 [drm/amd/amdgpu: fix refcount leak]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/fa7e6abc75f3d491bc561734312d065dc9dc2a77 (5.13-rc3)
+CVE-2021-47143 [net/smc: remove device from smcd_dev_list after failed device_add()]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	NOTE: https://git.kernel.org/linus/444d7be9532dcfda8e0385226c862fd7e986f607 (5.13-rc4)
+CVE-2021-47142 [drm/amdgpu: Fix a use-after-free]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux 4.19.194-1
+	NOTE: https://git.kernel.org/linus/1e5c37385097c35911b0f8a0c67ffd10ee1af9a2 (5.13-rc3)
+CVE-2021-47141 [gve: Add NULL pointer checks when freeing irqs.]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/5218e919c8d06279884aa0baf76778a6817d5b93 (5.13-rc4)
+CVE-2021-47140 [iommu/amd: Clear DMA ops when switching domain]
+	- linux 5.14.6-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d6177a6556f853785867e2ec6d5b7f4906f0d809 (5.13-rc4)
+CVE-2021-47139 [net: hns3: put off calling register_netdev() until client initialize complete]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a289a7e5c1d49b7d47df9913c1cc81fb48fab613 (5.13-rc4)
+CVE-2021-47138 [cxgb4: avoid accessing registers when clearing filters]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/88c380df84fbd03f9b137c2b9d0a44b9f2f553b0 (5.13-rc4)
+CVE-2021-47137 [net: lantiq: fix memory corruption in RX ring]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c7718ee96dbc2f9c5fc3b578abdf296dd44b9c20 (5.13-rc4)
+CVE-2021-47136 [net: zero-initialize tc skb extension on allocation]
+	- linux 5.14.6-1
+	[bullseye] - linux 5.10.46-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9453d45ecb6c2199d72e73c993e9d98677a2801b (5.13-rc4)
 CVE-2024-2863 (This vulnerability allows remote attackers to traverse paths via file  ...)
 	NOT-FOR-US: LG
 CVE-2024-2862 (This vulnerability allows remote attackers to reset the password of an ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80fdb946d549e070cea7edce54c5ba4ed35c608a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80fdb946d549e070cea7edce54c5ba4ed35c608a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240325/2f0af23e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list