[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 1 19:49:13 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
83c72f90 by Salvatore Bonaccorso at 2024-05-01T20:48:30+02:00
Merge Linux CVEs from kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,349 @@
+CVE-2024-27392 [nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()]
+ - linux <unfixed>
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/8d0d2447394b13fb22a069f0330f9c49b7fff9d3 (6.9-rc1)
+CVE-2024-27391 [wifi: wilc1000: do not realloc workqueue everytime an interface is added]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/328efda22af81130c2ad981c110518cb29ff2f1d (6.9-rc1)
+CVE-2024-27390 [ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/17ef8efc00b34918b966388b2af0993811895a8c (6.9-rc1)
+CVE-2024-27389 [pstore: inode: Only d_invalidate() is needed]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/a43e0fc5e9134a46515de2f2f8d4100b74e50de3 (6.9-rc1)
+CVE-2024-27388 [SUNRPC: fix some memleaks in gssx_dec_option_array]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ NOTE: https://git.kernel.org/linus/3cfcfc102a5e57b021b786a755a38935e357797d (6.9-rc1)
+CVE-2024-27080 [btrfs: fix race when detecting delalloc ranges during fiemap]
+ - linux <unfixed>
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/978b63f7464abcfd364a6c95f734282c50f3decf (6.9-rc1)
+CVE-2024-27079 [iommu/vt-d: Fix NULL domain on device release]
+ - linux <unfixed>
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/81e921fd321614c2ad8ac333b041aae1da7a1c6d (6.9-rc1)
+CVE-2024-27078 [media: v4l2-tpg: fix some memleaks in tpg_alloc]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ NOTE: https://git.kernel.org/linus/8cf9c5051076e0eb958f4361d50d8b0c3ee6691c (6.9-rc1)
+CVE-2024-27077 [media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ NOTE: https://git.kernel.org/linus/8f94b49a5b5d386c038e355bef6347298aabd211 (6.9-rc1)
+CVE-2024-27076 [media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/4797a3dd46f220e6d83daf54d70c5b33db6deb01 (6.9-rc1)
+CVE-2024-27075 [media: dvb-frontends: avoid stack overflow warnings with clang]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ NOTE: https://git.kernel.org/linus/7a4cf27d1f0538f779bf31b8c99eda394e277119 (6.9-rc1)
+CVE-2024-27074 [media: go7007: fix a memleak in go7007_load_encoder]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ NOTE: https://git.kernel.org/linus/b9b683844b01d171a72b9c0419a2d760d946ee12 (6.9-rc1)
+CVE-2024-27073 [media: ttpci: fix two memleaks in budget_av_attach]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ NOTE: https://git.kernel.org/linus/d0b07f712bf61e1a3cf23c87c663791c42e50837 (6.9-rc1)
+CVE-2024-27072 [media: usbtv: Remove useless locks in usbtv_video_free()]
+ - linux <unfixed>
+ NOTE: https://git.kernel.org/linus/65e6a2773d655172143cc0b927cdc89549842895 (6.9-rc1)
+CVE-2024-27071 [backlight: hx8357: Fix potential NULL pointer dereference]
+ - linux <unfixed>
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b1ba8bcb2d1ffce11b308ce166c9cc28d989e3b9 (6.9-rc1)
+CVE-2024-27070 [f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault]
+ - linux <unfixed>
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/eb70d5a6c932d9d23f4bb3e7b83782c21ac4b064 (6.9-rc1)
+CVE-2024-27069 [ovl: relax WARN_ON in ovl_verify_area()]
+ - linux <unfixed>
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/77a28aa476873048024ad56daf8f4f17d58ee48e (6.9-rc1)
+CVE-2024-27068 [thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path]
+ - linux 6.7.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ca93bf607a44c1f009283dac4af7df0d9ae5e357 (6.9-rc1)
+CVE-2024-27067 [xen/evtchn: avoid WARN() when unbinding an event channel]
+ - linux 6.7.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/51c23bd691c0f1fb95b29731c356c6fd69925d17 (6.9-rc1)
+CVE-2024-27066 [virtio: packed: fix unmap leak for indirect desc table]
+ - linux 6.7.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/d5c0ed17fea60cca9bc3bf1278b49ba79242bbcd (6.9-rc1)
+CVE-2024-27065 [netfilter: nf_tables: do not compare internal table flags on updates]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/4a0e7f2decbf9bd72461226f1f5f7dcc4b08f139 (6.9-rc1)
+CVE-2024-27064 [netfilter: nf_tables: Fix a memory leak in nf_tables_updchain]
+ - linux 6.7.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/7eaf837a4eb5f74561e2486972e7f5184b613f6e (6.9-rc1)
+CVE-2024-27063 [leds: trigger: netdev: Fix kernel panic on interface rename trig notify]
+ - linux 6.7.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/415798bc07dd1c1ae3a656aa026580816e0b9fe8 (6.9-rc1)
+CVE-2024-27062 [nouveau: lock the client object tree.]
+ - linux 6.7.12-1
+ NOTE: https://git.kernel.org/linus/b7cc4ff787a572edf2c55caeffaa88cd801eb135 (6.8)
+CVE-2024-27061 [crypto: sun8i-ce - Fix use after free in unprepare]
+ - linux 6.7.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/183420038444547c149a0fc5f58e792c2752860c (6.8)
+CVE-2024-27060 [thunderbolt: Fix NULL pointer dereference in tb_port_update_credits()]
+ - linux 6.7.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/d3d17e23d1a0d1f959b4fa55b35f1802d9c584fa (6.8)
+CVE-2024-27059 [USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ NOTE: https://git.kernel.org/linus/014bcf41d946b36a8f0b8e9b5d9529efbb822f49 (6.8)
+CVE-2024-27058 [tmpfs: fix race on handling dquot rbtree]
+ - linux 6.7.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/0a69b6b3a026543bc215ccc866d0aea5579e6ce2 (6.9-rc2)
+CVE-2024-27057 [ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend]
+ - linux 6.7.12-1
+ NOTE: https://git.kernel.org/linus/c40aad7c81e5fba34b70123ed7ce3397fa62a4d2 (6.8-rc5)
+CVE-2024-27056 [wifi: iwlwifi: mvm: ensure offloading TID queue exists]
+ - linux 6.7.12-1
+ NOTE: https://git.kernel.org/linus/78f65fbf421a61894c14a1b91fe2fb4437b3fe5f (6.8-rc7)
+CVE-2024-27055 [workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active()]
+ - linux 6.7.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/15930da42f8981dc42c19038042947b475b19f47 (6.9-rc1)
+CVE-2024-27054 [s390/dasd: fix double module refcount decrement]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ NOTE: https://git.kernel.org/linus/c3116e62ddeff79cae342147753ce596f01fcf06 (6.9-rc1)
+CVE-2024-27053 [wifi: wilc1000: fix RCU usage in connect path]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/205c50306acf58a335eb19fa84e40140f4fe814f (6.9-rc1)
+CVE-2024-27052 [wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/1213acb478a7181cd73eeaf00db430f1e45b1361 (6.9-rc1)
+CVE-2024-27051 [cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ NOTE: https://git.kernel.org/linus/f661017e6d326ee187db24194cabb013d81bc2a6 (6.9-rc1)
+CVE-2024-27050 [libbpf: Use OPTS_SET() macro in bpf_xdp_query()]
+ - linux 6.7.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/92a871ab9fa59a74d013bc04f321026a057618e7 (6.9-rc1)
+CVE-2024-27049 [wifi: mt76: mt7925e: fix use-after-free in free_irq()]
+ - linux 6.7.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/a5a5f4413d91f395cb2d89829d376d7393ad48b9 (6.9-rc1)
+CVE-2024-27048 [wifi: brcm80211: handle pmk_op allocation failure]
+ - linux 6.7.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b4152222e04cb8afeeca239c90e3fcaf4c553b42 (6.9-rc1)
+CVE-2024-27047 [net: phy: fix phy_get_internal_delay accessing an empty array]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/4469c0c5b14a0919f5965c7ceac96b523eb57b79 (6.9-rc1)
+CVE-2024-27046 [nfp: flower: handle acti_netdevs allocation failure]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ NOTE: https://git.kernel.org/linus/84e95149bd341705f0eca6a7fcb955c548805002 (6.9-rc1)
+CVE-2024-27045 [drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()']
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/4b09715f1504f1b6e8dff0e9643630610bc05141 (6.9-rc1)
+CVE-2024-27044 [drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()']
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/9ccfe80d022df7c595f1925afb31de2232900656 (6.9-rc1)
+CVE-2024-27043 [media: edia: dvbdev: fix a use-after-free]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ NOTE: https://git.kernel.org/linus/8c64f4cdf4e6cc5682c52523713af8c39c94e6d5 (6.9-rc1)
+CVE-2024-27042 [drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()']
+ - linux 6.7.12-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/cdb637d339572398821204a1142d8d615668f1e9 (6.9-rc1)
+CVE-2024-27041 [drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini()]
+ - linux 6.7.12-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/2a3cfb9a24a28da9cc13d2c525a76548865e182c (6.9-rc1)
+CVE-2024-27040 [drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()']
+ - linux 6.7.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f6aed043ee5d75b3d1bfc452b1a9584b63c8f76b (6.9-rc1)
+CVE-2024-27039 [clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/64c6a38136b74a2f18c42199830975edd9fbc379 (6.9-rc1)
+CVE-2024-27038 [clk: Fix clk_core_get NULL dereference]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/e97fe4901e0f59a0bfd524578fe3768f8ca42428 (6.9-rc1)
+CVE-2024-27037 [clk: zynq: Prevent null pointer dereference caused by kmalloc failure]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ NOTE: https://git.kernel.org/linus/7938e9ce39d6779d2f85d822cc930f73420e54a6 (6.9-rc1)
+CVE-2024-27036 [cifs: Fix writeback data corruption]
+ - linux 6.7.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/f3dc1bdb6b0b0693562c7c54a6c28bafa608ba3c (6.9-rc1)
+CVE-2024-27035 [f2fs: compress: fix to guarantee persisting compressed blocks by CP]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/8a430dd49e9cb021372b0ad91e60aeef9c6ced00 (6.9-rc1)
+CVE-2024-27034 [f2fs: compress: fix to cover normal cluster write with cp_rwsem]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/fd244524c2cf07b5f4c3fe8abd6a99225c76544b (6.9-rc1)
+CVE-2024-27033 [f2fs: fix to remove unnecessary f2fs_bug_on() to avoid panic]
+ - linux 6.7.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b896e302f79678451a94769ddd9e52e954c64fbb (6.9-rc1)
+CVE-2024-27032 [f2fs: fix to avoid potential panic during recovery]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ NOTE: https://git.kernel.org/linus/21ec68234826b1b54ab980a8df6e33c74cfbee58 (6.9-rc1)
+CVE-2024-27031 [NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt]
+ - linux 6.7.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/fd5860ab6341506004219b080aea40213b299d2e (6.9-rc1)
+CVE-2024-27030 [octeontx2-af: Use separate handlers for interrupts]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/50e60de381c342008c0956fd762e1c26408f372c (6.9-rc1)
+CVE-2024-27029 [drm/amdgpu: fix mmhub client id out-of-bounds access]
+ - linux 6.7.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/6540ff6482c1a5a6890ae44b23d0852ba1986d9e (6.9-rc1)
+CVE-2024-27028 [spi: spi-mt65xx: Fix NULL pointer access in interrupt handler]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ NOTE: https://git.kernel.org/linus/a20ad45008a7c82f1184dc6dee280096009ece55 (6.9-rc1)
+CVE-2024-27027 [dpll: fix dpll_xa_ref_*_del() for multiple registrations]
+ - linux 6.7.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b446631f355ece73b13c311dd712c47381a23172 (6.9-rc1)
+CVE-2024-27026 [vmxnet3: Fix missing reserved tailroom]
+ - linux 6.7.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/e127ce7699c1e05279ee5ee61f00893e7bfa9671 (6.9-rc1)
+CVE-2024-27025 [nbd: null check for nla_nest_start]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ NOTE: https://git.kernel.org/linus/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d (6.9-rc1)
+CVE-2024-27024 [net/rds: fix WARNING in rds_conn_connect_if_down]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.82-1
+ NOTE: https://git.kernel.org/linus/c055fc00c07be1f0df7375ab0036cebd1106ed38 (6.8)
+CVE-2024-27023 [md: Fix missing release of 'active_io' for flush]
+ - linux 6.7.7-1
+ [bookworm] - linux 6.1.82-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/855678ed8534518e2b428bcbcec695de9ba248e8 (6.8-rc6)
+CVE-2023-52653 [SUNRPC: fix a memleak in gss_import_v2_context]
+ - linux 6.7.12-1
+ NOTE: https://git.kernel.org/linus/e67b652d8e8591d3b1e569dbcdfcee15993e91fa (6.9-rc1)
+CVE-2023-52652 [NTB: fix possible name leak in ntb_register_device()]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ NOTE: https://git.kernel.org/linus/aebfdfe39b9327a3077d0df8db3beb3160c9bdd0 (6.9-rc1)
+CVE-2023-52651 [wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ NOTE: https://git.kernel.org/linus/ad25ee36f00172f7d53242dc77c69fff7ced0755 (6.9-rc1)
+CVE-2023-52650 [drm/tegra: dsi: Add missing check for of_find_device_by_node]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ NOTE: https://git.kernel.org/linus/afe6fcb9775882230cd29b529203eabd5d2a638d (6.9-rc1)
+CVE-2023-52649 [drm/vkms: Avoid reading beyond LUT array]
+ - linux 6.7.12-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/2fee84030d12d9fddfa874e4562d71761a129277 (6.9-rc1)
+CVE-2022-48669 [powerpc/pseries: Fix potential memleak in papr_get_attr()]
+ - linux 6.7.12-1
+ [bookworm] - linux 6.1.85-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/cda9c0d556283e2d4adaa9960b2dc19b16156bae (6.9-rc1)
CVE-2024-4331
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83c72f90030e1b950f646523b68ae2327bdb6ade
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83c72f90030e1b950f646523b68ae2327bdb6ade
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240501/10cb2745/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list