[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Wed May 8 20:56:35 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
16021d47 by Salvatore Bonaccorso at 2024-05-08T21:55:42+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2024-27397 [netfilter: nf_tables: use timestamp to check for set element timeout]
+	- linux 6.7.7-1
+	NOTE: https://git.kernel.org/linus/7395dfacfff65e9938ac0889dafa1ab01e987d15 (6.8-rc4)
+CVE-2024-27396 [net: gtp: Fix Use-After-Free in gtp_dellink]
+	- linux <unfixed>
+	[bookworm] - linux 6.1.90-1
+	[bullseye] - linux 5.10.216-1
+	NOTE: https://git.kernel.org/linus/f2a904107ee2b647bb7794a1a82b67740d7c8a64 (6.9-rc6)
+CVE-2024-27395 [net: openvswitch: Fix Use-After-Free in ovs_ct_exit]
+	- linux <unfixed>
+	[bookworm] - linux 6.1.90-1
+	[bullseye] - linux 5.10.216-1
+	NOTE: https://git.kernel.org/linus/5ea7b72d4fac2fdbc0425cd8f2ea33abe95235b2 (6.9-rc6)
+CVE-2024-27394 [tcp: Fix Use-After-Free in tcp_ao_connect_init]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/80e679b352c3ce5158f3f778cfb77eb767e586fb (6.9-rc6)
+CVE-2024-27393 [xen-netfront: Add missing skb_mark_for_recycle]
+	- linux <unfixed>
+	[bookworm] - linux 6.1.85-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/037965402a010898d34f4e35327d22c0a95cd51f (6.9-rc3)
+CVE-2023-52654 [io_uring/af_unix: disable sending io_uring over sockets]
+	- linux 6.6.8-1
+	[bookworm] - linux 6.1.69-1
+	[bullseye] - linux 5.10.205-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/705318a99a138c29a512a72c3e0043b3cd7f55f4 (6.7-rc5)
 CVE-2024-24787
 	- golang-1.22 <not-affected> (Specific to MacOS)
 	- golang-1.21 <not-affected> (Specific to MacOS)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16021d477293cdb799c7eed19ebc20646508ba2c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16021d477293cdb799c7eed19ebc20646508ba2c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240508/9eddb5b8/attachment.htm>
