[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 13 16:53:41 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bcc1c6ec by Salvatore Bonaccorso at 2024-05-13T17:52:58+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2024-27401 [firewire: nosy: ensure user_length is taken into account when fetching packet contents]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/38762a0763c10c24a4915feee722d7aa6e73eb98 (6.9-rc7)
+CVE-2024-27400 [drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d3a9331a6591e9df64791e076f6591f440af51c3 (6.9-rc7)
+CVE-2024-27399 [Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/adf0398cee86643b8eacde95f17d073d022f782c (6.9)
+CVE-2024-27398 [Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/483bc08181827fc475643272ffb69c533007e546 (6.9)
+CVE-2023-52656 [io_uring: drop any code related to SCM_RIGHTS]
+	- linux 6.7.12-1
+	[bookworm] - linux 6.1.85-1
+	[bullseye] - linux 5.10.216-1
+	NOTE: https://git.kernel.org/linus/6e5e6d274956305f1fc0340522b38f5f5be74bdb (6.8-rc1)
+CVE-2023-52655 [usb: aqc111: check packet for fixup for true limit]
+	- linux 6.6.8-1
+	[bookworm] - linux 6.1.69-1
+	[bullseye] - linux 5.10.205-1
+	NOTE: https://git.kernel.org/linus/ccab434e674ca95d483788b1895a70c21b7f016a (6.7-rc3)
 CVE-2024-25581 [Transfer requests received over DoH can lead to a denial of service in DNSdist]
 	- dnsdist <unfixed>
 	[bookworm] - dnsdist <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcc1c6ec1b2402e02468b4a8dd9b468f0b4cb082

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcc1c6ec1b2402e02468b4a8dd9b468f0b4cb082
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240513/fd7f86aa/attachment.htm>

More information about the debian-security-tracker-commits mailing list