[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Wed May 22 07:58:19 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
94fda6f3 by Salvatore Bonaccorso at 2024-05-22T08:57:43+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,195 @@
+CVE-2021-47473 [scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	NOTE: https://git.kernel.org/linus/7fb223d0ad801f633c78cbe42b1d1b55f5d163ad (5.15-rc7)
+CVE-2021-47472 [net: mdiobus: Fix memory leak in __mdiobus_register]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	[buster] - linux 4.19.232-1
+	NOTE: https://git.kernel.org/linus/ab609f25d19858513919369ff3d9a63c02cd9e2e (5.15-rc4)
+CVE-2021-47471 [drm: mxsfb: Fix NULL pointer dereference crash on unload]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3cfc183052c3dbf8eae57b6c1685dab00ed3db4a (5.15-rc7)
+CVE-2021-47470 [mm, slub: fix potential use-after-free in slab_debugfs_fops]
+	- linux 5.14.16-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/67823a544414def2a36c212abadb55b23bcda00c (5.15-rc7)
+CVE-2021-47469 [spi: Fix deadlock when adding SPI controllers on SPI buses]
+	- linux 5.14.16-1
+	NOTE: https://git.kernel.org/linus/6098475d4cb48d821bdf453c61118c56e26294f0 (5.15-rc6)
+CVE-2021-47468 [isdn: mISDN: Fix sleeping function called from invalid context]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	[buster] - linux 4.19.232-1
+	NOTE: https://git.kernel.org/linus/6510e80a0b81b5d814e3aea6297ba42f5e76f73c (5.15-rc6)
+CVE-2021-47467 [kunit: fix reference count leak in kfree_at_end]
+	- linux 5.14.16-1
+	NOTE: https://git.kernel.org/linus/f62314b1ced25c58b86e044fc951cd6a1ea234cf (5.15-rc6)
+CVE-2021-47466 [mm, slub: fix potential memoryleak in kmem_cache_open()]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	NOTE: https://git.kernel.org/linus/9037c57681d25e4dcc442d940d6dbe24dd31f461 (5.15-rc7)
+CVE-2021-47465 [KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest()]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9b4416c5095c20e110c82ae602c254099b83b72f (5.15-rc6)
+CVE-2021-47464 [audit: fix possible null-pointer dereference in audit_filter_rules]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/6e3ee990c90494561921c756481d0e2125d8b895 (5.15-rc7)
+CVE-2021-47463 [mm/secretmem: fix NULL page->mapping dereference in page_is_secretmem()]
+	- linux 5.14.16-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/79f9bc5843142b649575f887dccdf1c07ad75c20 (5.15-rc7)
+CVE-2021-47462 [Description:]
+	- linux 5.14.16-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/6d2aec9e123bb9c49cb5c7fc654f25f81e688e8c (5.15-rc7)
+CVE-2021-47461 [userfaultfd: fix a race between writeprotect and exit_mmap()]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/cb185d5f1ebf900f4ae3bf84cee212e6dd035aca (5.15-rc7)
+CVE-2021-47460 [ocfs2: fix data corruption after conversion from inline format]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	[buster] - linux 4.19.232-1
+	NOTE: https://git.kernel.org/linus/5314454ea3ff6fc746eaf71b9a7ceebed52888fa (5.15-rc7)
+CVE-2021-47459 [can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d9d52a3ebd284882f5562c88e55991add5d01586 (5.15-rc7)
+CVE-2021-47458 [ocfs2: mount fails with buffer overflow in strlen]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	[buster] - linux 4.19.232-1
+	NOTE: https://git.kernel.org/linus/b15fa9224e6e1239414525d8d556d824701849fc (5.15-rc7)
+CVE-2021-47457 [can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible()]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9acf636215a6ce9362fe618e7da4913b8bfe84c8 (5.15-rc7)
+CVE-2021-47456 [can: peak_pci: peak_pci_remove(): fix UAF]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	[buster] - linux 4.19.232-1
+	NOTE: https://git.kernel.org/linus/949fe9b35570361bc6ee2652f89a0561b26eec98 (5.15-rc7)
+CVE-2021-47455 [ptp: Fix possible memory leak in ptp_clock_register()]
+	- linux 5.14.16-1
+	NOTE: https://git.kernel.org/linus/4225fea1cb28370086e17e82c0f69bec2779dca0 (5.15-rc7)
+CVE-2021-47454 [powerpc/smp: do not decrement idle task preempt count in CPU offline]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/787252a10d9422f3058df9a4821f389e5326c440 (5.15-rc7)
+CVE-2021-47453 [ice: Avoid crash from unnecessary IDA free]
+	- linux 5.14.16-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/73e30a62b19b9fbb4e6a3465c59da186630d5f2e (5.15-rc7)
+CVE-2021-47452 [netfilter: nf_tables: skip netdev events generated on netns removal]
+	- linux 5.14.16-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/68a3765c659f809dcaac20030853a054646eb739 (5.15-rc7)
+CVE-2021-47451 [netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/902c0b1887522a099aa4e1e6b4b476c2fe5dd13e (5.15-rc7)
+CVE-2021-47450 [KVM: arm64: Fix host stage-2 PGD refcount]
+	- linux 5.15.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/1d58a17ef54599506d44c45ac95be27273a4d2b1 (5.15)
+CVE-2021-47449 [ice: fix locking for Tx timestamp tracking flush]
+	- linux 5.14.16-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4d4a223a86afe658cd878800f09458e8bb54415d (5.15-rc6)
+CVE-2021-47448 [mptcp: fix possible stall on recvmsg()]
+	- linux 5.14.16-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/612f71d7328c14369924384ad2170aae2a6abd92 (5.15-rc6)
+CVE-2021-47447 [drm/msm/a3xx: fix error handling in a3xx_gpu_init()]
+	- linux 5.14.16-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3eda901995371d390ef82d0b6462f4ea8efbcfdf (5.15-rc6)
+CVE-2021-47446 [drm/msm/a4xx: fix error handling in a4xx_gpu_init()]
+	- linux 5.14.16-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/980d74e7d03ccf2eaa11d133416946bd880c7c08 (5.15-rc6)
+CVE-2021-47445 [drm/msm: Fix null pointer dereference on pointer edp]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	[buster] - linux 4.19.232-1
+	NOTE: https://git.kernel.org/linus/2133c4fc8e1348dcb752f267a143fe2254613b34 (5.15-rc6)
+CVE-2021-47444 [drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/97794170b696856483f74b47bfb6049780d2d3a0 (5.15-rc6)
+CVE-2021-47443 [NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	[buster] - linux 4.19.232-1
+	NOTE: https://git.kernel.org/linus/58e7dcc9ca29c14e44267a4d0ea61e3229124907 (5.15-rc6)
+CVE-2021-47442 [NFC: digital: fix possible memory leak in digital_in_send_sdd_req()]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	[buster] - linux 4.19.232-1
+	NOTE: https://git.kernel.org/linus/291c932fc3692e4d211a445ba8aa35663831bac7 (5.15-rc6)
+CVE-2021-47441 [mlxsw: thermal: Fix out-of-bounds memory accesses]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	NOTE: https://git.kernel.org/linus/332fdf951df8b870e3da86b122ae304e2aabe88c (5.15-rc6)
+CVE-2021-47440 [net: encx24j600: check error in devm_regmap_init_encx24j600]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	[buster] - linux 4.19.232-1
+	NOTE: https://git.kernel.org/linus/f03dca0c9e2297c84a018e306f8a9cd534ee4287 (5.15-rc6)
+CVE-2021-47439 [net: dsa: microchip: Added the condition for scheduling ksz_mib_read_work]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ef1100ef20f29aec4e62abeccdb5bdbebba1e378 (5.15-rc6)
+CVE-2021-47438 [net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	NOTE: https://git.kernel.org/linus/94b960b9deffc02fc0747afc01f72cc62ab099e3 (5.15-rc6)
+CVE-2021-47437 [iio: adis16475: fix deadlock on frequency set]
+	- linux 5.14.16-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	[buster] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9da1b86865ab4376408c58cd9fec332c8bdb5c73 (5.15-rc6)
+CVE-2021-47436 [usb: musb: dsps: Fix the probe error path]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	[buster] - linux 4.19.232-1
+	NOTE: https://git.kernel.org/linus/c2115b2b16421d93d4993f3fe4c520e91d6fe801 (5.15-rc6)
+CVE-2021-47435 [dm: fix mempool NULL pointer race when completing IO]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.113-1
+	[buster] - linux 4.19.249-1
+	NOTE: https://git.kernel.org/linus/d208b89401e073de986dc891037c5a668f5d5d95 (5.15-rc6)
+CVE-2021-47434 [xhci: Fix command ring pointer corruption while aborting a command]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	[buster] - linux 4.19.232-1
+	NOTE: https://git.kernel.org/linus/ff0e50d3564f33b7f4b35cadeabd951d66cfc570 (5.15-rc6)
+CVE-2021-47433 [btrfs: fix abort logic in btrfs_replace_file_extents]
+	- linux 5.14.16-1
+	[bullseye] - linux 5.10.84-1
+	NOTE: https://git.kernel.org/linus/4afb912f439c4bc4e6a4f3e7547f2e69e354108f (5.15-rc6)
 CVE-2024-5148
 	[experimental] - gnome-remote-desktop 46.2-1
 	- gnome-remote-desktop <not-affected> (Vulnerable code only in 46 series)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94fda6f33689ca1e7655e34e981d46fab92fe2ac

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94fda6f33689ca1e7655e34e981d46fab92fe2ac
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240522/84f5154a/attachment-0001.htm>
