[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Thu Nov 7 11:18:00 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
47adaeea by Salvatore Bonaccorso at 2024-11-07T12:17:31+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,159 @@
+CVE-2024-50172 [RDMA/bnxt_re: Fix a possible memory leak]
+	- linux 6.11.6-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3fc5410f225d1651580a4aeb7c72f55e28673b53 (6.12-rc4)
+CVE-2024-50171 [net: systemport: fix potential memory leak in bcm_sysport_xmit()]
+	- linux 6.11.6-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/c401ed1c709948e57945485088413e1bb5e94bd1 (6.12-rc4)
+CVE-2024-50170 [net: bcmasp: fix potential memory leak in bcmasp_xmit()]
+	- linux 6.11.6-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/fed07d3eb8a8d9fcc0e455175a89bc6445d6faed (6.12-rc4)
+CVE-2024-50169 [vsock: Update rx_bytes on read_skb()]
+	- linux 6.11.6-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3543152f2d330141d9394d28855cb90b860091d2 (6.12-rc4)
+CVE-2024-50168 [net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()]
+	- linux 6.11.6-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/2cb3f56e827abb22c4168ad0c1bbbf401bb2f3b8 (6.12-rc5)
+CVE-2024-50167 [be2net: fix potential memory leak in be_xmit()]
+	- linux 6.11.6-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/e4dd8bfe0f6a23acd305f9b892c00899089bd621 (6.12-rc5)
+CVE-2024-50166 [fsl/fman: Fix refcount handling of fman-related devices]
+	- linux 6.11.6-1
+	NOTE: https://git.kernel.org/linus/1dec67e0d9fbb087c2ab17bf1bd17208231c3bb1 (6.12-rc5)
+CVE-2024-50165 [bpf: Preserve param->string when parsing mount options]
+	- linux 6.11.6-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/1f97c03f43fadc407de5b5cb01c07755053e1c22 (6.12-rc5)
+CVE-2024-50164 [bpf: Fix overloading of MEM_UNINIT's meaning]
+	- linux 6.11.6-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8ea607330a39184f51737c6ae706db7fdca7628e (6.12-rc5)
+CVE-2024-50163 [bpf: Make sure internal and UAPI bpf_redirect flags don't overlap]
+	- linux 6.11.6-1
+	[bookworm] - linux 6.1.115-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/09d88791c7cd888d5195c84733caf9183dcfbd16 (6.12-rc4)
+CVE-2024-50162 [bpf: devmap: provide rxq after redirect]
+	- linux 6.11.6-1
+	[bookworm] - linux 6.1.115-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ca9984c5f0ab3690d98b13937b2485a978c8dd73 (6.12-rc4)
+CVE-2024-50161 [bpf: Check the remaining info_cnt before repeating btf fields]
+	- linux 6.11.6-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/797d73ee232dd1833dec4824bc53a22032e97c1c (6.12-rc4)
+CVE-2024-50160 [ALSA: hda/cs8409: Fix possible NULL dereference]
+	- linux 6.11.6-1
+	[bookworm] - linux 6.1.115-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c9bd4a82b4ed32c6d1c90500a52063e6e341517f (6.12-rc4)
+CVE-2024-50159 [firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()]
+	- linux 6.11.6-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/39b13dce1a91cdfc3bec9238f9e89094551bd428 (6.12-rc4)
+CVE-2024-50158 [RDMA/bnxt_re: Fix out of bound check]
+	- linux 6.11.6-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a9e6e7443922ac0a48243c35d03834c96926bff1 (6.12-rc4)
+CVE-2024-50157 [RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop]
+	- linux 6.11.6-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8be3e5b0c96beeefe9d5486b96575d104d3e7d17 (6.12-rc4)
+CVE-2024-50156 [drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()]
+	- linux 6.11.6-1
+	[bookworm] - linux 6.1.115-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/293f53263266bc4340d777268ab4328a97f041fa (6.12-rc4)
+CVE-2024-50155 [netdevsim: use cond_resched() in nsim_dev_trap_report_work()]
+	- linux 6.11.6-1
+	[bookworm] - linux 6.1.115-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a1494d532e28598bde7a5544892ef9c7dbfafa93 (6.12-rc4)
+CVE-2024-50154 [tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().]
+	- linux 6.11.6-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/e8c526f2bdf1845bedaf6a478816a3d06fa78b8f (6.12-rc4)
+CVE-2024-50153 [scsi: target: core: Fix null-ptr-deref in target_alloc_device()]
+	- linux 6.11.6-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/fca6caeb4a61d240f031914413fcc69534f6dc03 (6.12-rc4)
+CVE-2024-50152 [smb: client: fix possible double free in smb2_set_ea()]
+	- linux 6.11.6-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/19ebc1e6cab334a8193398d4152deb76019b5d34 (6.12-rc4)
+CVE-2024-50151 [smb: client: fix OOBs when building SMB2_IOCTL request]
+	- linux 6.11.6-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/1ab60323c5201bef25f2a3dc0ccc404d9aca77f1 (6.12-rc4)
+CVE-2024-50150 [usb: typec: altmode should keep reference to parent]
+	- linux 6.11.6-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/befab3a278c59db0cc88c8799638064f6d3fd6f8 (6.12-rc4)
+CVE-2024-50149 [drm/xe: Don't free job in TDR]
+	- linux 6.11.6-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/82926f52d7a09c65d916c0ef8d4305fc95d68c0c (6.12-rc4)
+CVE-2024-50148 [Bluetooth: bnep: fix wild-memory-access in proto_unregister]
+	- linux 6.11.6-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/64a90991ba8d4e32e3173ddd83d0b24167a5668c (6.12-rc4)
+CVE-2024-50147 [net/mlx5: Fix command bitmask initialization]
+	- linux 6.11.6-1
+	[bookworm] - linux 6.1.115-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d62b14045c6511a7b2d4948d1a83a4e592deeb05 (6.12-rc4)
+CVE-2024-50146 [net/mlx5e: Don't call cleanup on profile rollback failure]
+	- linux 6.11.6-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4dbc1d1a9f39c3711ad2a40addca04d07d9ab5d0 (6.12-rc4)
+CVE-2024-50145 [octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()]
+	- linux 6.11.6-1
+	[bookworm] - linux 6.1.115-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/eb592008f79be52ccef88cd9a5249b3fc0367278 (6.12-rc5)
+CVE-2024-50144 [drm/xe: fix unbalanced rpm put() with fence_fini()]
+	- linux 6.11.6-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/03a86c24aea0920a1ca20a0d7771d5e176db538d (6.12-rc4)
+CVE-2024-50143 [udf: fix uninit-value use in udf_get_fileshortad]
+	- linux 6.11.6-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/264db9d666ad9a35075cc9ed9ec09d021580fbb1 (6.12-rc2)
+CVE-2024-50142 [xfrm: validate new SA's prefixlen using SA family when sel.family is unset]
+	- linux 6.11.6-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/3f0ab59e6537c6a8f9e1b355b48f9c05a76e8563 (6.12-rc5)
+CVE-2024-50141 [ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context]
+	- linux 6.11.6-1
+	[bookworm] - linux 6.1.115-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/088984c8d54c0053fc4ae606981291d741c5924b (6.12-rc5)
+CVE-2024-50140 [sched/core: Disable page allocation in task_tick_mm_cid()]
+	- linux 6.11.6-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/73ab05aa46b02d96509cb029a8d04fca7bbde8c7 (6.12-rc4)
+CVE-2024-50139 [KVM: arm64: Fix shift-out-of-bounds bug]
+	- linux 6.11.6-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c6c167afa090ea0451f91814e1318755a8fb8bb9 (6.12-rc5)
 CVE-2024-51990 (jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected v ...)
 	NOT-FOR-US: jj
 CVE-2024-51736 (Symphony process is a module for the Symphony PHP framework which exec ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47adaeea6bed6fa040ef40d3be95beadfb5a87e6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47adaeea6bed6fa040ef40d3be95beadfb5a87e6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241107/7869460b/attachment.htm>
