[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Nov 8 06:28:58 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5e170ed4 by Salvatore Bonaccorso at 2024-11-08T07:28:25+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,170 @@
+CVE-2024-50211 [udf: refactor inode_bmap() to handle error]
+	- linux 6.11.6-1
+	NOTE: https://git.kernel.org/linus/c226964ec786f3797ed389a16392ce4357697d24 (6.12-rc2)
+CVE-2024-50210 [posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()]
+	- linux 6.11.6-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/6e62807c7fbb3c758d233018caf94dfea9c65dbd (6.12-rc5)
+CVE-2024-50209 [RDMA/bnxt_re: Add a check for memory allocation]
+	- linux 6.11.6-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/c5c1ae73b7741fa3b58e6e001b407825bb971225 (6.12-rc4)
+CVE-2024-50208 [RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages]
+	- linux 6.11.6-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/7988bdbbb85ac85a847baf09879edcd0f70521dc (6.12-rc4)
+CVE-2024-50207 [ring-buffer: Fix reader locking when changing the sub buffer order]
+	- linux 6.11.6-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/09661f75e75cb6c1d2d8326a70c311d46729235f (6.12-rc4)
+CVE-2024-50206 [net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init]
+	- linux 6.11.6-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/88806efc034a9830f483963326b99930ad519af1 (6.12-rc4)
+CVE-2024-50205 [ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()]
+	- linux 6.11.6-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/72cafe63b35d06b5cfbaf807e90ae657907858da (6.12-rc5)
+CVE-2024-50204 [fs: don't try and remove empty rbtree node]
+	- linux 6.11.6-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/229fd15908fe1f99b1de4cde3326e62d1e892611 (6.12-rc5)
+CVE-2024-50203 [bpf, arm64: Fix address emission with tag-based KASAN enabled]
+	- linux 6.11.6-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a552e2ef5fd1a6c78267cd4ec5a9b49aa11bbb1c (6.12-rc5)
+CVE-2024-50202 [nilfs2: propagate directory read errors from nilfs_find_entry()]
+	- linux 6.11.5-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/08cfa12adf888db98879dbd735bc741360a34168 (6.12-rc4)
+CVE-2024-50201 [drm/radeon: Fix encoder->possible_clones]
+	- linux 6.11.5-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/28127dba64d8ae1a0b737b973d6d029908599611 (6.12-rc4)
+CVE-2024-50200 [maple_tree: correct tree corruption on spanning store]
+	- linux 6.11.5-1
+	[bookworm] - linux 6.1.115-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/bea07fd63192b61209d48cbb81ef474cc3ee4c62 (6.12-rc4)
+CVE-2024-50199 [mm/swapfile: skip HugeTLB pages for unuse_vma]
+	- linux 6.11.5-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/7528c4fb1237512ee18049f852f014eba80bbe8d (6.12-rc4)
+CVE-2024-50198 [iio: light: veml6030: fix IIO device retrieval from embedded device]
+	- linux 6.11.5-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/c7c44e57750c31de43906d97813273fdffcf7d02 (6.12-rc4)
+CVE-2024-50197 [pinctrl: intel: platform: fix error path in device_for_each_child_node()]
+	- linux 6.11.5-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/16a6d2e685e8f9a2f51dd5a363d3f97fcad35e22 (6.12-rc4)
+CVE-2024-50196 [pinctrl: ocelot: fix system hang on level based interrupts]
+	- linux 6.11.5-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/93b8ddc54507a227087c60a0013ed833b6ae7d3c (6.12-rc4)
+CVE-2024-50195 [posix-clock: Fix missing timespec64 check in pc_clock_settime()]
+	- linux 6.11.5-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/d8794ac20a299b647ba9958f6d657051fc51a540 (6.12-rc4)
+CVE-2024-50194 [arm64: probes: Fix uprobes for big-endian kernels]
+	- linux 6.11.5-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/13f8f1e05f1dc36dbba6cba0ae03354c0dafcde7 (6.12-rc4)
+CVE-2024-50193 [x86/entry_32: Clear CPU buffers after register restore in NMI return]
+	- linux 6.11.5-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/48a2440d0f20c826b884e04377ccc1e4696c84e9 (6.12-rc4)
+CVE-2024-50192 [irqchip/gic-v4: Don't allow a VMOVP on a dying VPE]
+	- linux 6.11.5-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/1442ee0011983f0c5c4b92380e6853afb513841a (6.12-rc4)
+CVE-2024-50191 [ext4: don't set SB_RDONLY after filesystem errors]
+	- linux 6.11.4-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/d3476f3dad4ad68ae5f6b008ea6591d1520da5d8 (6.12-rc1)
+CVE-2024-50190 [ice: fix memleak in ice_init_tx_topology()]
+	- linux 6.11.4-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c188afdc36113760873ec78cbc036f6b05f77621 (6.12-rc3)
+CVE-2024-50189 [HID: amd_sfh: Switch to device-managed dmam_alloc_coherent()]
+	- linux 6.11.4-1
+	[bookworm] - linux 6.1.115-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c56f9ecb7fb6a3a90079c19eb4c8daf3bbf514b3 (6.12-rc4)
+CVE-2024-50188 [net: phy: dp83869: fix memory corruption when enabling fiber]
+	- linux 6.11.4-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/a842e443ca8184f2dc82ab307b43a8b38defd6a5 (6.12-rc3)
+CVE-2024-50187 [drm/vc4: Stop the active perfmon before being destroyed]
+	- linux 6.11.4-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/0b2ad4f6f2bec74a5287d96cb2325a5e11706f22 (6.12-rc3)
+CVE-2024-50186 [net: explicitly clear the sk pointer, when pf->create fails]
+	- linux 6.11.4-1
+	[bookworm] - linux 6.1.115-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/631083143315d1b192bd7d915b967b37819e88ea (6.12-rc3)
+CVE-2024-50185 [mptcp: handle consistently DSS corruption]
+	- linux 6.11.4-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/e32d262c89e2b22cb0640223f953b548617ed8a6 (6.12-rc3)
+CVE-2024-50184 [virtio_pmem: Check device status before requesting flush]
+	- linux 6.11.4-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/e25fbcd97cf52c3c9824d44b5c56c19673c3dd50 (6.12-rc1)
+CVE-2024-50183 [scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance]
+	- linux 6.11.4-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/0a3c84f71680684c1d41abb92db05f95c09111e8 (6.12-rc1)
+CVE-2024-50182 [secretmem: disable memfd_secret() if arch cannot set direct map]
+	- linux 6.11.4-1
+	[bookworm] - linux 6.1.115-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/532b53cebe58f34ce1c0f34d866f5c0e335c53c6 (6.12-rc3)
+CVE-2024-50181 [clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D]
+	- linux 6.11.4-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/a54c441b46a0745683c2eef5a359d22856d27323 (6.12-rc1)
+CVE-2024-50180 [fbdev: sisfb: Fix strbuf array overflow]
+	- linux 6.11.4-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/9cf14f5a2746c19455ce9cb44341b5527b5e19c3 (6.12-rc1)
+CVE-2024-50179 [ceph: remove the incorrect Fw reference check when dirtying pages]
+	- linux 6.11.4-1
+	[bookworm] - linux 6.1.115-1
+	NOTE: https://git.kernel.org/linus/c08dfb1b49492c09cf13838c71897493ea3b424e (6.12-rc1)
+CVE-2024-50178 [cpufreq: loongson3: Use raw_smp_processor_id() in do_service_request()]
+	- linux 6.11.4-1
+	NOTE: https://git.kernel.org/linus/2b7ec33e534f7a10033a5cf07794acf48b182bbe (6.12-rc1)
+CVE-2024-50177 [drm/amd/display: fix a UBSAN warning in DML2.1]
+	- linux 6.11.4-1
+	NOTE: https://git.kernel.org/linus/eaf3adb8faab611ba57594fa915893fc93a7788c (6.12-rc1)
+CVE-2024-50176 [remoteproc: k3-r5: Fix error handling when power-up failed]
+	- linux 6.11.4-1
+	[bookworm] - linux 6.1.115-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9ab27eb5866ccbf57715cfdba4b03d57776092fb (6.12-rc1)
+CVE-2024-50175 [media: qcom: camss: Remove use_count guard in stop_streaming]
+	- linux 6.11.4-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/25f18cb1b673220b76a86ebef8e7fb79bd303b27 (6.12-rc1)
+CVE-2024-50174 [drm/panthor: Fix race when converting group handle to group object]
+	- linux 6.11.4-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/cac075706f298948898b1f63e81709df42afa75d (6.12-rc2)
+CVE-2024-50173 [drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup()]
+	- linux 6.11.4-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/282864cc5d3f144af0cdea1868ee2dc2c5110f0d (6.12-rc2)
 CVE-2024-9926 (The Jetpack WordPress plugin does not have proper authorisation in one ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-8442 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider,  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e170ed48bf8f6aec3c3b16faab310a0770ccaae

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e170ed48bf8f6aec3c3b16faab310a0770ccaae
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241108/a9a9c395/attachment.htm>

More information about the debian-security-tracker-commits mailing list