[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Nov 9 12:57:29 GMT 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
03462763 by Salvatore Bonaccorso at 2024-11-09T13:56:46+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,212 @@
+CVE-2024-50262 [bpf: Fix out-of-bounds write in trie_get_next_key()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/13400ac8fb80c57c2bfb12ebd35ee121ce9b4d21 (6.12-rc6)
+CVE-2024-50261 [macsec: Fix use-after-free while sending the offloading packet]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f1e54d11b210b53d418ff1476c6b58a2f434dfc0 (6.12-rc6)
+CVE-2024-50260 [sock_map: fix a NULL pointer dereference in sock_map_link_update_prog()]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/740be3b9a6d73336f8c7d540842d0831dc7a808b (6.12-rc6)
+CVE-2024-50259 [netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write()]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4ce1f56a1eaced2523329bef800d004e30f2f76c (6.12-rc6)
+CVE-2024-50258 [net: fix crash when config small gso_max_size/gso_ipv4_max_size]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/9ab5cf19fb0e4680f95e506d6c544259bf1111c4 (6.12-rc6)
+CVE-2024-50257 [netfilter: Fix use-after-free in get_info()]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f48d258f0ac540f00fa617dac496c4c18b5dc2fa (6.12-rc6)
+CVE-2024-50256 [netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/4ed234fe793f27a3b151c43d2106df2ff0d81aac (6.12-rc6)
+CVE-2024-50255 [Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/1e67d8641813f1876a42eeb4f532487b8a7fb0a8 (6.12-rc6)
+CVE-2024-50254 [bpf: Free dynamically allocated bits in bpf_iter_bits_destroy()]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/101ccfbabf4738041273ce64e2b116cf440dea13 (6.12-rc6)
+CVE-2024-50253 [bpf: Check the validity of nr_words in bpf_iter_bits_new()]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/393397fbdcad7396639d7077c33f86169184ba99 (6.12-rc6)
+CVE-2024-50252 [mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/12ae97c531fcd3bfd774d4dfeaeac23eafe24280 (6.12-rc6)
+CVE-2024-50251 [netfilter: nft_payload: sanitize offset and length before calling skb_checksum()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/d5953d680f7e96208c29ce4139a0e38de87a57fe (6.12-rc6)
+CVE-2024-50250 [fsdax: dax_unshare_iter needs to copy entire blocks]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/50793801fc7f6d08def48754fb0f0706b0cfc394 (6.12-rc6)
+CVE-2024-50249 [ACPI: CPPC: Make rmw_lock a raw_spin_lock]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/1c10941e34c5fdc0357e46a25bd130d9cf40b925 (6.12-rc6)
+CVE-2024-50248 [ntfs3: Add bounds checking to mi_enum_attr()]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/556bdf27c2dd5c74a9caacbe524b943a6cd42d99 (6.12-rc3)
+CVE-2024-50247 [fs/ntfs3: Check if more than chunk-size bytes are written]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9931122d04c6d431b2c11b5bb7b10f28584067f0 (6.12-rc3)
+CVE-2024-50246 [fs/ntfs3: Add rough attr alloc_size check]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c4a8ba334262e9a5c158d618a4820e1b9c12495c (6.12-rc3)
+CVE-2024-50245 [fs/ntfs3: Fix possible deadlock in mi_read]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/03b097099eef255fbf85ea6a786ae3c91b11f041 (6.12-rc3)
+CVE-2024-50244 [fs/ntfs3: Additional check in ni_clear()]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d178944db36b3369b78a08ba520de109b89bf2a9 (6.12-rc3)
+CVE-2024-50243 [fs/ntfs3: Fix general protection fault in run_is_mapped_full]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a33fb016e49e37aafab18dc3c8314d6399cb4727 (6.12-rc3)
+CVE-2024-50242 [fs/ntfs3: Additional check in ntfs_file_release]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/031d6f608290c847ba6378322d0986d08d1a645a (6.12-rc3)
+CVE-2024-50241 [NFSD: Initialize struct nfsd4_copy earlier]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/63fab04cbd0f96191b6e5beedc3b643b01c15889 (6.12-rc6)
+CVE-2024-50240 [phy: qcom: qmp-usb: fix NULL-deref on runtime suspend]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/bd9e4d4a3b127686efc60096271b0a44c3100061 (6.12-rc6)
+CVE-2024-50239 [phy: qcom: qmp-usb-legacy: fix NULL-deref on runtime suspend]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/29240130ab77c80bea1464317ae2a5fd29c16a0c (6.12-rc6)
+CVE-2024-50238 [phy: qcom: qmp-usbc: fix NULL-deref on runtime suspend]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/34c21f94fa1e147a19b54b6adf0c93a623b70dd8 (6.12-rc6)
+CVE-2024-50237 [wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/393b6bc174b0dd21bb2a36c13b36e62fc3474a23 (6.12-rc6)
+CVE-2024-50236 [wifi: ath10k: Fix memory leak in management tx]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/e15d84b3bba187aa372dff7c58ce1fd5cb48a076 (6.12-rc6)
+CVE-2024-50235 [wifi: cfg80211: clear wdev->cqm_config pointer on free]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d5fee261dfd9e17b08b1df8471ac5d5736070917 (6.12-rc6)
+CVE-2024-50234 [wifi: iwlegacy: Clear stale interrupts before resuming device]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/07c90acb071b9954e1fecb1e4f4f13d12c544b34 (6.12-rc6)
+CVE-2024-50233 [staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/6bd301819f8f69331a55ae2336c8b111fc933f3d (6.12-rc6)
+CVE-2024-50232 [iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr()]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/efa353ae1b0541981bc96dbf2e586387d0392baa (6.12-rc6)
+CVE-2024-50231 [iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table()]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/691e79ffc42154a9c91dc3b7e96a307037b4be74 (6.12-rc6)
+CVE-2024-50230 [nilfs2: fix kernel bug due to missing clearing of checked flag]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/41e192ad2779cae0102879612dfe46726e4396aa (6.12-rc6)
+CVE-2024-50229 [nilfs2: fix potential deadlock with newly created symlinks]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/b3a033e3ecd3471248d474ef263aadc0059e516a (6.12-rc6)
+CVE-2024-50228 [mm: shmem: fix data-race in shmem_getattr()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/d949d1d14fa281ace388b1de978e8f2cd52875cf (6.12-rc6)
+CVE-2024-50227 [thunderbolt: Fix KASAN reported stack out-of-bounds read in tb_retimer_scan()]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/e9e1b20fae7de06ba36dd3f8dba858157bad233d (6.12-rc6)
+CVE-2024-50226 [cxl/port: Fix use-after-free, permit out-of-order decoder shutdown]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/101c268bd2f37e965a5468353e62d154db38838e (6.12-rc6)
+CVE-2024-50225 [btrfs: fix error propagation of split bios]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d48e1dea3931de64c26717adc2b89743c7ab6594 (6.12-rc6)
+CVE-2024-50224 [spi: spi-fsl-dspi: Fix crash when not using GPIO chip select]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/25f00a13dccf8e45441265768de46c8bf58e08f6 (6.12-rc6)
+CVE-2024-50223 [sched/numa: Fix the potential null pointer dereference in task_numa_work()]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9c70b2a33cd2aa6a5a59c5523ef053bd42265209 (6.12-rc6)
+CVE-2024-50222 [iov_iter: fix copy_page_from_iter_atomic() if KMAP_LOCAL_FORCE_MAP]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/c749d9b7ebbc5716af7a95f7768634b30d9446ec (6.12-rc6)
+CVE-2024-50221 [drm/amd/pm: Vangogh: Fix kernel memory out of bounds write]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/4aa923a6e6406b43566ef6ac35a3d9a3197fa3e8 (6.12-rc6)
+CVE-2024-50220 [fork: do not invoke uffd on fork if error occurs]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/f64e67e5d3a45a4a04286c47afade4b518acd47b (6.12-rc6)
+CVE-2024-50219 [mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/281dd25c1a018261a04d1b8bf41a0674000bfe38 (6.12-rc6)
+CVE-2024-50218 [ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/bc0a2f3a73fcdac651fca64df39306d1e5ebe3b0 (6.12-rc6)
+CVE-2024-50217 [btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()]
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/linus/aec8e6bf839101784f3ef037dcdb9432c3f32343 (6.12-rc6)
+CVE-2024-50216 [xfs: fix finding a last resort AG in xfs_filestream_pick_ag]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/dc60992ce76fbc2f71c2674f435ff6bde2108028 (6.12-rc6)
+CVE-2024-50215 [nvmet-auth: assign dh_key to NULL after kfree_sensitive]
+	- linux <unfixed>
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/d2f551b1f72b4c508ab9298419f6feadc3b5d791 (6.12-rc6)
+CVE-2024-50214 [drm/connector: hdmi: Fix memory leak in drm_display_mode_from_cea_vic()]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/926163342a2e7595d950e84c17c693b1272bd491 (6.12-rc6)
+CVE-2024-50213 [drm/tests: hdmi: Fix memory leaks in drm_display_mode_from_cea_vic()]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/add4163aca0d4a86e9fe4aa513865e4237db8aef (6.12-rc6)
+CVE-2024-50212 [lib: alloc_tag_module_unload must wait for pending kfree_rcu calls]
+	- linux <unfixed>
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/dc783ba4b9df3fb3e76e968b2cbeb9960069263c (6.12-rc4)
 CVE-2024-9874 (The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls plugi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-9775 (The Anih - Creative Agency WordPress Theme theme for WordPress is vuln ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03462763e9d753198f8b9aaf4bd10318990c57dc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03462763e9d753198f8b9aaf4bd10318990c57dc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241109/73fa7557/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list