[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 6 19:19:34 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fa454f24 by Salvatore Bonaccorso at 2025-03-06T20:18:55+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,98 @@
+CVE-2024-58073 [drm/msm/dpu: check dpu_plane_atomic_print_state() for valid sspp]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/789384eb1437aed94155dc0eac8a8a6ba1baf578 (6.14-rc1)
+CVE-2024-58072 [wifi: rtlwifi: remove unused check_buddy_priv]
+	- linux 6.12.13-1
+	[bookworm] - linux 6.1.129-1
+	NOTE: https://git.kernel.org/linus/2fdac64c3c35858aa8ac5caa70b232e03456e120 (6.14-rc1)
+CVE-2024-58071 [team: prevent adding a device which is already a team device lower]
+	- linux 6.12.13-1
+	[bookworm] - linux 6.1.129-1
+	NOTE: https://git.kernel.org/linus/3fff5da4ca2164bb4d0f1e6cd33f6eb8a0e73e50 (6.14-rc1)
+CVE-2024-58070 [bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT]
+	- linux 6.12.13-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/8eef6ac4d70eb1f0099fff93321d90ce8fa49ee1 (6.14-rc1)
+CVE-2024-58069 [rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read]
+	- linux 6.12.13-1
+	[bookworm] - linux 6.1.129-1
+	NOTE: https://git.kernel.org/linus/3ab8c5ed4f84fa20cd16794fe8dc31f633fbc70c (6.14-rc1)
+CVE-2024-58068 [OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized]
+	- linux 6.12.13-1
+	[bookworm] - linux 6.1.129-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/b44b9bc7cab2967c3d6a791b1cd542c89fc07f0e (6.14-rc1)
+CVE-2024-58067 [clk: mmp: pxa1908-mpmu: Fix a NULL vs IS_ERR() check]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/7def56f841af22e07977e193eea002e085facbdb (6.14-rc1)
+CVE-2024-58066 [clk: mmp: pxa1908-apbcp: Fix a NULL vs IS_ERR() check]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/3acea81be689b77b3ceac6ff345ff0366734d967 (6.14-rc1)
+CVE-2024-58065 [clk: mmp: pxa1908-apbc: Fix NULL vs IS_ERR() check]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/e5ca5d7b4d7c29246d957dc45d63610584ae3a54 (6.14-rc1)
+CVE-2024-58064 [wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap()]
+	- linux 6.12.13-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/13c4f7714c6a1ecf748a2f22099447c14fe6ed8c (6.14-rc1)
+CVE-2024-58063 [wifi: rtlwifi: fix memory leaks and invalid access at probe error path]
+	- linux 6.12.13-1
+	[bookworm] - linux 6.1.129-1
+	NOTE: https://git.kernel.org/linus/e7ceefbfd8d447abc8aca8ab993a942803522c06 (6.14-rc1)
+CVE-2024-58062 [wifi: iwlwifi: mvm: avoid NULL pointer dereference]
+	- linux 6.12.13-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/cf704a7624f99eb2ffca1a16c69183e85544a613 (6.14-rc1)
+CVE-2024-58061 [wifi: mac80211: prohibit deactivating all links]
+	- linux 6.12.13-1
+	[bookworm] - linux 6.1.129-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/7553477cbfd784b128297f9ed43751688415bbaa (6.14-rc1)
+CVE-2024-58060 [bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing]
+	- linux 6.12.13-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/96ea081ed52bf077cad6d00153b6fba68e510767 (6.14-rc1)
+CVE-2024-58059 [media: uvcvideo: Fix deadlock during uvc_probe]
+	- linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/a67f75c2b5ecf534eab416ce16c11fe780c4f8f6 (6.14-rc1)
+CVE-2024-58058 [ubifs: skip dumping tnc tree when zroot is null]
+	- linux 6.12.13-1
+	[bookworm] - linux 6.1.129-1
+	NOTE: https://git.kernel.org/linus/bdb0ca39e0acccf6771db49c3f94ed787d05f2d7 (6.14-rc1)
+CVE-2024-58057 [idpf: convert workqueues to unbound]
+	- linux 6.12.13-1
+	[bookworm] - linux <not-affected> (Vulnerable code not present)
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/9a5b021cb8186f1854bac2812bd4f396bb1e881c (6.14-rc1)
+CVE-2024-58056 [remoteproc: core: Fix ida_free call while not allocated]
+	- linux 6.12.13-1
+	[bookworm] - linux 6.1.129-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/7378aeb664e5ebc396950b36a1f2dedf5aabec20 (6.14-rc1)
+CVE-2024-58055 [usb: gadget: f_tcm: Don't free command immediately]
+	- linux 6.12.13-1
+	[bookworm] - linux 6.1.129-1
+	NOTE: https://git.kernel.org/linus/c225d006a31949d673e646d585d9569bc28feeb9 (6.14-rc1)
+CVE-2024-58054 [staging: media: max96712: fix kernel oops when removing module]
+	- linux 6.12.13-1
+	[bookworm] - linux 6.1.129-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/ee1b5046d5cd892a0754ab982aeaaad3702083a5 (6.14-rc1)
+CVE-2024-58053 [rxrpc: Fix handling of received connection abort]
+	- linux 6.12.13-1
+	NOTE: https://git.kernel.org/linus/0e56ebde245e4799ce74d38419426f2a80d39950 (6.14-rc1)
+CVE-2024-58052 [drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table]
+	- linux 6.12.13-1
+	[bookworm] - linux 6.1.129-1
+	NOTE: https://git.kernel.org/linus/357445e28ff004d7f10967aa93ddb4bffa5c3688 (6.14-rc1)
+CVE-2024-58051 [ipmi: ipmb: Add check devm_kasprintf() returned value]
+	- linux 6.12.13-1
+	[bookworm] - linux 6.1.129-1
+	NOTE: https://git.kernel.org/linus/2378bd0b264ad3a1f76bd957caf33ee0c7945351 (6.14-rc1)
 CVE-2024-36347 [AMD CPU Microcode Signature Verification Vulnerability]
 	- amd64-microcode <unfixed> (bug #1095470)
 	- linux <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa454f246501103704094c8219b379fbc59e78f2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa454f246501103704094c8219b379fbc59e78f2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250306/029877ab/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list