[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1fc3fcd9 by Salvatore Bonaccorso at 2024-02-27T17:51:21+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -66,18 +66,95 @@ CVE-2023-41506 (An arbitrary file upload vulnerability in 
the Update/Edit Studen
        NOT-FOR-US: Update/Edit Student's Profile Picture function of Student 
Enrollment In PHP
 CVE-2023-36237 (Cross Site Request Forgery vulnerability in Bagisto before 
v.1.5.1 all ...)
        NOT-FOR-US: Bagisto
-CVE-2021-46920 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
-       TODO: check
-CVE-2021-46919 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
-       TODO: check
-CVE-2021-46918 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
-       TODO: check
-CVE-2021-46917 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
-       TODO: check
-CVE-2021-46916 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)
-       TODO: check
-CVE-2021-46914 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)
-       TODO: check
+CVE-2021-46937 [mm/damon/dbgfs: fix 'struct pid' leaks in 
'dbgfs_target_ids_write()']
+       - linux 5.15.15-1
+       NOTE: 
https://git.kernel.org/linus/ebb3f994dd92f8fb4d70c7541091216c1e10cb71 (5.16-rc8)
+CVE-2021-46936 [net: fix use-after-free in tw_timer_handler]
+       - linux 5.15.15-1
+       [bullseye] - linux 5.10.92-1
+       [buster] - linux 4.19.232-1
+       NOTE: 
https://git.kernel.org/linus/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0 (5.16-rc8)
+CVE-2021-46935 [binder: fix async_free_space accounting for empty parcels]
+       - linux 5.15.15-1
+       [bullseye] - linux 5.10.92-1
+       [buster] - linux 4.19.232-1
+       NOTE: 
https://git.kernel.org/linus/cfd0d84ba28c18b531648c9d4a35ecca89ad9901 (5.16-rc8)
+CVE-2021-46934 [i2c: validate user data in compat ioctl]
+       - linux 5.15.15-1
+       [bullseye] - linux 5.10.92-1
+       [buster] - linux 4.19.232-1
+       NOTE: 
https://git.kernel.org/linus/bb436283e25aaf1533ce061605d23a9564447bdf (5.16-rc8)
+CVE-2021-46933 [usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.]
+       - linux 5.15.15-1
+       [bullseye] - linux 5.10.92-1
+       [buster] - linux 4.19.232-1
+       NOTE: 
https://git.kernel.org/linus/b1e0887379422975f237d43d8839b751a6bcf154 (5.16-rc8)
+CVE-2021-46932 [Input: appletouch - initialize work before device registration]
+       - linux 5.15.15-1
+       [bullseye] - linux 5.10.92-1
+       [buster] - linux 4.19.232-1
+       NOTE: 
https://git.kernel.org/linus/9f3ccdc3f6ef10084ceb3a47df0961bec6196fd0 (5.16-rc8)
+CVE-2021-46931 [net/mlx5e: Wrap the tx reporter dump callback to extract the 
sq]
+       - linux 5.15.15-1
+       [bullseye] - linux 5.10.92-1
+       NOTE: 
https://git.kernel.org/linus/918fc3855a6507a200e9cf22c20be852c0982687 (5.16-rc8)
+CVE-2021-46930 [usb: mtu3: fix list_head check warning]
+       - linux 5.15.15-1
+       [bullseye] - linux 5.10.92-1
+       NOTE: 
https://git.kernel.org/linus/8c313e3bfd9adae8d5c4ba1cc696dcbc86fbf9bf (5.16-rc8)
+CVE-2021-46929 [sctp: use call_rcu to free endpoint]
+       - linux 5.15.15-1
+       [bullseye] - linux 5.10.92-1
+       [buster] - linux 4.19.232-1
+       NOTE: 
https://git.kernel.org/linus/5ec7d18d1813a5bead0b495045606c93873aecbb (5.16-rc8)
+CVE-2021-46928 [parisc: Clear stale IIR value on instruction access rights 
trap]
+       - linux 5.15.15-1
+       [bullseye] - linux 5.10.92-1
+       NOTE: 
https://git.kernel.org/linus/484730e5862f6b872dca13840bed40fd7c60fa26 (5.16-rc7)
+CVE-2021-46927 [nitro_enclaves: Use get_user_pages_unlocked() call to handle 
mmap assert]
+       - linux 5.15.15-1
+       NOTE: 
https://git.kernel.org/linus/3a0152b219523227c2a62a0a122cf99608287176 (5.16-rc8)
+CVE-2021-46926 [ALSA: hda: intel-sdw-acpi: harden detection of controller]
+       - linux 5.15.15-1
+       NOTE: 
https://git.kernel.org/linus/385f287f9853da402d94278e59f594501c1d1dad (5.16-rc7)
+CVE-2021-46925 [net/smc: fix kernel panic caused by race of smc_sock]
+       - linux 5.15.15-1
+       [bullseye] - linux 5.10.92-1
+       NOTE: 
https://git.kernel.org/linus/349d43127dac00c15231e8ffbcaabd70f7b0e544 (5.16-rc8)
+CVE-2021-46924 [NFC: st21nfca: Fix memory leak in device probe and remove]
+       - linux 5.15.15-1
+       [bullseye] - linux 5.10.92-1
+       [buster] - linux 4.19.232-1
+       NOTE: 
https://git.kernel.org/linus/1b9dadba502234eea7244879b8d5d126bfaf9f0c (5.16-rc8)
+CVE-2021-46923 [fs/mount_setattr: always cleanup mount_kattr]
+       - linux 5.15.15-1
+       NOTE: 
https://git.kernel.org/linus/012e332286e2bb9f6ac77d195f17e74b2963d663 (5.16-rc8)
+CVE-2021-46922 [KEYS: trusted: Fix TPM reservation for seal/unseal]
+       - linux 5.10.38-1
+       [buster] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/9d5171eab462a63e2fbebfccf6026e92be018f20 (5.12)
+CVE-2021-46921 [locking/qrwlock: Fix ordering in queued_write_lock_slowpath()]
+       - linux 5.10.38-1
+       [buster] - linux 4.19.194-1
+       NOTE: 
https://git.kernel.org/linus/84a24bf8c52e66b7ac89ada5e3cfbe72d65c1896 (5.12)
+CVE-2021-46920 [dmaengine: idxd: Fix clobbering of SWERR overflow bit on 
writeback]
+       - linux 5.10.38-1
+       NOTE: 
https://git.kernel.org/linus/ea941ac294d75d0ace50797aebf0056f6f8f7a7f (5.12-rc8)
+CVE-2021-46919 [dmaengine: idxd: fix wq size store permission state]
+       - linux 5.10.38-1
+       NOTE: 
https://git.kernel.org/linus/0fff71c5a311e1264988179f7dcc217fda15fadd (5.12-rc8)
+CVE-2021-46918 [dmaengine: idxd: clear MSIX permission entry on shutdown]
+       - linux 5.14.6-1
+       NOTE: 
https://git.kernel.org/linus/6df0e6c57dfc064af330071f372f11aa8c584997 (5.12-rc8)
+CVE-2021-46917 [dmaengine: idxd: fix wq cleanup of WQCFG registers]
+       - linux 5.10.38-1
+       NOTE: 
https://git.kernel.org/linus/ea9aadc06a9f10ad20a90edc0a484f1147d88a7a (5.12-rc8)
+CVE-2021-46916 [ixgbe: Fix NULL pointer dereference in ethtool loopback test]
+       - linux 5.14.6-1
+       NOTE: 
https://git.kernel.org/linus/31166efb1cee348eb6314e9c0095d84cbeb66b9d (5.12-rc8)
+CVE-2021-46914 [ixgbe: fix unbalanced device enable/disable in suspend/resume]
+       - linux 5.10.38-1
+       NOTE: 
https://git.kernel.org/linus/debb9df311582c83fe369baa35fa4b92e8a9c58a (5.12-rc8)
 CVE-2021-46915 [netfilter: nft_limit: avoid possible divide error in 
nft_limit_init]
        - linux 5.10.38-1
        [buster] - linux 4.19.194-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fc3fcd9262d24357f79f39f6fa58083253ba5dc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fc3fcd9262d24357f79f39f6fa58083253ba5dc
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits