Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1fc3fcd9 by Salvatore Bonaccorso at 2024-02-27T17:51:21+01:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -66,18 +66,95 @@ CVE-2023-41506 (An arbitrary file upload vulnerability in the Update/Edit Studen NOT-FOR-US: Update/Edit Student's Profile Picture function of Student Enrollment In PHP CVE-2023-36237 (Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 all ...) NOT-FOR-US: Bagisto -CVE-2021-46920 (In the Linux kernel, the following vulnerability has been resolved: d ...) - TODO: check -CVE-2021-46919 (In the Linux kernel, the following vulnerability has been resolved: d ...) - TODO: check -CVE-2021-46918 (In the Linux kernel, the following vulnerability has been resolved: d ...) - TODO: check -CVE-2021-46917 (In the Linux kernel, the following vulnerability has been resolved: d ...) - TODO: check -CVE-2021-46916 (In the Linux kernel, the following vulnerability has been resolved: i ...) - TODO: check -CVE-2021-46914 (In the Linux kernel, the following vulnerability has been resolved: i ...) - TODO: check +CVE-2021-46937 [mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfs_target_ids_write()'] + - linux 5.15.15-1 + NOTE: https://git.kernel.org/linus/ebb3f994dd92f8fb4d70c7541091216c1e10cb71 (5.16-rc8) +CVE-2021-46936 [net: fix use-after-free in tw_timer_handler] + - linux 5.15.15-1 + [bullseye] - linux 5.10.92-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0 (5.16-rc8) +CVE-2021-46935 [binder: fix async_free_space accounting for empty parcels] + - linux 5.15.15-1 + [bullseye] - linux 5.10.92-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/cfd0d84ba28c18b531648c9d4a35ecca89ad9901 (5.16-rc8) +CVE-2021-46934 [i2c: validate user data in compat ioctl] + - linux 5.15.15-1 + [bullseye] - linux 5.10.92-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/bb436283e25aaf1533ce061605d23a9564447bdf (5.16-rc8) +CVE-2021-46933 [usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.] + - linux 5.15.15-1 + [bullseye] - linux 5.10.92-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/b1e0887379422975f237d43d8839b751a6bcf154 (5.16-rc8) +CVE-2021-46932 [Input: appletouch - initialize work before device registration] + - linux 5.15.15-1 + [bullseye] - linux 5.10.92-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/9f3ccdc3f6ef10084ceb3a47df0961bec6196fd0 (5.16-rc8) +CVE-2021-46931 [net/mlx5e: Wrap the tx reporter dump callback to extract the sq] + - linux 5.15.15-1 + [bullseye] - linux 5.10.92-1 + NOTE: https://git.kernel.org/linus/918fc3855a6507a200e9cf22c20be852c0982687 (5.16-rc8) +CVE-2021-46930 [usb: mtu3: fix list_head check warning] + - linux 5.15.15-1 + [bullseye] - linux 5.10.92-1 + NOTE: https://git.kernel.org/linus/8c313e3bfd9adae8d5c4ba1cc696dcbc86fbf9bf (5.16-rc8) +CVE-2021-46929 [sctp: use call_rcu to free endpoint] + - linux 5.15.15-1 + [bullseye] - linux 5.10.92-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/5ec7d18d1813a5bead0b495045606c93873aecbb (5.16-rc8) +CVE-2021-46928 [parisc: Clear stale IIR value on instruction access rights trap] + - linux 5.15.15-1 + [bullseye] - linux 5.10.92-1 + NOTE: https://git.kernel.org/linus/484730e5862f6b872dca13840bed40fd7c60fa26 (5.16-rc7) +CVE-2021-46927 [nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert] + - linux 5.15.15-1 + NOTE: https://git.kernel.org/linus/3a0152b219523227c2a62a0a122cf99608287176 (5.16-rc8) +CVE-2021-46926 [ALSA: hda: intel-sdw-acpi: harden detection of controller] + - linux 5.15.15-1 + NOTE: https://git.kernel.org/linus/385f287f9853da402d94278e59f594501c1d1dad (5.16-rc7) +CVE-2021-46925 [net/smc: fix kernel panic caused by race of smc_sock] + - linux 5.15.15-1 + [bullseye] - linux 5.10.92-1 + NOTE: https://git.kernel.org/linus/349d43127dac00c15231e8ffbcaabd70f7b0e544 (5.16-rc8) +CVE-2021-46924 [NFC: st21nfca: Fix memory leak in device probe and remove] + - linux 5.15.15-1 + [bullseye] - linux 5.10.92-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/1b9dadba502234eea7244879b8d5d126bfaf9f0c (5.16-rc8) +CVE-2021-46923 [fs/mount_setattr: always cleanup mount_kattr] + - linux 5.15.15-1 + NOTE: https://git.kernel.org/linus/012e332286e2bb9f6ac77d195f17e74b2963d663 (5.16-rc8) +CVE-2021-46922 [KEYS: trusted: Fix TPM reservation for seal/unseal] + - linux 5.10.38-1 + [buster] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/9d5171eab462a63e2fbebfccf6026e92be018f20 (5.12) +CVE-2021-46921 [locking/qrwlock: Fix ordering in queued_write_lock_slowpath()] + - linux 5.10.38-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/linus/84a24bf8c52e66b7ac89ada5e3cfbe72d65c1896 (5.12) +CVE-2021-46920 [dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback] + - linux 5.10.38-1 + NOTE: https://git.kernel.org/linus/ea941ac294d75d0ace50797aebf0056f6f8f7a7f (5.12-rc8) +CVE-2021-46919 [dmaengine: idxd: fix wq size store permission state] + - linux 5.10.38-1 + NOTE: https://git.kernel.org/linus/0fff71c5a311e1264988179f7dcc217fda15fadd (5.12-rc8) +CVE-2021-46918 [dmaengine: idxd: clear MSIX permission entry on shutdown] + - linux 5.14.6-1 + NOTE: https://git.kernel.org/linus/6df0e6c57dfc064af330071f372f11aa8c584997 (5.12-rc8) +CVE-2021-46917 [dmaengine: idxd: fix wq cleanup of WQCFG registers] + - linux 5.10.38-1 + NOTE: https://git.kernel.org/linus/ea9aadc06a9f10ad20a90edc0a484f1147d88a7a (5.12-rc8) +CVE-2021-46916 [ixgbe: Fix NULL pointer dereference in ethtool loopback test] + - linux 5.14.6-1 + NOTE: https://git.kernel.org/linus/31166efb1cee348eb6314e9c0095d84cbeb66b9d (5.12-rc8) +CVE-2021-46914 [ixgbe: fix unbalanced device enable/disable in suspend/resume] + - linux 5.10.38-1 + NOTE: https://git.kernel.org/linus/debb9df311582c83fe369baa35fa4b92e8a9c58a (5.12-rc8) CVE-2021-46915 [netfilter: nft_limit: avoid possible divide error in nft_limit_init] - linux 5.10.38-1 [buster] - linux 4.19.194-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fc3fcd9262d24357f79f39f6fa58083253ba5dc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fc3fcd9262d24357f79f39f6fa58083253ba5dc You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits