[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
99063e80 by Salvatore Bonaccorso at 2024-02-29T07:55:45+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2023-52484 [iommu/arm-smmu-v3: Fix soft lockup triggered by 
arm_smmu_mm_invalidate_range]
+       - linux 6.5.6-1
+       [bookworm] - linux 6.1.64-1
+       NOTE: 
https://git.kernel.org/linus/d5afb4b47e13161b3f33904d45110f9e6463bad6 (6.6-rc5)
+CVE-2023-52483 [mctp: perform route lookups under a RCU read-side lock]
+       - linux 6.5.8-1
+       [bookworm] - linux 6.1.64-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       [buster] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/5093bbfc10ab6636b32728e35813cbd79feb063c (6.6-rc6)
+CVE-2023-52482 [x86/srso: Add SRSO mitigation for Hygon processors]
+       - linux 6.5.6-1
+       [bookworm] - linux 6.1.64-1
+       NOTE: 
https://git.kernel.org/linus/a5ef7d68cea1344cf524f04981c2b3f80bedbb0d (6.6-rc4)
+CVE-2023-52481 [arm64: errata: Add Cortex-A520 speculative unprivileged load 
workaround]
+       - linux 6.5.8-1
+       [bookworm] - linux 6.1.64-1
+       NOTE: 
https://git.kernel.org/linus/471470bc7052d28ce125901877dd10e4c048e513 (6.6-rc5)
+CVE-2023-52480 [ksmbd: fix race condition between session lookup and expire]
+       - linux 6.5.8-1
+       [bookworm] - linux 6.1.64-1
+       NOTE: 
https://git.kernel.org/linus/53ff5cf89142b978b1a5ca8dc4d4425e6a09745f (6.6-rc5)
+CVE-2023-52479 [ksmbd: fix uaf in smb20_oplock_break_ack]
+       - linux 6.5.8-1
+       [bookworm] - linux 6.1.64-1
+       NOTE: 
https://git.kernel.org/linus/c69813471a1ec081a0b9bf0c6bd7e8afd818afce (6.6-rc5)
+CVE-2023-52478 [HID: logitech-hidpp: Fix kernel crash on receiver USB 
disconnect]
+       - linux 6.5.8-1
+       [bookworm] - linux 6.1.64-1
+       [bullseye] - linux 5.10.205-1
+       [buster] - linux 4.19.304-1
+       NOTE: 
https://git.kernel.org/linus/dac501397b9d81e4782232c39f94f4307b137452 (6.6-rc6)
+CVE-2023-52477 [usb: hub: Guard against accesses to uninitialized BOS 
descriptors]
+       - linux 6.5.8-1
+       [bookworm] - linux 6.1.64-1
+       [bullseye] - linux 5.10.205-1
+       [buster] - linux 4.19.304-1
+       NOTE: 
https://git.kernel.org/linus/f74a7afc224acd5e922c7a2e52244d891bbe44ee (6.6-rc6)
+CVE-2023-52476 [perf/x86/lbr: Filter vsyscall addresses]
+       - linux 6.5.8-1
+       [bookworm] - linux 6.1.64-1
+       NOTE: 
https://git.kernel.org/linus/e53899771a02f798d436655efbd9d4b46c0f9265 (6.6-rc6)
+CVE-2023-52475 [Input: powermate - fix use-after-free in 
powermate_config_complete]
+       - linux 6.5.8-1
+       [bookworm] - linux 6.1.64-1
+       [bullseye] - linux 5.10.205-1
+       [buster] - linux 4.19.304-1
+       NOTE: 
https://git.kernel.org/linus/5c15c60e7be615f05a45cd905093a54b11f461bc (6.6-rc6)
 CVE-2024-27948 (Cross-Site Request Forgery (CSRF) vulnerability in bytesforall 
Atahual ...)
        NOT-FOR-US: bytesforall Atahualpa
 CVE-2024-27517 (Webasyst 2.9.9 has a Cross-Site Scripting (XSS) vulnerability, 
Attacke ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99063e807c4c4711fefec9c610d2cc1beee2536a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99063e807c4c4711fefec9c610d2cc1beee2536a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits