[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9e3f072b by Salvatore Bonaccorso at 2024-03-06T08:22:56+01:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,102 @@
+CVE-2024-26628 [drm/amdkfd: Fix lock dependency warning]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/47bf0f83fc86df1bf42b385a91aadb910137c5c9 (6.8-rc1)
+CVE-2024-26627 [scsi: core: Move scsi_host_busy() out of host lock for waking 
up EH handler]
+       - linux 6.7.7-1
+       [buster] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/4373534a9850627a2695317944898eb1283a2db0 (6.8-rc3)
+CVE-2024-26626 [ipmr: fix kernel panic when forwarding mcast packets]
+       - linux 6.7.7-1
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       [buster] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/e622502c310f1069fd9f41cd38210553115f610a (6.8-rc3)
+CVE-2024-26625 [llc: call sock_orphan() at release time]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/aa2b2eb3934859904c287bf5434647ba72e14c1c (6.8-rc3)
+CVE-2024-26624 [af_unix: fix lockdep positive in sk_diag_dump_icons()]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/4d322dce82a1d44f8c83f0f54f95dd1b8dcf46c9 (6.8-rc3)
+CVE-2024-26623 [pds_core: Prevent race issues involving the adminq]
+       - linux 6.7.7-1
+       [bookworm] - linux <not-affected> (Vulnerable code not present)
+       [bullseye] - linux <not-affected> (Vulnerable code not present)
+       [buster] - linux <not-affected> (Vulnerable code not present)
+       NOTE: 
https://git.kernel.org/linus/7e82a8745b951b1e794cc780d46f3fbee5e93447 (6.8-rc3)
+CVE-2023-52607 [powerpc/mm: Fix null-pointer dereference in pgtable_cache_add]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/f46c8a75263f97bda13c739ba1c90aced0d3b071 (6.8-rc1)
+CVE-2023-52606 [powerpc/lib: Validate size for vector operations]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59 (6.8-rc1)
+CVE-2023-52605 [ACPI: extlog: fix NULL pointer dereference check]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/72d9b9747e78979510e9aafdd32eb99c7aa30dd1 (6.8-rc1)
+CVE-2023-52604 [FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68 (6.8-rc1)
+CVE-2023-52603 [UBSAN: array-index-out-of-bounds in dtSplitRoot]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/27e56f59bab5ddafbcfe69ad7a4a6ea1279c1b16 (6.8-rc1)
+CVE-2023-52602 [jfs: fix slab-out-of-bounds Read in dtSearch]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/fa5492ee89463a7590a1449358002ff7ef63529f (6.8-rc1)
+CVE-2023-52601 [jfs: fix array-index-out-of-bounds in dbAdjTree]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/74ecdda68242b174920fe7c6133a856fb7d8559b (6.8-rc1)
+CVE-2023-52600 [jfs: fix uaf in jfs_evict_inode]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/e0e1958f4c365e380b17ccb35617345b31ef7bf3 (6.8-rc1)
+CVE-2023-52599 [jfs: fix array-index-out-of-bounds in diNewExt]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/49f9637aafa6e63ba686c13cb8549bf5e6920402 (6.8-rc1)
+CVE-2023-52598 [s390/ptrace: handle setting of fpc register correctly]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/8b13601d19c541158a6e18b278c00ba69ae37829 (6.8-rc1)
+CVE-2023-52597 [KVM: s390: fix setting of fpc register]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/b988b1bb0053c0dcd26187d29ef07566a565cf55 (6.8-rc1)
+CVE-2023-52596 [sysctl: Fix out of bounds access for empty sysctl registers]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/315552310c7de92baea4e570967066569937a843 (6.8-rc1)
+CVE-2023-52595 [wifi: rt2x00: restart beacon queue when hardware reset]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/a11d965a218f0cd95b13fe44d0bcd8a20ce134a8 (6.8-rc1)
+CVE-2023-52594 [wifi: ath9k: Fix potential array-index-out-of-bounds read in 
ath9k_htc_txstatus()]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/2adc886244dff60f948497b59affb6c6ebb3c348 (6.8-rc1)
+CVE-2023-52593 [wifi: wfx: fix possible NULL pointer dereference in 
wfx_set_mfp_ap()]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/fe0a7776d4d19e613bb8dd80fe2d78ae49e8b49d (6.8-rc1)
+CVE-2023-52592 [libbpf: Fix NULL pointer dereference in 
bpf_object__collect_prog_relos]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/fc3a5534e2a8855427403113cbeb54af5837bbe0 (6.8-rc1)
+CVE-2023-52591 [reiserfs: Avoid touching renamed directory if parent does not 
change]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/49db9b1b86a82448dfaf3fcfefcf678dee56c8ed (6.8-rc1)
+CVE-2023-52590 [ocfs2: Avoid touching renamed directory if parent does not 
change]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/9d618d19b29c2943527e3a43da0a35aea91062fc (6.8-rc1)
+CVE-2023-52589 [media: rkisp1: Fix IRQ disable race issue]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/870565f063a58576e8a4529f122cac4325c6b395 (6.8-rc1)
+CVE-2023-52588 [f2fs: fix to tag gcing flag on page during block migration]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/4961acdd65c956e97c1a000c82d91a8c1cdbe44b (6.8-rc1)
+CVE-2023-52587 [IB/ipoib: Fix mcast list locking]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/4f973e211b3b1c6d36f7c6a19239d258856749f9 (6.8-rc1)
+CVE-2023-52586 [drm/msm/dpu: Add mutex lock in control vblank irq]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/45284ff733e4caf6c118aae5131eb7e7cf3eea5a (6.8-rc1)
+CVE-2023-52585 [drm/amdgpu: Fix possible NULL dereference in 
amdgpu_ras_query_error_status_helper()]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/b8d55a90fd55b767c25687747e2b24abd1ef8680 (6.8-rc1)
+CVE-2023-52584 [spmi: mediatek: Fix UAF on device remove]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/e821d50ab5b956ed0effa49faaf29912fd4106d9 (6.8-rc1)
+CVE-2023-52583 [ceph: fix deadlock or deadcode of misusing dget()]
+       - linux 6.7.7-1
+       NOTE: 
https://git.kernel.org/linus/b493ad718b1f0357394d2cdecbf00a44a36fa085 (6.8-rc1)
 CVE-2024-24785 [html/template: errors returned from MarshalJSON methods may 
break template escaping]
        - golang-1.22 <unfixed>
        - golang-1.21 <unfixed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e3f072b86a3c4694fdaaa3eb7bf49b3dcac82ff

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e3f072b86a3c4694fdaaa3eb7bf49b3dcac82ff
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits