Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: b166fb82 by Salvatore Bonaccorso at 2024-08-07T19:03:16+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,80 @@ +CVE-2024-42250 [cachefiles: add missing lock protection when polling] + - linux 6.9.10-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/cf5bb09e742a9cf6349127e868329a8f69b7a014 (6.10) +CVE-2024-42249 [spi: don't unoptimize message in spi_async()] + - linux 6.9.10-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/c86a918b1bdba78fb155184f8d88dfba1e63335d (6.10) +CVE-2024-42248 [tty: serial: ma35d1: Add a NULL check for of_node] + - linux 6.9.10-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/acd09ac253b5de8fd79fc61a482ee19154914c7a (6.10) +CVE-2024-42247 [wireguard: allowedips: avoid unaligned 64-bit memory accesses] + - linux 6.9.10-1 + NOTE: https://git.kernel.org/linus/948f991c62a4018fb81d85804eeab3029c6209f8 (6.10) +CVE-2024-42246 [net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket] + - linux 6.9.10-1 + NOTE: https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde (6.10) +CVE-2024-42245 [Revert "sched/fair: Make sure to try to detach at least one movable task"] + - linux 6.9.10-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/2feab2492deb2f14f9675dd6388e9e2bf669c27a (6.10) +CVE-2024-42244 [USB: serial: mos7840: fix crash on resume] + - linux 6.9.10-1 + NOTE: https://git.kernel.org/linus/c15a688e49987385baa8804bf65d570e362f8576 (6.10) +CVE-2024-42243 [mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray] + - linux 6.9.10-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/099d90642a711caae377f53309abfe27e8724a8b (6.10) +CVE-2024-42242 [mmc: sdhci: Fix max_seg_size for 64KiB PAGE_SIZE] + - linux 6.9.10-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/63d20a94f24fc1cbaf44d0e7c0e0a8077fde0aef (6.10) +CVE-2024-42241 [mm/shmem: disable PMD-sized page cache if needed] + - linux 6.9.10-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/9fd154ba926b34c833b7bfc4c14ee2e931b3d743 (6.10) +CVE-2024-42240 [x86/bhi: Avoid warning in #DB handler due to BHI mitigation] + - linux 6.9.10-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/ac8b270b61d48fcc61f052097777e3b5e11591e0 (6.10) +CVE-2024-42239 [bpf: Fail bpf_timer_cancel when callback is being cancelled] + - linux 6.9.10-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/d4523831f07a267a943f0dde844bf8ead7495f13 (6.10) +CVE-2024-42238 [firmware: cs_dsp: Return error if block header overflows file] + - linux 6.9.10-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/959fe01e85b7241e3ec305d657febbe82da16a02 (6.10) +CVE-2024-42237 [firmware: cs_dsp: Validate payload length before processing block] + - linux 6.9.10-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6598afa9320b6ab13041616950ca5f8f938c0cf1 (6.10) +CVE-2024-42236 [usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()] + - linux 6.9.10-1 + NOTE: https://git.kernel.org/linus/6d3c721e686ea6c59e18289b400cc95c76e927e0 (6.10) +CVE-2024-42235 [s390/mm: Add NULL pointer check to crst_table_free() base_crst_free()] + - linux 6.9.10-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b5efb63acf7bddaf20eacfcac654c25c446eabe8 (6.10) +CVE-2024-42234 [mm: fix crashes from deferred split racing folio migration] + - linux 6.9.10-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/be9581ea8c058d81154251cb0695987098996cad (6.10) +CVE-2024-42233 [filemap: replace pte_offset_map() with pte_offset_map_nolock()] + - linux 6.9.10-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/24be02a42181f0707be0498045c4c4b13273b16d (6.10) +CVE-2024-42232 [libceph: fix race between delayed_work() and ceph_monc_stop()] + - linux 6.9.10-1 + NOTE: https://git.kernel.org/linus/69c7b2fe4c9cc1d3b1186d1c5606627ecf0de883 (6.10) CVE-2024-6494 (The WordPress File Upload WordPress plugin before 4.24.8 does not prop ...) NOT-FOR-US: WordPress plugin CVE-2024-42219 (1Password 8 before 8.10.36 for macOS allows local attackers to exfiltr ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b166fb8215e02cf290ef82b71ad5aa5972f52538 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b166fb8215e02cf290ef82b71ad5aa5972f52538 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
