Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: cd82dc89 by Salvatore Bonaccorso at 2024-10-10T21:57:17+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,69 @@ +CVE-2024-47673 [wifi: iwlwifi: mvm: pause TCM when the firmware is stopped] + - linux 6.10.12-1 + [bookworm] - linux 6.1.112-1 + NOTE: https://git.kernel.org/linus/0668ebc8c2282ca1e7eb96092a347baefffb5fe7 (6.11-rc6) +CVE-2024-47672 [wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead] + - linux 6.10.12-1 + [bookworm] - linux 6.1.112-1 + NOTE: https://git.kernel.org/linus/3a84454f5204718ca5b4ad2c1f0bf2031e2403d1 (6.11-rc6) +CVE-2024-47671 [USB: usbtmc: prevent kernel-usb-infoleak] + - linux 6.10.12-1 + [bookworm] - linux 6.1.112-1 + NOTE: https://git.kernel.org/linus/625fa77151f00c1bd00d34d60d6f2e710b3f9aad (6.12-rc1) +CVE-2024-47670 [ocfs2: add bounds checking to ocfs2_xattr_find_entry()] + - linux 6.10.12-1 + [bookworm] - linux 6.1.112-1 + NOTE: https://git.kernel.org/linus/9e3041fecdc8f78a5900c3aa51d3d756e73264d6 (6.11-rc1) +CVE-2024-47669 [nilfs2: fix state management in error path of log writing function] + - linux 6.10.11-1 + [bookworm] - linux 6.1.112-1 + NOTE: https://git.kernel.org/linus/6576dd6695f2afca3f4954029ac4a64f82ba60ab (6.11-rc7) +CVE-2024-47668 [lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()] + - linux 6.10.11-1 + [bookworm] - linux 6.1.112-1 + NOTE: https://git.kernel.org/linus/b2f11c6f3e1fc60742673b8675c95b78447f3dae (6.11-rc4) +CVE-2024-47667 [PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)] + - linux 6.10.11-1 + [bookworm] - linux 6.1.112-1 + NOTE: https://git.kernel.org/linus/86f271f22bbb6391410a07e08d6ca3757fda01fa (6.11-rc1) +CVE-2024-47666 [scsi: pm80xx: Set phy->enable_completion only when we wait for it] + - linux 6.10.11-1 + NOTE: https://git.kernel.org/linus/e4f949ef1516c0d74745ee54a0f4882c1f6c7aea (6.11-rc1) +CVE-2024-47665 [i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup] + - linux 6.10.11-1 + [bookworm] - linux 6.1.112-1 + NOTE: https://git.kernel.org/linus/8a2be2f1db268ec735419e53ef04ca039fc027dc (6.11-rc1) +CVE-2024-47664 [spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware] + - linux 6.10.11-1 + NOTE: https://git.kernel.org/linus/5127c42c77de18651aa9e8e0a3ced190103b449c (6.11-rc3) +CVE-2024-47663 [staging: iio: frequency: ad9834: Validate frequency parameter value] + - linux 6.10.11-1 + [bookworm] - linux 6.1.112-1 + NOTE: https://git.kernel.org/linus/b48aa991758999d4e8f9296c5bbe388f293ef465 (6.11-rc7) +CVE-2024-47662 [drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection] + - linux 6.10.9-1 + NOTE: https://git.kernel.org/linus/466423c6dd8af23ebb3a69d43434d01aed0db356 (6.11-rc1) +CVE-2024-47661 [drm/amd/display: Avoid overflow from uint32_t to uint8_t] + - linux 6.10.9-1 + NOTE: https://git.kernel.org/linus/d6b54900c564e35989cf6813e4071504fa0a90e0 (6.11-rc1) +CVE-2024-47660 [fsnotify: clear PARENT_WATCHED flags lazily] + - linux 6.10.9-1 + [bookworm] - linux 6.1.112-1 + NOTE: https://git.kernel.org/linus/172e422ffea20a89bfdc672741c1aad6fbb5044e (6.11-rc1) +CVE-2024-47659 [smack: tcp: ipv4, fix incorrect labeling] + - linux 6.10.9-1 + [bookworm] - linux 6.1.112-1 + NOTE: https://git.kernel.org/linus/2fe209d0ad2e2729f7e22b9b31a86cc3ff0db550 (6.11-rc1) +CVE-2024-47658 [crypto: stm32/cryp - call finalize with bh disabled] + - linux 6.10.9-1 + NOTE: https://git.kernel.org/linus/56ddb9aa3b324c2d9645b5a7343e46010cf3f6ce (6.11-rc1) +CVE-2024-46871 [drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX] + - linux 6.10.9-1 + [bookworm] - linux 6.1.112-1 + NOTE: https://git.kernel.org/linus/ad28d7c3d989fc5689581664653879d664da76f0 (6.11-rc1) +CVE-2024-46870 [drm/amd/display: Disable DMCUB timeout for DCN35] + - linux 6.10.9-1 + NOTE: https://git.kernel.org/linus/7c70e60fbf4bff1123f0e8d5cb1ae71df6164d7f (6.11-rc1) CVE-2024-9683 NOT-FOR-US: Quay CVE-2024-6861 @@ -225,38 +291,6 @@ CVE-2024-47773 (Discourse is an open source platform for community discussion. A NOT-FOR-US: Discourse CVE-2024-47763 (Wasmtime is an open source runtime for WebAssembly. Wasmtime's impleme ...) NOT-FOR-US: wasmtime -CVE-2024-47673 (In the Linux kernel, the following vulnerability has been resolved: w ...) - TODO: check -CVE-2024-47672 (In the Linux kernel, the following vulnerability has been resolved: w ...) - TODO: check -CVE-2024-47671 (In the Linux kernel, the following vulnerability has been resolved: U ...) - TODO: check -CVE-2024-47670 (In the Linux kernel, the following vulnerability has been resolved: o ...) - TODO: check -CVE-2024-47669 (In the Linux kernel, the following vulnerability has been resolved: n ...) - TODO: check -CVE-2024-47668 (In the Linux kernel, the following vulnerability has been resolved: l ...) - TODO: check -CVE-2024-47667 (In the Linux kernel, the following vulnerability has been resolved: P ...) - TODO: check -CVE-2024-47666 (In the Linux kernel, the following vulnerability has been resolved: s ...) - TODO: check -CVE-2024-47665 (In the Linux kernel, the following vulnerability has been resolved: i ...) - TODO: check -CVE-2024-47664 (In the Linux kernel, the following vulnerability has been resolved: s ...) - TODO: check -CVE-2024-47663 (In the Linux kernel, the following vulnerability has been resolved: s ...) - TODO: check -CVE-2024-47662 (In the Linux kernel, the following vulnerability has been resolved: d ...) - TODO: check -CVE-2024-47661 (In the Linux kernel, the following vulnerability has been resolved: d ...) - TODO: check -CVE-2024-47660 (In the Linux kernel, the following vulnerability has been resolved: f ...) - TODO: check -CVE-2024-47659 (In the Linux kernel, the following vulnerability has been resolved: s ...) - TODO: check -CVE-2024-47658 (In the Linux kernel, the following vulnerability has been resolved: c ...) - TODO: check CVE-2024-47565 (A vulnerability has been identified in Siemens SINEC Security Monitor ...) NOT-FOR-US: Siemens CVE-2024-47563 (A vulnerability has been identified in Siemens SINEC Security Monitor ...) @@ -323,10 +357,6 @@ CVE-2024-46887 (The web server of affected devices do not properly authenticate NOT-FOR-US: Siemens CVE-2024-46886 (The web server of affected devices does not properly validate input th ...) NOT-FOR-US: Siemens -CVE-2024-46871 (In the Linux kernel, the following vulnerability has been resolved: d ...) - TODO: check -CVE-2024-46870 (In the Linux kernel, the following vulnerability has been resolved: d ...) - TODO: check CVE-2024-46539 (Insecure permissions in the Bluetooth Low Energy (BLE) component of Fi ...) NOT-FOR-US: Fire-Boltt Artillery Smart Watch CVE-2024-46410 (PublicCMS V4.0.202406.d was discovered to contain a cross-site scripti ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd82dc892fba3de328e90296daf65b1687d9b0c7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd82dc892fba3de328e90296daf65b1687d9b0c7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
