Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 341b8d00 by Salvatore Bonaccorso at 2025-09-15T21:46:55+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,88 @@ +CVE-2022-50338 [binder: fix UAF of alloc->vma in race with munmap()] + - linux 5.5.13-1 + NOTE: https://git.kernel.org/linus/27a594bc7a7c8238d239e3cdbcf2edfa3bbe9a1b (5.4.224) +CVE-2022-50337 [ocxl: fix pci device refcount leak when calling get_function_0()] + - linux 6.1.4-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/27158c72678b39ee01cc01de1aba6b51c71abe2f (6.2-rc1) +CVE-2022-50336 [fs/ntfs3: Add null pointer check to attr_load_runs_vcn] + - linux 6.1.4-1 + NOTE: https://git.kernel.org/linus/2681631c29739509eec59cc0b34e977bb04c6cf1 (6.2-rc1) +CVE-2022-50335 [9p: set req refcount to zero to avoid uninitialized usage] + - linux 6.1.4-1 + NOTE: https://git.kernel.org/linus/26273ade77f54716e30dfd40ac6e85ceb54ac0f9 (6.2-rc1) +CVE-2022-50334 [hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()] + - linux 6.1.4-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/26215b7ee923b9251f7bb12c4e5f09dc465d35f2 (6.2-rc1) +CVE-2022-50333 [fs: jfs: fix shift-out-of-bounds in dbDiscardAG] + - linux 6.1.4-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/25e70c6162f207828dd405b432d8f2a98dbf7082 (6.2-rc1) +CVE-2022-50332 [video/aperture: Call sysfb_disable() before removing PCI devices] + - linux 6.0.6-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/25a6688f27ff54f97adf7cce1d7e18c38bf51eb4 (6.0.6) +CVE-2022-50331 [wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new()] + - linux 6.0.6-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/258ad2fe5ede773625adfda88b173f4123e59f45 (6.1-rc2) +CVE-2022-50330 [crypto: cavium - prevent integer overflow loading firmware] + - linux 6.0.3-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://git.kernel.org/linus/2526d6bf27d15054bb0778b2f7bc6625fd934905 (6.1-rc1) +CVE-2022-50329 [block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq] + - linux 6.1.4-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/246cf66e300b76099b5dbd3fdd39e9a5dbc53f02 (6.2-rc2) +CVE-2022-50328 [jbd2: fix potential use-after-free in jbd2_fc_wait_bufs] + - linux 6.0.3-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://git.kernel.org/linus/243d1a5d505d0b0460c9af0ad56ed4a56ef0bebd (6.1-rc1) +CVE-2022-50327 [ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value] + - linux 6.1.4-1 + NOTE: https://git.kernel.org/linus/2437513a814b3e93bd02879740a8a06e52e2cf7d (6.2-rc1) +CVE-2022-50326 [media: airspy: fix memory leak in airspy probe] + - linux 6.0.3-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/23bc5eb55f8c9607965c20d9ddcc13cb1ae59568 (6.1-rc1) +CVE-2022-50325 [ASoC: Intel: avs: Fix potential RX buffer overflow] + - linux 6.1.4-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/23ae34e033b2c0e5e88237af82b163b296fd6aa9 (6.2-rc1) +CVE-2022-50324 [mtd: maps: pxa2xx-flash: fix memory leak in probe] + - linux 6.1.4-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/2399401feee27c639addc5b7e6ba519d3ca341bf (6.2-rc1) +CVE-2022-50323 [net: do not sense pfmemalloc status in skb_append_pagefrags()] + - linux 6.0.7-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/228ebc41dfab5b5d34cd76835ddb0ca8ee12f513 (6.1-rc3) +CVE-2022-50322 [rtc: msc313: Fix function prototype mismatch in msc313_rtc_probe()] + - linux 6.1.4-1 + NOTE: https://git.kernel.org/linus/21b8a1dd56a163825e5749b303858fb902ebf198 (6.2-rc1) +CVE-2022-50321 [wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit()] + - linux 6.1.20-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/212fde3fe76e962598ce1d47b97cc78afdfc71b3 (6.3-rc1) +CVE-2022-50320 [ACPI: tables: FPDT: Don't call acpi_os_map_memory() on invalid phys address] + - linux 6.0.3-1 + NOTE: https://git.kernel.org/linus/211391bf04b3c74e250c566eeff9cf808156c693 (6.1-rc1) +CVE-2022-50319 [coresight: trbe: remove cpuhp instance node before remove cpuhp state] + - linux 6.1.4-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/20ee8c223f792947378196307d8e707c9cdc2d61 (6.2-rc1) +CVE-2022-50318 [perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()] + - linux 6.1.4-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/1ff9dd6e7071a561f803135c1d684b13c7a7d01d (6.2-rc1) +CVE-2022-50317 [drm/bridge: megachips: Fix a null pointer dereference bug] + - linux 6.0.3-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://git.kernel.org/linus/1ff673333d46d2c1b053ebd0c1c7c7c79e36943e (6.1-rc1) +CVE-2022-50316 [orangefs: Fix kmemleak in orangefs_sysfs_init()] + - linux 6.1.4-1 + NOTE: https://git.kernel.org/linus/1f2c0e8a587bcafad85019a2d80f158d8d41a868 (6.2-rc1) CVE-2023-53262 [f2fs: fix scheduling while atomic in decompression path] - linux 6.3.7-1 [bookworm] - linux 6.1.37-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/341b8d00fa7d6c12e70ec2961f99194af4f42db4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/341b8d00fa7d6c12e70ec2961f99194af4f42db4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
