Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: a4ef7718 by Salvatore Bonaccorso at 2025-10-07T22:24:50+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,233 @@ +CVE-2023-53687 [tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk] + - linux 6.4.11-1 + [bookworm] - linux 6.1.52-1 + [bullseye] - linux 5.10.191-1 + NOTE: https://git.kernel.org/linus/832e231cff476102e8204a9e7bddfe5c6154a375 (6.5-rc1) +CVE-2023-53686 [net/handshake: fix null-ptr-deref in handshake_nl_done_doit()] + - linux 6.5.6-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/82ba0ff7bf0483d962e592017bef659ae022d754 (6.6-rc1) +CVE-2023-53685 [tun: Fix memory leak for detached NAPI queue.] + - linux 6.3.7-1 + [bookworm] - linux 6.1.37-1 + NOTE: https://git.kernel.org/linus/82b2bc279467c875ec36f8ef820f00997c2a4e8e (6.4-rc3) +CVE-2023-53684 [xfrm: Zero padding when dumping algos and encap] + - linux 6.1.25-1 + NOTE: https://git.kernel.org/linus/8222d5910dae08213b6d9d4bc9a7f8502855e624 (6.3-rc3) +CVE-2023-53683 [fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()] + - linux 6.3.7-1 + [bookworm] - linux 6.1.37-1 + [bullseye] - linux 5.10.191-1 + NOTE: https://git.kernel.org/linus/81b21c0f0138ff5a499eafc3eb0578ad2a99622c (6.4-rc1) +CVE-2023-53682 [hwmon: (xgene) Fix ioremap and memremap leak] + - linux 6.1.25-1 + NOTE: https://git.kernel.org/linus/813cc94c7847ae4a17e9f744fb4dbdf7df6bd732 (6.3-rc4) +CVE-2023-53681 [bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent] + - linux 6.4.4-1 + [bookworm] - linux 6.1.52-1 + [bullseye] - linux 5.10.191-1 + NOTE: https://git.kernel.org/linus/80fca8a10b604afad6c14213fdfd816c4eda3ee4 (6.5-rc1) +CVE-2023-53680 [NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL] + - linux 6.1.25-1 + [bullseye] - linux 5.10.221-1 + NOTE: https://git.kernel.org/linus/804d8e0a6e54427268790472781e03bc243f4ee3 (6.3-rc6) +CVE-2023-53679 [wifi: mt7601u: fix an integer underflow] + - linux 6.1.20-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/803f3176c5df3b5582c27ea690f204abb60b19b9 (6.3-rc1) +CVE-2023-53678 [drm/i915: Fix system suspend without fbdev being initialized] + - linux 6.1.20-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8038510b1fe443ffbc0e356db5f47cbb8678a594 (6.3-rc1) +CVE-2023-53677 [drm/i915: Fix memory leaks in i915 selftests] + - linux 6.3.7-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/803033c148f754f32da1b93926c49c22731ec485 (6.4-rc1) +CVE-2023-53676 [scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()] + - linux 6.5.6-1 + [bookworm] - linux 6.1.55-1 + [bullseye] - linux 5.10.197-1 + NOTE: https://git.kernel.org/linus/801f287c93ff95582b0a2d2163f12870a2f076d4 (6.6-rc1) +CVE-2023-53675 [scsi: ses: Fix possible desc_ptr out-of-bounds accesses] + - linux 6.1.20-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/801ab13d50cf3d26170ee073ea8bb4eececb76ab (6.3-rc1) +CVE-2023-53674 [clk: Fix memory leak in devm_clk_notifier_register()] + - linux 6.4.4-1 + [bookworm] - linux 6.1.52-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7fb933e56f77a57ef7cfc59fc34cbbf1b1fa31ff (6.5-rc1) +CVE-2023-53673 [Bluetooth: hci_event: call disconnect callback before deleting conn] + - linux 6.4.11-1 + [bookworm] - linux 6.1.52-1 + NOTE: https://git.kernel.org/linus/7f7cfcb6f0825652973b780f248603e23f16ee90 (6.5-rc3) +CVE-2023-53672 [btrfs: output extra debug info if we failed to find an inline backref] + - linux 6.5.6-1 + [bookworm] - linux 6.1.55-1 + [bullseye] - linux 5.10.197-1 + NOTE: https://git.kernel.org/linus/7f72f50547b7af4ddf985b07fc56600a4deba281 (6.6-rc1) +CVE-2023-53671 [srcu: Delegate work to the boot cpu if using SRCU_SIZE_SMALL] + - linux 6.1.20-1 + NOTE: https://git.kernel.org/linus/7f24626d6dd844bfc6d1f492d214d29c86d02550 (6.3-rc1) +CVE-2023-53670 [nvme-core: fix dev_pm_qos memleak] + - linux 6.4.4-1 + [bookworm] - linux 6.1.52-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7ed5cf8e6d9bfb6a78d0471317edff14f0f2b4dd (6.5-rc1) +CVE-2023-53669 [tcp: fix skb_copy_ubufs() vs BIG TCP] + - linux 6.4.4-1 + [bookworm] - linux 6.1.37-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7e692df3933628d974acb9f5b334d2b3e885e2a6 (6.4-rc1) +CVE-2023-53668 [ring-buffer: Fix deadloop issue on reading trace_pipe] + - linux 6.4.11-1 + [bookworm] - linux 6.1.52-1 + [bullseye] - linux 5.10.191-1 + NOTE: https://git.kernel.org/linus/7e42907f3a7b4ce3a2d1757f6d78336984daf8f5 (6.5-rc2) +CVE-2023-53667 [net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize] + - linux 6.3.7-1 + [bookworm] - linux 6.1.37-1 + [bullseye] - linux 5.10.191-1 + NOTE: https://git.kernel.org/linus/7e01c7f7046efc2c7c192c3619db43292b98e997 (6.4-rc4) +CVE-2023-53666 [ASoC: codecs: wcd938x: fix missing mbhc init error handling] + - linux 6.4.11-1 + [bookworm] - linux 6.1.52-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7dfae2631bfbdebecd35fe7b472ab3cc95c9ed66 (6.5-rc3) +CVE-2023-53665 [md: don't dereference mddev after export_rdev()] + - linux 6.5.6-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7deac114be5fb25a4e865212ed0feaf5f85f2a28 (6.6-rc2) +CVE-2023-53664 [OPP: Fix potential null ptr dereference in dev_pm_opp_get_required_pstate()] + - linux 6.5.3-1 + [bookworm] - linux <not-affected> (Vulnerable code not present) + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7ddd8deb1c3c0363a7e14fafb5df26e2089a69a5 (6.6-rc1) +CVE-2023-53663 [KVM: nSVM: Check instead of asserting on nested TSC scaling support] + - linux 6.5.6-1 + [bookworm] - linux 6.1.55-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7cafe9b8e22bb3d77f130c461aedf6868c4aaf58 (6.6-rc1) +CVE-2023-53662 [ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}] + - linux 6.5.6-1 + [bookworm] - linux 6.1.55-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7ca4b085f430f3774c3838b3da569ceccd6a0177 (6.6-rc1) +CVE-2023-53661 [bnxt: avoid overflow in bnxt_get_nvram_directory()] + - linux 6.3.7-1 + [bookworm] - linux 6.1.37-1 + NOTE: https://git.kernel.org/linus/7c6dddc239abe660598c49ec95ea0ed6399a4b2a (6.4-rc1) +CVE-2023-53660 [bpf, cpumap: Handle skb as well when clean up ptr_ring] + - linux 6.4.11-1 + [bookworm] - linux 6.1.52-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7c62b75cd1a792e14b037fa4f61f9b18914e7de1 (6.5-rc5) +CVE-2023-53659 [iavf: Fix out-of-bounds when setting channels on remove] + - linux 6.4.11-1 + [bookworm] - linux 6.1.52-1 + [bullseye] - linux 5.10.191-1 + NOTE: https://git.kernel.org/linus/7c4bced3caa749ce468b0c5de711c98476b23a52 (6.5-rc3) +CVE-2023-53658 [spi: bcm-qspi: return error if neither hif_mspi nor mspi is available] + - linux 6.4.4-1 + [bookworm] - linux 6.1.52-1 + [bullseye] - linux 5.10.191-1 + NOTE: https://git.kernel.org/linus/7c1f23ad34fcdace50275a6aa1e1969b41c6233f (6.5-rc1) +CVE-2023-53657 [ice: Don't tx before switchdev is fully configured] + - linux 6.5.6-1 + [bookworm] - linux 6.1.55-1 + NOTE: https://git.kernel.org/linus/7aa529a69e92b9aff585e569d5003f7c15d8d60b (6.6-rc1) +CVE-2023-53656 [drivers/perf: hisi: Don't migrate perf to the CPU going to teardown] + - linux 6.4.4-1 + [bookworm] - linux 6.1.52-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7a6a9f1c5a0a875a421db798d4b2ee022dc1ee1a (6.5-rc1) +CVE-2023-53655 [rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-ed] + - linux 6.3.7-1 + [bookworm] - linux 6.1.37-1 + [bullseye] - linux 5.10.191-1 + NOTE: https://git.kernel.org/linus/7a29fb4a4771124bc61de397dbfc1554dbbcc19c (6.4-rc1) +CVE-2022-50555 [tipc: fix a null-ptr-deref in tipc_topsrv_accept] + - linux 6.0.7-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://git.kernel.org/linus/82cb4e4612c633a9ce320e1773114875604a3cce (6.1-rc3) +CVE-2022-50554 [blk-mq: avoid double ->queue_rq() because of early timeout] + - linux 6.1.4-1 + NOTE: https://git.kernel.org/linus/82c229476b8f6afd7e09bc4dc77d89dc19ff7688 (6.2-rc1) +CVE-2022-50553 [tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx'] + - linux 6.1.4-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/82470f7d9044842618c847a7166de2b7458157a7 (6.2-rc1) +CVE-2022-50552 [blk-mq: use quiesced elevator switch when reinitializing queues] + - linux 6.0.3-1 + NOTE: https://git.kernel.org/linus/8237c01f1696bc53c470493bf1fe092a107648a6 (6.1-rc1) +CVE-2022-50551 [wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()] + - linux 6.1.4-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/81d17f6f3331f03c8eafdacea68ab773426c1e3c (6.2-rc1) +CVE-2022-50550 [blk-iolatency: Fix memory leak on add_disk() failures] + - linux 6.1.4-1 + NOTE: https://git.kernel.org/linus/813e693023ba10da9e75067780f8378465bf27cc (6.2-rc1) +CVE-2022-50549 [dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata] + - linux 6.1.4-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/8111964f1b8524c4bb56b02cd9c7a37725ea21fd (6.2-rc1) +CVE-2022-50548 [media: i2c: hi846: Fix memory leak in hi846_parse_dt()] + - linux 6.1.4-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/80113026d415e27483669db7a88b548d1ec3d3d1 (6.2-rc1) +CVE-2022-50547 [media: solo6x10: fix possible memory leak in solo_sysfs_init()] + - linux 6.1.4-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/7f5866dd96d95b74e439f6ee17b8abd8195179fb (6.2-rc1) +CVE-2022-50546 [ext4: fix uninititialized value in 'ext4_evict_inode'] + - linux 6.1.4-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/7ea71af94eaaaf6d9aed24bc94a05b977a741cb9 (6.2-rc1) +CVE-2022-50545 [r6040: Fix kmemleak in probe and remove] + - linux 6.1.4-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/7e43039a49c2da45edc1d9d7c9ede4003ab45a5f (6.2-rc1) +CVE-2022-50544 [usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()] + - linux 6.0.3-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://git.kernel.org/linus/7e271f42a5cc3768cd2622b929ba66859ae21f97 (6.1-rc1) +CVE-2022-50543 [RDMA/rxe: Fix mr->map double free] + - linux 6.1.4-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7d984dac8f6bf4ebd3398af82b357e1d181ecaac (6.2-rc1) +CVE-2022-50542 [media: si470x: Fix use-after-free in si470x_int_in_callback()] + - linux 6.1.4-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/7d21e0b1b41b21d628bf2afce777727bd4479aa5 (6.2-rc1) +CVE-2022-50541 [dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow] + - linux 6.0.3-1 + NOTE: https://git.kernel.org/linus/7c94dcfa8fcff2dba53915f1dabfee49a3df8b88 (6.1-rc1) +CVE-2022-50540 [dmaengine: qcom-adm: fix wrong sizeof config in slave_config] + - linux 6.0.3-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7c8765308371be30f50c1b5b97618b731514b207 (6.1-rc1) +CVE-2022-50539 [ARM: OMAP2+: omap4-common: Fix refcount leak bug] + - linux 6.1.20-1 + NOTE: https://git.kernel.org/linus/7c32919a378782c95c72bc028b5c30dfe8c11f82 (6.3-rc1) +CVE-2022-50538 [vme: Fix error not catched in fake_init()] + - linux 6.1.4-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/7bef797d707f1744f71156b21d41e3b8c946631f (6.2-rc1) +CVE-2022-50537 [firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe()] + - linux 6.1.4-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/7b51161696e803fd5f9ad55b20a64c2df313f95c (6.2-rc1) +CVE-2022-50536 [bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data] + - linux 6.1.4-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/7a9841ca025275b5b0edfb0b618934abb6ceec15 (6.2-rc1) +CVE-2022-50535 [drm/amd/display: Fix potential null-deref in dm_resume] + - linux 6.1.20-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/7a7175a2cd84b7874bebbf8e59f134557a34161b (6.3-rc1) CVE-2023-53654 [octeontx2-af: Add validation before accessing cgx and lmac] - linux 6.4.4-1 [bookworm] - linux 6.1.52-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4ef77189353f842c519f19046459f7e1e56ea04 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4ef77189353f842c519f19046459f7e1e56ea04 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
