- linux-5.10.205-1 (debian11)
- 5.10.221-1
- 2024-07-18 22:00:50
- 2024-07-24 14:37:01
- K20240718_04
- CVE-2024-1086, CVSSv2 Score: 7.8
- Description:
netfilter: nf_tables: reject QUEUE/DROP verdict parameters
- CVE: https://security-tracker.debian.org/tracker/CVE-2024-1086
- Patch: debian11/CVE-2024-1086-netfilter-nf_tables-reject-QUEUE_DROP-verdict-parameters.patch
- From: 5.10.209-2
- CVE-2024-0646, CVSSv2 Score: 7.8
- Description:
net: tls, update curr on splice as well
- CVE: https://security-tracker.debian.org/tracker/CVE-2024-0646
- Patch: debian11/5.10.209-2/CVE-2024-0646-patch-net-tls-update-curr-on-splice-as-well.patch
- From: 5.10.209-1
- CVE-2023-6040, CVSSv2 Score: 7.8
- Description:
netfilter: nf_tables: Reject tables of unsupported family
- CVE: https://security-tracker.debian.org/tracker/CVE-2023-6040
- Patch: debian11/5.10.209-2/CVE-2023-6040-patch-netfilter-nf-tables-reject-tables-of-unsupported-family.patch
- From: 5.10.209-1
- CVE-2023-39198, CVSSv2 Score: 7.5
- Description:
drm/qxl: fix UAF on handle creation
- CVE: https://security-tracker.debian.org/tracker/CVE-2023-39198
- Patch: debian11/5.10.209-2/CVE-2023-39198-patch-drm-qxl-fix-uaf-on-handle-creation.patch
- From: 5.10.209-1
- CVE-2023-46838, CVSSv2 Score: 7.5
- Description:
xen-netback: don't produce zero-size SKB frags
- CVE: https://security-tracker.debian.org/tracker/CVE-2023-46838
- Patch: debian11/5.10.209-2/CVE-2023-46838-patch-xen-netback-don-t-produce-zero-size-skb-frags.patch
- From: 5.10.209-1
- CVE-2023-6915, CVSSv2 Score: 7.5
- Description:
[PATCH] ida: Fix crash in ida_free when the bitmap is empty
- CVE: https://security-tracker.debian.org/tracker/CVE-2023-6915
- Patch: debian11/5.10.209-2/CVE-2023-6915-patch-ida-fix-crash-in-ida-free-when-the-bitmap-is-empty.patch
- From: 5.10.209-1
- CVE-2023-6606, CVSSv2 Score: 7.1
- Description:
smb: client: fix OOB in smbCalcSize()
- CVE: https://security-tracker.debian.org/tracker/CVE-2023-6606
- Patch: debian11/5.10.209-2/CVE-2023-6606-patch-smb-client-fix-oob-in-smbcalcsize.patch
- From: 5.10.209-1
- CVE-2023-51779, CVSSv2 Score: 7.0
- Description:
Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
- CVE: https://security-tracker.debian.org/tracker/CVE-2023-51779
- Patch: debian11/5.10.209-2/CVE-2023-51779-patch-bluetooth-af-bluetooth-fix-use-after-free-in.patch
- From: 5.10.209-1
- CVE-2023-52340, CVSSv2 Score: 6.5
- Description:
ipv6: remove max_size check inline with ipv4
- CVE: https://security-tracker.debian.org/tracker/CVE-2023-52340
- Patch: debian11/5.10.209-2/CVE-2023-52340-patch-ipv6-remove-max-size-check-inline-with-ipv4.patch
- From: 5.10.209-1
- CVE-2023-52604, CVSSv2 Score: 7.8
- Description:
FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
- CVE: https://security-tracker.debian.org/tracker/CVE-2023-52604
- Patch: debian11/5.10.216-1/CVE-2023-52604-fs-jfs-ubsan-array-index-out-of-bounds-in-dbAdjTree.patch
- From: 5.10.216-1
- CVE-2023-52601, CVSSv2 Score: 7.1
- Description:
jfs: fix array-index-out-of-bounds in dbAdjTree
- CVE: https://security-tracker.debian.org/tracker/CVE-2023-52601
- Patch: debian11/5.10.216-1/CVE-2023-52601-jfs-fix-array-index-out-of-bounds-in-dbadjtree-205.patch
- From: 5.10.216-1
- CVE-2024-26593, CVSSv2 Score: 7.1
- Description:
i2c: i801: Fix block process call transactions
- CVE: https://security-tracker.debian.org/tracker/CVE-2024-26593
- Patch: debian11/5.10.216-1/CVE-2024-26593-i2c-i801-fix-block-process-call-transactions-205.patch
- From: 5.10.216-1
- CVE-2023-52603, CVSSv2 Score: 7.1
- Description:
UBSAN: array-index-out-of-bounds in dtSplitRoot
- CVE: https://security-tracker.debian.org/tracker/CVE-2023-52603
- Patch: debian11/5.10.216-1/CVE-2023-52603-ubsan-array-index-out-of-bounds-in-dtsplitroot.patch
- From: 5.10.216-1
- CVE-2023-52599, CVSSv2 Score: 7.1
- Description:
jfs: fix array-index-out-of-bounds in diNewExt
- CVE: https://security-tracker.debian.org/tracker/CVE-2023-52599
- Patch: debian11/5.10.216-1/CVE-2023-52599-jfs-fix-array-index-out-of-bounds-in-dinewext.patch
- From: 5.10.216-1
- CVE-2023-6270 CVE-2024-26898, CVSSv2 Score: 4.4
- Description:
aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
- CVE: https://security-tracker.debian.org/tracker/CVE-2024-26898
- Patch: debian11/5.10.216-1/CVE-2023-6270-CVE-2024-26898-aoe-fix-the-potential-use-after-free-problem-in.patch
- From: 5.10.216-1
- CVE-2023-52597, CVSSv2 Score:
- Description:
CVE patch is for s390 arch only
- CVE:
- Patch: skipped/CVE-2023-52597.patch
- From:
- CVE-2023-52606, CVSSv2 Score:
- Description:
CVE patch is for powerpc arch only
- CVE:
- Patch: skipped/CVE-2023-52606.patch
- From:
- CVE-2023-52434, CVSSv2 Score: 8.0
- Description:
smb: client: fix potential OOBs in smb2_parse_contexts()
- CVE: https://security-tracker.debian.org/tracker/CVE-2023-52434
- Patch: debian11/5.10.216-1/CVE-2023-52434-smb-client-fix-potential-oobs-in-smb2-parse-contexts.patch
- From: 5.10.216-1
- CVE-2023-52600, CVSSv2 Score: 7.8
- Description:
jfs: fix uaf in jfs_evict_inode
- CVE: https://security-tracker.debian.org/tracker/CVE-2023-52600
- Patch: debian11/5.10.216-1/CVE-2023-52600-jfs-fix-uaf-in-jfs-evict-inode.patch
- From: 5.10.216-1
- CVE-2024-0565, CVSSv2 Score: 8.8
- Description:
smb: client: fix OOB in receive_encrypted_standard()
- CVE: https://security-tracker.debian.org/tracker/CVE-2024-0565
- Patch: debian11/5.10.216-1/CVE-2024-0565-smb-client-fix-oob-in-receive-encrypted-standard.patch
- From: 5.10.216-1
- CVE-2024-0607, CVSSv2 Score: 7.8
- Description:
netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
- CVE: https://security-tracker.debian.org/tracker/CVE-2024-0607
- Patch: debian11/5.10.216-1/CVE-2024-0607-netfilter-nf-tables-fix-pointer-math-issue-in.patch
- From: 5.10.216-1
- CVE-2024-0841, CVSSv2 Score: 7.8
- Description:
fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
- CVE: https://security-tracker.debian.org/tracker/CVE-2024-0841
- Patch: debian11/5.10.216-1/CVE-2024-0841-fs-hugetlb-fix-null-pointer-dereference-in.patch
- From: 5.10.216-1
- CVE-2024-26622, CVSSv2 Score: 7.8
- Description:
tomoyo: fix UAF write bug in tomoyo_write_control()
- CVE: https://security-tracker.debian.org/tracker/CVE-2024-26622
- Patch: debian11/5.10.216-1/CVE-2024-26622-tomoyo-fix-uaf-write-bug-in-tomoyo-write-control.patch
- From: 5.10.216-1
- CVE-2024-26625, CVSSv2 Score: 7.8
- Description:
llc: call sock_orphan() at release time
- CVE: https://security-tracker.debian.org/tracker/CVE-2024-26625
- Patch: debian11/5.10.216-1/CVE-2024-26625-llc-call-sock-orphan-at-release-time.patch
- From: 5.10.216-1
- CVE-2024-26688, CVSSv2 Score:
- Description:
CVE patch is the same as CVE-2024-0841
- CVE:
- Patch: skipped/CVE-2024-26688.patch
- From:
- CVE-2024-24857, CVSSv2 Score: 6.8
- Description:
Bluetooth: Fix TOCTOU in HCI debugfs implementation
- CVE: https://security-tracker.debian.org/tracker/CVE-2024-24857
- Patch: debian11/5.10.216-1/CVE-2024-24857-bluetooth-fix-toctou-in-hci-debugfs-implementation.patch
- From: 5.10.216-1
- CVE-2023-52482, CVSSv2 Score:
- Description:
CVE patch is for AMD Inception vulnerability related to Speculative Return Stack Overflow (SRSO)
- CVE:
- Patch: skipped/CVE-2023-52482.patch
- From:
- CVE-2024-26581, CVSSv2 Score: 7.8
- Description:
netfilter: nft_set_rbtree: skip end interval element from gc
- CVE: https://security-tracker.debian.org/tracker/CVE-2024-26581
- Patch: debian11/5.10.216-1/CVE-2024-26581-netfilter-nft-set-rbtree-skip-end-interval-element-from-gc_new.patch
- From: 5.10.216-1
- CVE-2023-52447, CVSSv2 Score: 7.8
- Description:
bpf: Add map and need_defer parameters to .map_fd_put_ptr()
- CVE: https://security-tracker.debian.org/tracker/CVE-2023-52447
- Patch: debian11/5.10.216-1/CVE-2023-52447-bpf-Add-map-and-need_defer-parameters-to-map_fd_put.patch
- From: 5.10.216-1
- CVE-2023-52447, CVSSv2 Score: 7.8
- Description:
rcu-tasks: Provide rcu_trace_implies_rcu_gp()
- CVE: https://security-tracker.debian.org/tracker/CVE-2023-52447
- Patch: debian11/5.10.216-1/CVE-2023-52447-rcu-tasks-Provide-rcu_trace_implies_rcu_gp.patch
- From: 5.10.216-1
- CVE-2023-52447, CVSSv2 Score: 7.8
- Description:
bpf: Defer the free of inner map when necessary
- CVE: https://security-tracker.debian.org/tracker/CVE-2023-52447
- Patch: debian11/5.10.216-1/CVE-2023-52447-bpf-defer-the-free-of-inner-map-when-necessary_new.patch
- From: 5.10.216-1
- CVE-2023-52447, CVSSv2 Score: 7.8
- Description:
bpf: Defer the free of inner map when necessary
- CVE: https://security-tracker.debian.org/tracker/CVE-2023-52447
- Patch: debian11/5.10.216-1/CVE-2023-52447-bpf-defer-the-free-of-inner-map-when-necessary_new-kpatch.patch
- From: 5.10.216-1
- CVE-2024-26900, CVSSv2 Score: 5.5
- Description:
md: fix kmemleak of rdev->serial
- CVE: https://security-tracker.debian.org/tracker/CVE-2024-26900
- Patch: debian11/5.10.218-1/CVE-2024-26900-md-fix-kmemleak-of-rdev-serial.patch
- From: 5.10.218-1
- CVE-2024-27398, CVSSv2 Score: 5.5
- Description:
Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
- CVE: https://security-tracker.debian.org/tracker/CVE-2024-27398
- Patch: debian11/5.10.218-1/CVE-2024-27398-Bluetooth-Fix-use-after-free-bugs-caused-by-sco_sock_timeout.patch
- From: 5.10.218-1
- CVE-2022-48655, CVSSv2 Score: 7.8
- Description:
firmware: arm_scmi: Harden accesses to the reset domains
- CVE: https://security-tracker.debian.org/tracker/CVE-2022-48655
- Patch: debian11/5.10.218-1/CVE-2022-48655-firmware-arm_scmi-Harden-accesses-to-the-reset-domains.patch
- From: 5.10.218-1
- CVE-2024-35947, CVSSv2 Score: 5.5
- Description:
dyndbg: fix old BUG_ON in >control parser
- CVE: https://security-tracker.debian.org/tracker/CVE-2024-35947
- Patch: debian11/5.10.218-1/CVE-2024-35947-dyndbg-fix-old-BUG_ON-in-control-parser.patch
- From: 5.10.218-1
- CVE-2024-27401, CVSSv2 Score: 5.5
- Description:
firewire: nosy: ensure user_length is taken into account when fetching packet contents
- CVE: https://security-tracker.debian.org/tracker/CVE-2024-27401
- Patch: debian11/5.10.218-1/CVE-2024-27401-firewire-nosy-ensure-user_length-is-taken-into-account-when-fetching-packet-contents.patch
- From: 5.10.218-1
- CVE-2024-27399, CVSSv2 Score: 5.5
- Description:
Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout
- CVE: https://security-tracker.debian.org/tracker/CVE-2024-27399
- Patch: debian11/5.10.218-1/CVE-2024-27399-Bluetooth-l2cap-fix-null-ptr-deref-in-l2cap_chan_timeout.patch
- From: 5.10.218-1
- CVE-2024-35848, CVSSv2 Score: 5.5
- Description:
eeprom: at24: fix memory corruption race condition
- CVE: https://security-tracker.debian.org/tracker/CVE-2024-35848
- Patch: debian11/5.10.218-1/CVE-2024-35848-eeprom-at24-fix-memory-corruption-race-condition.patch
- From: 5.10.218-1
- CVE-2023-52585, CVSSv2 Score: 4.4
- Description:
drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()
- CVE: https://security-tracker.debian.org/tracker/CVE-2023-52585
- Patch: debian11/5.10.218-1/CVE-2023-52585-drm-amdgpu-Fix-possible-NULL-dereference-in-amdgpu_ras_query_error_status_helper.patch
- From: 5.10.218-1
- N/A, CVSSv2 Score:
- Description:
Restrict access to pagemap/kpageflags/kpagecount
- CVE: http://googleprojectzero.blogspot.ru/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
- Patch: 5.10.0/proc-restrict-pagemap-access.patch
- From: