Add new batch of CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2024-03-25 20:48:33 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-03-25 20:48:33 +0100
commit: 62443b3b9228f7a245451d0f5edd1b85020968f8 (patch)
tree: 3e8911ca832b08680d84a7e8ba8a411e8dfb9300
parent: 6484bea9c3b70add985f45ad5f7d3cff65caef29 (diff)
41 files changed, 660 insertions, 0 deletions
diff --git a/active/CVE-2021-47136 b/active/CVE-2021-47136
new file mode 100644
index 00000000..d2e8a29c
--- /dev/null
+++ b/active/CVE-2021-47136
@@ -0,0 +1,18 @@
+Description: net: zero-initialize tc skb extension on allocation
+References:
+Notes:
+ carnil> Introduced in 038ebb1a713d ("net/sched: act_ct: fix miss set mru for ovs after
+ carnil> defrag in act_ct")
+ carnil> d29334c15d33 ("net/sched: act_api: fix miss set post_ct for ovs after do
+ carnil> conntrack in act_ct"). Vulnerable versions: 5.7.15 5.9-rc1 5.12-rc5.
+Bugs:
+upstream: released (5.13-rc4) [9453d45ecb6c2199d72e73c993e9d98677a2801b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [ac493452e937b8939eaf2d24cac51a4804b6c20e]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47137 b/active/CVE-2021-47137
new file mode 100644
index 00000000..60a7a4e1
--- /dev/null
+++ b/active/CVE-2021-47137
@@ -0,0 +1,16 @@
+Description: net: lantiq: fix memory corruption in RX ring
+References:
+Notes:
+ carnil> Introduced in fe1a56420cf2 ("net: lantiq: Add Lantiq / Intel VRX200 Ethernet
+ carnil> driver "). Vulnerable versions: 4.20-rc1.
+Bugs:
+upstream: released (5.13-rc4) [c7718ee96dbc2f9c5fc3b578abdf296dd44b9c20]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [5ac72351655f8b033a2935646f53b7465c903418]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47138 b/active/CVE-2021-47138
new file mode 100644
index 00000000..f9ac6665
--- /dev/null
+++ b/active/CVE-2021-47138
@@ -0,0 +1,16 @@
+Description: cxgb4: avoid accessing registers when clearing filters
+References:
+Notes:
+ carnil> Introduced in b1a79360ee86 ("cxgb4: Delete all hash and TCAM filters before
+ carnil> resource cleanup"). Vulnerable versions: 5.2-rc1.
+Bugs:
+upstream: released (5.13-rc4) [88c380df84fbd03f9b137c2b9d0a44b9f2f553b0]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [02f03883fdb10ad7e66717c70ea163a8d27ae6e7]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47139 b/active/CVE-2021-47139
new file mode 100644
index 00000000..cc3aba9d
--- /dev/null
+++ b/active/CVE-2021-47139
@@ -0,0 +1,16 @@
+Description: net: hns3: put off calling register_netdev() until client initialize complete
+References:
+Notes:
+ carnil> Introduced in 08a100689d4b ("net: hns3: re-organize vector handle"). Vulnerable
+ carnil> versions: 5.6-rc1.
+Bugs:
+upstream: released (5.13-rc4) [a289a7e5c1d49b7d47df9913c1cc81fb48fab613]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [a663c1e418a3b5b8e8edfad4bc8e7278c312d6fc]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47140 b/active/CVE-2021-47140
new file mode 100644
index 00000000..1b26ce39
--- /dev/null
+++ b/active/CVE-2021-47140
@@ -0,0 +1,16 @@
+Description: iommu/amd: Clear DMA ops when switching domain
+References:
+Notes:
+ carnil> Introduced in 08a27c1c3ecf ("iommu: Add support to change default domain of an
+ carnil> iommu group"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc4) [d6177a6556f853785867e2ec6d5b7f4906f0d809]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47141 b/active/CVE-2021-47141
new file mode 100644
index 00000000..a520a37d
--- /dev/null
+++ b/active/CVE-2021-47141
@@ -0,0 +1,16 @@
+Description: gve: Add NULL pointer checks when freeing irqs.
+References:
+Notes:
+ carnil> Introduced in 893ce44df565 ("gve: Add basic driver framework for Compute Engine
+ carnil> Virtual NIC"). Vulnerable versions: 5.3-rc1.
+Bugs:
+upstream: released (5.13-rc4) [5218e919c8d06279884aa0baf76778a6817d5b93]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [da21a35c00ff1a1794d4f166d3b3fa8db4d0f6fb]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47142 b/active/CVE-2021-47142
new file mode 100644
index 00000000..f7a40fe7
--- /dev/null
+++ b/active/CVE-2021-47142
@@ -0,0 +1,15 @@
+Description: drm/amdgpu: Fix a use-after-free
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc3) [1e5c37385097c35911b0f8a0c67ffd10ee1af9a2]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [f98cdf084405333ee2f5be548a91b2d168e49276]
+4.19-upstream-stable: released (4.19.193) [a849e218556f932576c0fb1c5a88714b61709a17]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47143 b/active/CVE-2021-47143
new file mode 100644
index 00000000..c4627432
--- /dev/null
+++ b/active/CVE-2021-47143
@@ -0,0 +1,16 @@
+Description: net/smc: remove device from smcd_dev_list after failed device_add()
+References:
+Notes:
+ carnil> Introduced in c6ba7c9ba43d ("net/smc: add base infrastructure for SMC-D and
+ carnil> ISM"). Vulnerable versions: 4.19-rc1.
+Bugs:
+upstream: released (5.13-rc4) [444d7be9532dcfda8e0385226c862fd7e986f607]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [8b2cdc004d21a7255f219706dca64411108f7897]
+4.19-upstream-stable: needed
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47144 b/active/CVE-2021-47144
new file mode 100644
index 00000000..10e65ecd
--- /dev/null
+++ b/active/CVE-2021-47144
@@ -0,0 +1,15 @@
+Description: drm/amd/amdgpu: fix refcount leak
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc3) [fa7e6abc75f3d491bc561734312d065dc9dc2a77]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [9fdb8ed37a3a44f9c49372b69f87fd5f61cb3240]
+4.19-upstream-stable: released (4.19.193) [599e5d61ace952b0bb9bd942b198bbd0cfded1d7]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47145 b/active/CVE-2021-47145
new file mode 100644
index 00000000..e94f00c4
--- /dev/null
+++ b/active/CVE-2021-47145
@@ -0,0 +1,15 @@
+Description: btrfs: do not BUG_ON in link_to_fixup_dir
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc3) [91df99a6eb50d5a1bc70fff4a09a0b7ae6aab96d]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [7e13db503918820e6333811cdc6f151dcea5090a]
+4.19-upstream-stable: released (4.19.193) [6eccfb28f8dca70c9b1b3bb3194ca54cbe73a9fa]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47146 b/active/CVE-2021-47146
new file mode 100644
index 00000000..b2eada1e
--- /dev/null
+++ b/active/CVE-2021-47146
@@ -0,0 +1,16 @@
+Description: mld: fix panic in mld_newpack()
+References:
+Notes:
+ carnil> Introduced in 72e09ad107e7 ("ipv6: avoid high order allocations"). Vulnerable
+ carnil> versions: 2.6.35-rc3.
+Bugs:
+upstream: released (5.13-rc4) [020ef930b826d21c5446fdc9db80fd72a791bc21]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [beb39adb150f8f3b516ddf7c39835a9788704d23]
+4.19-upstream-stable: released (4.19.193) [4b77ad9097067b31237eeeee0bf70f80849680a0]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47147 b/active/CVE-2021-47147
new file mode 100644
index 00000000..c5cc5ffa
--- /dev/null
+++ b/active/CVE-2021-47147
@@ -0,0 +1,16 @@
+Description: ptp: ocp: Fix a resource leak in an error handling path
+References:
+Notes:
+ carnil> Introduced in a7e1abad13f3 ("ptp: Add clock driver for the OpenCompute
+ carnil> TimeCard."). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc4) [9c1bb37f8cad5e2ee1933fa1da9a6baa7876a8e4]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47148 b/active/CVE-2021-47148
new file mode 100644
index 00000000..5df6864e
--- /dev/null
+++ b/active/CVE-2021-47148
@@ -0,0 +1,16 @@
+Description: octeontx2-pf: fix a buffer overflow in otx2_set_rxfh_context()
+References:
+Notes:
+ carnil> Introduced in 81a4362016e7 ("octeontx2-pf: Add RSS multi group support").
+ carnil> Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc4) [e5cc361e21648b75f935f9571d4003aaee480214]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47149 b/active/CVE-2021-47149
new file mode 100644
index 00000000..b1b1ca41
--- /dev/null
+++ b/active/CVE-2021-47149
@@ -0,0 +1,15 @@
+Description: net: fujitsu: fix potential null-ptr-deref
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc3) [52202be1cd996cde6e8969a128dc27ee45a7cb5e]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [71723a796ab7881f491d663c6cd94b29be5fba50]
+4.19-upstream-stable: released (4.19.193) [7883d3895d0fbb0ba9bff0f8665f99974b45210f]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47150 b/active/CVE-2021-47150
new file mode 100644
index 00000000..bd562813
--- /dev/null
+++ b/active/CVE-2021-47150
@@ -0,0 +1,16 @@
+Description: net: fec: fix the potential memory leak in fec_enet_init()
+References:
+Notes:
+ carnil> Introduced in 59d0f7465644 ("net: fec: init multi queue date structure").
+ carnil> Vulnerable versions: 3.18-rc1.
+Bugs:
+upstream: released (5.13-rc4) [619fee9eb13b5d29e4267cb394645608088c28a8]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [8ee7ef4a57a9e1228b6f345aaa70aa8951c7e9cd]
+4.19-upstream-stable: released (4.19.193) [15102886bc8f5f29daaadf2d925591d564c17e9f]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47151 b/active/CVE-2021-47151
new file mode 100644
index 00000000..cbb1acff
--- /dev/null
+++ b/active/CVE-2021-47151
@@ -0,0 +1,16 @@
+Description: interconnect: qcom: bcm-voter: add a missing of_node_put()
+References:
+Notes:
+ carnil> Introduced in 976daac4a1c5 ("interconnect: qcom: Consolidate interconnect RPMh
+ carnil> support"). Vulnerable versions: 5.7-rc1.
+Bugs:
+upstream: released (5.13-rc4) [a00593737f8bac2c9e97b696e7ff84a4446653e8]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [4e3cea8035b6f1b9055e69cc6ebf9fa4e50763ae]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47152 b/active/CVE-2021-47152
new file mode 100644
index 00000000..00fefcfc
--- /dev/null
+++ b/active/CVE-2021-47152
@@ -0,0 +1,16 @@
+Description: mptcp: fix data stream corruption
+References:
+Notes:
+ carnil> Introduced in 18b683bff89d ("mptcp: queue data for mptcp level
+ carnil> retransmission"). Vulnerable versions: 5.7-rc1.
+Bugs:
+upstream: released (5.13-rc4) [29249eac5225429b898f278230a6ca2baa1ae154]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [3267a061096efc91eda52c2a0c61ba76e46e4b34]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47153 b/active/CVE-2021-47153
new file mode 100644
index 00000000..993c17ba
--- /dev/null
+++ b/active/CVE-2021-47153
@@ -0,0 +1,16 @@
+Description: i2c: i801: Don't generate an interrupt on bus reset
+References:
+Notes:
+ carnil> Introduced in 636752bcb517 ("i2c-i801: Enable IRQ for SMBus transactions").
+ carnil> Vulnerable versions: 3.6-rc1.
+Bugs:
+upstream: released (5.13-rc4) [e4d8716c3dcec47f1557024add24e1f3c09eb24b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [b523feb7e8e44652f92f3babb953a976e7ccbbef]
+4.19-upstream-stable: released (4.19.193) [c70e1ba2e7e65255a0ce004f531dd90dada97a8c]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47158 b/active/CVE-2021-47158
new file mode 100644
index 00000000..cef78d31
--- /dev/null
+++ b/active/CVE-2021-47158
@@ -0,0 +1,18 @@
+Description: net: dsa: sja1105: add error handling in sja1105_setup()
+References:
+Notes:
+ carnil> Introduced in 0a7bdbc23d8a ("net: dsa: sja1105: move devlink param code to
+ carnil> sja1105_devlink.c")
+ carnil> 8aa9ebccae87 ("net: dsa: Introduce driver for NXP SJA1105 5-port L2 switch").
+ carnil> Vulnerable versions: 5.2-rc1 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc4) [cec279a898a3b004411682f212215ccaea1cd0fb]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [dd8609f203448ca6d58ae71461208b3f6b0329b0]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47159 b/active/CVE-2021-47159
new file mode 100644
index 00000000..6893562f
--- /dev/null
+++ b/active/CVE-2021-47159
@@ -0,0 +1,16 @@
+Description: net: dsa: fix a crash if ->get_sset_count() fails
+References:
+Notes:
+ carnil> Introduced in badf3ada60ab ("net: dsa: Provide CPU port statistics to master
+ carnil> netdev"). Vulnerable versions: 4.7-rc1.
+Bugs:
+upstream: released (5.13-rc4) [a269333fa5c0c8e53c92b5a28a6076a28cde3e83]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [caff86f85512b8e0d9830e8b8b0dfe13c68ce5b6]
+4.19-upstream-stable: released (4.19.193) [0f2cb08c57edefb0e7b5045e0e3e9980a3d3aa37]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47160 b/active/CVE-2021-47160
new file mode 100644
index 00000000..ed97bcd9
--- /dev/null
+++ b/active/CVE-2021-47160
@@ -0,0 +1,16 @@
+Description: net: dsa: mt7530: fix VLAN traffic leaks
+References:
+Notes:
+ carnil> Introduced in 83163f7dca56 ("net: dsa: mediatek: add VLAN support for MT7530").
+ carnil> Vulnerable versions: 4.16-rc1.
+Bugs:
+upstream: released (5.13-rc4) [474a2ddaa192777522a7499784f1d60691cd831a]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [b91117b66fe875723a4e79ec6263526fffdb44d2]
+4.19-upstream-stable: released (4.19.193) [ae389812733b1b1e8e07fcc238e41db166b5c78d]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47161 b/active/CVE-2021-47161
new file mode 100644
index 00000000..adeb7427
--- /dev/null
+++ b/active/CVE-2021-47161
@@ -0,0 +1,16 @@
+Description: spi: spi-fsl-dspi: Fix a resource leak in an error handling path
+References:
+Notes:
+ carnil> Introduced in 90ba37033cb9 ("spi: spi-fsl-dspi: Add DMA support for Vybrid").
+ carnil> Vulnerable versions: 4.10-rc1.
+Bugs:
+upstream: released (5.13-rc4) [680ec0549a055eb464dce6ffb4bfb736ef87236e]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [fe6921e3b8451a537e01c031b8212366bb386e3e]
+4.19-upstream-stable: released (4.19.199) [00450ed03a17143e2433b461a656ef9cd17c2f1d]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.208-1)
diff --git a/active/CVE-2021-47162 b/active/CVE-2021-47162
new file mode 100644
index 00000000..fe078ee1
--- /dev/null
+++ b/active/CVE-2021-47162
@@ -0,0 +1,16 @@
+Description: tipc: skb_linearize the head skb when reassembling msgs
+References:
+Notes:
+ carnil> Introduced in 45c8b7b175ce ("tipc: allow non-linear first fragment buffer").
+ carnil> Vulnerable versions: 4.1.14 4.2.7 4.3.
+Bugs:
+upstream: released (5.13-rc4) [b7df21cf1b79ab7026f545e7bf837bd5750ac026]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [6da24cfc83ba4f97ea44fc7ae9999a006101755c]
+4.19-upstream-stable: released (4.19.193) [4b1761898861117c97066aea6c58f68a7787f0bf]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47163 b/active/CVE-2021-47163
new file mode 100644
index 00000000..47c51c9a
--- /dev/null
+++ b/active/CVE-2021-47163
@@ -0,0 +1,16 @@
+Description: tipc: wait and exit until all work queues are done
+References:
+Notes:
+ carnil> Introduced in d0f91938bede ("tipc: add ip/udp media type"). Vulnerable
+ carnil> versions: 4.1-rc1.
+Bugs:
+upstream: released (5.13-rc4) [04c26faa51d1e2fe71cf13c45791f5174c37f986]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [5195ec5e365a2a9331bfeb585b613a6e94f98dba]
+4.19-upstream-stable: needed
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47164 b/active/CVE-2021-47164
new file mode 100644
index 00000000..9d7688fd
--- /dev/null
+++ b/active/CVE-2021-47164
@@ -0,0 +1,16 @@
+Description: net/mlx5e: Fix null deref accessing lag dev
+References:
+Notes:
+ carnil> Introduced in 7e51891a237f ("net/mlx5e: Use netdev events to set/del egress acl
+ carnil> forward-to-vport rule"). Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc4) [83026d83186bc48bb41ee4872f339b83f31dfc55]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [2e4b0b95a489259f9d35a3db17023061f8f3d587]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47165 b/active/CVE-2021-47165
new file mode 100644
index 00000000..9c53fc7b
--- /dev/null
+++ b/active/CVE-2021-47165
@@ -0,0 +1,16 @@
+Description: drm/meson: fix shutdown crash when component not probed
+References:
+Notes:
+ carnil> Introduced in fa0c16caf3d7 ("drm: meson_drv add shutdown function"). Vulnerable
+ carnil> versions: 4.14.226 4.19.181 5.4.106 5.10.24 5.11.7 5.12-rc3.
+Bugs:
+upstream: released (5.13-rc4) [7cfc4ea78fc103ea51ecbacd9236abb5b1c490d2]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [d66083c0d6f5125a4d982aa177dd71ab4cd3d212]
+4.19-upstream-stable: released (4.19.193) [e256a0eb43e17209e347409a80805b1659398d68]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47166 b/active/CVE-2021-47166
new file mode 100644
index 00000000..391bf256
--- /dev/null
+++ b/active/CVE-2021-47166
@@ -0,0 +1,16 @@
+Description: NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()
+References:
+Notes:
+ carnil> Introduced in a7d42ddb3099 ("nfs: add mirroring support to pgio layer").
+ carnil> Vulnerable versions: 4.0-rc1 4.1.52 4.4.124 4.9.90.
+Bugs:
+upstream: released (5.13-rc4) [0d0ea309357dea0d85a82815f02157eb7fcda39f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [7087db95c0a06ab201b8ebfac6a7ec1e34257997]
+4.19-upstream-stable: released (4.19.193) [40f139a6d50c232c0d1fd1c5e65a845c62db0ede]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47167 b/active/CVE-2021-47167
new file mode 100644
index 00000000..0ed3fc82
--- /dev/null
+++ b/active/CVE-2021-47167
@@ -0,0 +1,16 @@
+Description: NFS: Fix an Oopsable condition in __nfs_pageio_add_request()
+References:
+Notes:
+ carnil> Introduced in a7d42ddb3099 ("nfs: add mirroring support to pgio layer").
+ carnil> Vulnerable versions: 4.0-rc1 4.1.52 4.4.124 4.9.90.
+Bugs:
+upstream: released (5.13-rc4) [56517ab958b7c11030e626250c00b9b1a24b41eb]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [ee21cd3aa8548e0cbc8c67a80b62113aedd2d101]
+4.19-upstream-stable: needed
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47168 b/active/CVE-2021-47168
new file mode 100644
index 00000000..8b97c4cc
--- /dev/null
+++ b/active/CVE-2021-47168
@@ -0,0 +1,16 @@
+Description: NFS: fix an incorrect limit in filelayout_decode_layout()
+References:
+Notes:
+ carnil> Introduced in 16b374ca439f ("NFSv4.1: pnfs: filelayout: add driver's LAYOUTGET
+ carnil> and GETDEVICEINFO infrastructure"). Vulnerable versions: 2.6.37-rc1.
+Bugs:
+upstream: released (5.13-rc4) [769b01ea68b6c49dc3cde6adf7e53927dacbd3a8]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [9b367fe770b1b80d7bf64ed0d177544a44405f6e]
+4.19-upstream-stable: released (4.19.193) [945ebef997227ca8c20bad7f8a8358c8ee57a84a]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47169 b/active/CVE-2021-47169
new file mode 100644
index 00000000..54ce9fb6
--- /dev/null
+++ b/active/CVE-2021-47169
@@ -0,0 +1,15 @@
+Description: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc4) [016002848c82eeb5d460489ce392d91fe18c475c]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [6a931ceb0b9401fe18d0c500e08164bf9cc7be4b]
+4.19-upstream-stable: released (4.19.193) [35265552c7fe9553c75e324c80f45e28ff14eb6e]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47170 b/active/CVE-2021-47170
new file mode 100644
index 00000000..65b51338
--- /dev/null
+++ b/active/CVE-2021-47170
@@ -0,0 +1,15 @@
+Description: USB: usbfs: Don't WARN about excessively large memory allocations
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc4) [4f2629ea67e7225c3fd292c7fe4f5b3c9d6392de]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [8d83f109e920d2776991fa142bb904d985dca2ed]
+4.19-upstream-stable: released (4.19.193) [2ab21d6e1411999b5fb43434f421f00bf50002eb]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47171 b/active/CVE-2021-47171
new file mode 100644
index 00000000..f69056a3
--- /dev/null
+++ b/active/CVE-2021-47171
@@ -0,0 +1,17 @@
+Description: net: usb: fix memory leak in smsc75xx_bind
+References:
+Notes:
+ carnil> Introduced in d0cad871703b ("smsc75xx: SMSC LAN75xx USB gigabit ethernet
+ carnil> adapter driver"). Vulnerable versions: 2.6.34-rc2 3.16.61 3.18.120 4.4.152
+ carnil> 4.9.124 4.14.67 4.17.19.
+Bugs:
+upstream: released (5.13-rc4) [46a8b29c6306d8bbfd92b614ef65a47c900d8e70]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [635ac38b36255d3cfb8312cf7c471334f4d537e0]
+4.19-upstream-stable: released (4.19.193) [9e6a3eccb28779710cbbafc4f4258d92509c6d07]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47172 b/active/CVE-2021-47172
new file mode 100644
index 00000000..def6a22a
--- /dev/null
+++ b/active/CVE-2021-47172
@@ -0,0 +1,16 @@
+Description: iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers
+References:
+Notes:
+ carnil> Introduced in d7857e4ee1ba6 ("iio: adc: ad7124: Fix DT channel configuration").
+ carnil> Vulnerable versions: 5.4.14 5.5-rc7.
+Bugs:
+upstream: released (5.13-rc4) [f2a772c51206b0c3f262e4f6a3812c89a650191b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [f70122825076117787b91e7f219e21c09f11a5b9]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47173 b/active/CVE-2021-47173
new file mode 100644
index 00000000..7d6b3624
--- /dev/null
+++ b/active/CVE-2021-47173
@@ -0,0 +1,16 @@
+Description: misc/uss720: fix memory leak in uss720_probe
+References:
+Notes:
+ carnil> Introduced in 0f36163d3abe ("[PATCH] usb: fix uss720 schedule with interrupts
+ carnil> off"). Vulnerable versions: 2.6.14-rc1.
+Bugs:
+upstream: released (5.13-rc4) [dcb4b8ad6a448532d8b681b5d1a7036210b622de]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [5394ae9d8c7961dd93807fdf1b12a1dde96b0a55]
+4.19-upstream-stable: released (4.19.193) [386918878ce4cd676e4607233866e03c9399a46a]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47174 b/active/CVE-2021-47174
new file mode 100644
index 00000000..95f78369
--- /dev/null
+++ b/active/CVE-2021-47174
@@ -0,0 +1,16 @@
+Description: netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version
+References:
+Notes:
+ carnil> Introduced in 7400b063969b ("nft_set_pipapo: Introduce AVX2-based lookup
+ carnil> implementation"). Vulnerable versions: 5.7-rc1.
+Bugs:
+upstream: released (5.13-rc4) [f0b3d338064e1fe7531f0d2977e35f3b334abfb4]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [b1f45a26bd322525c14edd9504f6d46dfad679a4]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47175 b/active/CVE-2021-47175
new file mode 100644
index 00000000..4a578144
--- /dev/null
+++ b/active/CVE-2021-47175
@@ -0,0 +1,16 @@
+Description: net/sched: fq_pie: fix OOB access in the traffic path
+References:
+Notes:
+ carnil> Introduced in ec97ecf1ebe4 ("net: sched: add Flow Queue PIE packet scheduler").
+ carnil> Vulnerable versions: 5.6-rc1.
+Bugs:
+upstream: released (5.13-rc4) [e70f7a11876a1a788ceadf75e9e5f7af2c868680]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [e6294c06e7c62ffdd5bf3df696d3a4fcbb753d3c]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47176 b/active/CVE-2021-47176
new file mode 100644
index 00000000..5fee9edd
--- /dev/null
+++ b/active/CVE-2021-47176
@@ -0,0 +1,16 @@
+Description: s390/dasd: add missing discipline function
+References:
+Notes:
+ carnil> Introduced in b72949328869 ("s390/dasd: Prepare for additional path event
+ carnil> handling"). Vulnerable versions: 5.4.235 5.10.173 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc4) [c0c8a8397fa8a74d04915f4d3d28cb4a5d401427]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.175) [aa8579bc084673c651204f7cd0d6308a47dffc16]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47177 b/active/CVE-2021-47177
new file mode 100644
index 00000000..ca669707
--- /dev/null
+++ b/active/CVE-2021-47177
@@ -0,0 +1,16 @@
+Description: iommu/vt-d: Fix sysfs leak in alloc_iommu()
+References:
+Notes:
+ carnil> Introduced in 39ab9555c2411 ("iommu: Add sysfs bindings for struct
+ carnil> iommu_device"). Vulnerable versions: 4.11-rc1.
+Bugs:
+upstream: released (5.13-rc4) [0ee74d5a48635c848c20f152d0d488bf84641304]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [f01134321d04f47c718bb41b799bcdeda27873d2]
+4.19-upstream-stable: released (4.19.193) [2ec5e9bb6b0560c90d315559c28a99723c80b996]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47178 b/active/CVE-2021-47178
new file mode 100644
index 00000000..3a0a73ff
--- /dev/null
+++ b/active/CVE-2021-47178
@@ -0,0 +1,20 @@
+Description: scsi: target: core: Avoid smp_processor_id() in preemptible code
+References:
+Notes:
+ carnil> Introduced in 1526d9f10c61 ("scsi: target: Make state_list per CPU").
+ carnil> Vulnerable versions: 5.10.180 5.11-rc1.
+ carnil> Technically N/A for sid branch as no released version in unstable
+ carnil> was ever affected. But the issue was backported in the 5.10.y series.
+ carnil> As wokraround for the security-tracker import mark the unstable
+ carnil> 5.14.6-1 as the fixed one.
+Bugs:
+upstream: released (5.13-rc4) [70ca3c57ff914113f681e657634f7fbfa68e1ad1]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47179 b/active/CVE-2021-47179
new file mode 100644
index 00000000..68fe90c7
--- /dev/null
+++ b/active/CVE-2021-47179
@@ -0,0 +1,17 @@
+Description: NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
+References:
+Notes:
+ carnil> Introduced in de144ff4234f ("NFSv4: Don't discard segments marked for return in
+ carnil> _pnfs_return_layout()"). Vulnerable versions: 4.9.269 4.14.233 4.19.191 5.4.118
+ carnil> 5.10.36 5.11.20 5.12.3 5.13-rc1.
+Bugs:
+upstream: released (5.13-rc4) [a421d218603ffa822a0b8045055c03eae394a7eb]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.42) [f9890652185b72b8de9ebeb4406037640b6e1b53]
+4.19-upstream-stable: released (4.19.193) [39785761feadf261bc5101372b0b0bbaf6a94494]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47180 b/active/CVE-2021-47180
new file mode 100644
index 00000000..68dfae55
--- /dev/null
+++ b/active/CVE-2021-47180
@@ -0,0 +1,16 @@
+Description: NFC: nci: fix memory leak in nci_allocate_device
+References:
+Notes:
+ carnil> Introduced in 11f54f228643 ("NFC: nci: Add HCI over NCI protocol support").
+ carnil> Vulnerable versions: 4.0-rc1.
+Bugs:
+upstream: released (5.13-rc4) [e0652f8bb44d6294eeeac06d703185357f25d50b]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.41) [b34cb7ac32cc8e5471dc773180ea9ae676b1a745]
+4.19-upstream-stable: released (4.19.193) [0365701bc44e078682ee1224866a71897495c7ef]
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.46-1)
+4.19-buster-security: released (4.19.194-1)
author	Salvatore Bonaccorso <carnil@debian.org>	2024-03-25 20:48:33 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-03-25 20:48:33 +0100
commit	62443b3b9228f7a245451d0f5edd1b85020968f8 (patch)
tree	3e8911ca832b08680d84a7e8ba8a411e8dfb9300
parent	6484bea9c3b70add985f45ad5f7d3cff65caef29 (diff)