summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2024-03-15 21:45:18 +0100
committerSalvatore Bonaccorso <carnil@debian.org>2024-03-15 21:45:18 +0100
commit64a38df8b392033c012ab5b8b6bf22aa84f652f8 (patch)
tree990e39fd16081733df367f7e06259e0dbafb8fb2
parent8cdf38b8945b5e6fa0554d35eab20a73aa23425c (diff)
Add new batch of CVEs
One source of problem for the automatic processing was the following manual fixup: - detection of N/A in case the version never affected a unstable released version and so the sid: field should be N/A "Vulnerable code not present" - The second manual fixup is where 5.14.6-1 was placed as fixed version for sid, as it should have been 5.10.46-1 as this is before the branching point. There is no such support of tracking branching points yet so it seems to cause fallouts on the recent CVEs assigned by importing the issues from the GSD.
Diffstat
-rw-r--r--active/CVE-2021-4710916
-rw-r--r--active/CVE-2021-4711015
-rw-r--r--active/CVE-2021-4711116
-rw-r--r--active/CVE-2021-4711215
-rw-r--r--active/CVE-2021-4711315
-rw-r--r--active/CVE-2021-4711415
-rw-r--r--active/CVE-2021-4711516
-rw-r--r--active/CVE-2021-4711615
-rw-r--r--active/CVE-2021-4711715
-rw-r--r--active/CVE-2021-4711816
-rw-r--r--active/CVE-2021-4711918
-rw-r--r--active/CVE-2021-4712016
-rw-r--r--active/CVE-2021-4712116
-rw-r--r--active/CVE-2021-4712216
-rw-r--r--active/CVE-2021-4712316
-rw-r--r--active/CVE-2021-4712416
-rw-r--r--active/CVE-2021-4712516
-rw-r--r--active/CVE-2021-4712618
-rw-r--r--active/CVE-2021-4712716
-rw-r--r--active/CVE-2021-4712816
-rw-r--r--active/CVE-2021-4712916
-rw-r--r--active/CVE-2021-4713016
-rw-r--r--active/CVE-2021-4713116
-rw-r--r--active/CVE-2021-4713216
-rw-r--r--active/CVE-2021-4713316
-rw-r--r--active/CVE-2021-4713416
-rw-r--r--active/CVE-2021-4713516
27 files changed, 430 insertions, 0 deletions
diff --git a/active/CVE-2021-47109 b/active/CVE-2021-47109
new file mode 100644
index 00000000..54604371
--- /dev/null
+++ b/active/CVE-2021-47109
@@ -0,0 +1,16 @@
+Description: neighbour: allow NUD_NOARP entries to be forced GCed
+References:
+Notes:
+ carnil> Introduced in 58956317c8de (neighbor: Improve garbage collection). Vulnerable
+ carnil> versions: 5.0-rc1.
+Bugs:
+upstream: released (5.13-rc7) [7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [d17d47da59f726dc4c87caebda3a50333d7e2fd3]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47110 b/active/CVE-2021-47110
new file mode 100644
index 00000000..50bfadd1
--- /dev/null
+++ b/active/CVE-2021-47110
@@ -0,0 +1,15 @@
+Description: x86/kvm: Disable kvmclock on all CPUs on shutdown
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc2) [c02027b5742b5aa804ef08a4a9db433295533046]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [3b0becf8b1ecf642a9edaf4c9628ffc641e490d6]
+4.19-upstream-stable: needed
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47111 b/active/CVE-2021-47111
new file mode 100644
index 00000000..065a14aa
--- /dev/null
+++ b/active/CVE-2021-47111
@@ -0,0 +1,16 @@
+Description: xen-netback: take a reference to the RX task thread
+References:
+Notes:
+ carnil> Introduced in 2ac061ce97f4 ('xen/netback: cleanup init and deinit code').
+ carnil> Vulnerable versions: 5.5-rc1.
+Bugs:
+upstream: released (5.13-rc6) [107866a8eb0b664675a260f1ba0655010fac1e08]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [6b53db8c4c14b4e7256f058d202908b54a7b85b4]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47112 b/active/CVE-2021-47112
new file mode 100644
index 00000000..ddfb141c
--- /dev/null
+++ b/active/CVE-2021-47112
@@ -0,0 +1,15 @@
+Description: x86/kvm: Teardown PV features on boot CPU as well
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc2) [8b79feffeca28c5459458fe78676b081e87c93a4]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [38b858da1c58ad46519a257764e059e663b59ff2]
+4.19-upstream-stable: needed
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47113 b/active/CVE-2021-47113
new file mode 100644
index 00000000..d5bccfcb
--- /dev/null
+++ b/active/CVE-2021-47113
@@ -0,0 +1,15 @@
+Description: btrfs: abort in rename_exchange if we fail to insert the second ref
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc5) [dc09ef3562726cd520c8338c1640872a60187af5]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [0df50d47d17401f9f140dfbe752a65e5d72f9932]
+4.19-upstream-stable: needed
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47114 b/active/CVE-2021-47114
new file mode 100644
index 00000000..b40b06d4
--- /dev/null
+++ b/active/CVE-2021-47114
@@ -0,0 +1,15 @@
+Description: ocfs2: fix data corruption by fallocate
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc5) [6bba4471f0cc1296fe3c2089b9e52442d3074b2e]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [c8d5faee46242c3f33b8a71a4d7d52214785bfcc]
+4.19-upstream-stable: released (4.19.194) [cec4e857ffaa8c447f51cd8ab4e72350077b6770]
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47115 b/active/CVE-2021-47115
new file mode 100644
index 00000000..f3dcec9a
--- /dev/null
+++ b/active/CVE-2021-47115
@@ -0,0 +1,16 @@
+Description: nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
+References:
+Notes:
+ carnil> Introduced in d646960f7986 ("NFC: Initial LLCP support"). Vulnerable versions:
+ carnil> 3.3-rc1.
+Bugs:
+upstream: released (5.13-rc5) [4ac06a1e013cf5fdd963317ffd3b968560f33bba]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [48ee0db61c8299022ec88c79ad137f290196cac2]
+4.19-upstream-stable: released (4.19.194) [93e4ac2a9979a9a4ecc158409ed9c3044dc0ae1f]
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47116 b/active/CVE-2021-47116
new file mode 100644
index 00000000..a86673f5
--- /dev/null
+++ b/active/CVE-2021-47116
@@ -0,0 +1,15 @@
+Description: ext4: fix memory leak in ext4_mb_init_backend on error path.
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc5) [a8867f4e3809050571c98de7a2d465aff5e4daf5]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [2050c6e5b161e5e25ce3c420fef58b24fa388a49]
+4.19-upstream-stable: needed
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47117 b/active/CVE-2021-47117
new file mode 100644
index 00000000..83a24607
--- /dev/null
+++ b/active/CVE-2021-47117
@@ -0,0 +1,15 @@
+Description: ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.13-rc5) [082cd4ec240b8734a82a89ffb890216ac98fec68]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [d3b668b96ad3192c0581a248ae2f596cd054792a]
+4.19-upstream-stable: released (4.19.194) [569496aa3776eea1ff0d49d0174ac1b7e861e107]
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47118 b/active/CVE-2021-47118
new file mode 100644
index 00000000..210b07e5
--- /dev/null
+++ b/active/CVE-2021-47118
@@ -0,0 +1,16 @@
+Description: pid: take a reference when initializing `cad_pid`
+References:
+Notes:
+ carnil> Introduced in 9ec52099e4b8678a ("[PATCH] replace cad_pid by a struct pid").
+ carnil> Vulnerable versions: 2.6.19-rc1.
+Bugs:
+upstream: released (5.13-rc5) [0711f0d7050b9e07c44bc159bbc64ac0a1022c7f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [7178be006d495ffb741c329012da289b62dddfe6]
+4.19-upstream-stable: released (4.19.194) [d106f05432e60f9f62d456ef017687f5c73cb414]
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47119 b/active/CVE-2021-47119
new file mode 100644
index 00000000..7095baff
--- /dev/null
+++ b/active/CVE-2021-47119
@@ -0,0 +1,18 @@
+Description: ext4: fix memory leak in ext4_fill_super
+References:
+Notes:
+ carnil> Introduced in ce40733ce93d ("ext4: Check for return value from
+ carnil> sb_set_blocksize")
+ carnil> ac27a0ec112a ("ext4: initial copy of files from ext3"). Vulnerable versions:
+ carnil> 2.6.19-rc2 2.6.25-rc1.
+Bugs:
+upstream: released (5.13-rc5) [afd09b617db3786b6ef3dc43e28fe728cfea84df]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [01d349a481f0591230300a9171330136f9159bcd]
+4.19-upstream-stable: needed
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47120 b/active/CVE-2021-47120
new file mode 100644
index 00000000..7ccb3f60
--- /dev/null
+++ b/active/CVE-2021-47120
@@ -0,0 +1,16 @@
+Description: HID: magicmouse: fix NULL-deref on disconnect
+References:
+Notes:
+ carnil> Introduced in 9d7b18668956 ("HID: magicmouse: add support for Apple Magic
+ carnil> Trackpad 2"). Vulnerable versions: 4.20-rc1.
+Bugs:
+upstream: released (5.13-rc5) [4b4f6cecca446abcb686c6e6c451d4f1ec1a7497]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [b5d013c4c76b276890135b5d32803c4c63924b77]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47121 b/active/CVE-2021-47121
new file mode 100644
index 00000000..62703df2
--- /dev/null
+++ b/active/CVE-2021-47121
@@ -0,0 +1,16 @@
+Description: net: caif: fix memory leak in cfusbl_device_notify
+References:
+Notes:
+ carnil> Introduced in 7ad65bf68d70 ("caif: Add support for CAIF over CDC NCM USB
+ carnil> interface"). Vulnerable versions: 3.3-rc1.
+Bugs:
+upstream: released (5.13-rc5) [7f5d86669fa4d485523ddb1d212e0a2d90bd62bb]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [46403c1f80b0d3f937ff9c4f5edc63bb64bc5051]
+4.19-upstream-stable: released (4.19.194) [9ea0ab48e755d8f29fe89eb235fb86176fdb597f]
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47122 b/active/CVE-2021-47122
new file mode 100644
index 00000000..6c9933cd
--- /dev/null
+++ b/active/CVE-2021-47122
@@ -0,0 +1,16 @@
+Description: net: caif: fix memory leak in caif_device_notify
+References:
+Notes:
+ carnil> Introduced in 7c18d2205ea7 ("caif: Restructure how link caif link layer
+ carnil> enroll"). Vulnerable versions: 3.3-rc1.
+Bugs:
+upstream: released (5.13-rc5) [b53558a950a89824938e9811eddfc8efcd94e1bb]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [af2806345a37313f01b1c9f15e046745b8ee2daa]
+4.19-upstream-stable: released (4.19.194) [3be863c11cab725add9fef4237ed4e232c3fc3bb]
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: released (4.19.194-1)
diff --git a/active/CVE-2021-47123 b/active/CVE-2021-47123
new file mode 100644
index 00000000..d1c163e4
--- /dev/null
+++ b/active/CVE-2021-47123
@@ -0,0 +1,16 @@
+Description: io_uring: fix ltout double free on completion race
+References:
+Notes:
+ carnil> Introduced in 90cd7e424969d ("io_uring: track link timeout's master
+ carnil> explicitly"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc2) [447c19f3b5074409c794b350b10306e1da1ef4ba]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47124 b/active/CVE-2021-47124
new file mode 100644
index 00000000..23c07b01
--- /dev/null
+++ b/active/CVE-2021-47124
@@ -0,0 +1,16 @@
+Description: io_uring: fix link timeout refs
+References:
+Notes:
+ carnil> Introduced in 9ae1f8dd372e0 ("io_uring: fix inconsistent lock state").
+ carnil> Vulnerable versions: 5.10.26 5.11.6 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc2) [a298232ee6b9a1d5d732aa497ff8be0d45b5bd82]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.55) [6f5d7a45f58d3abe3a936de1441b8d6318f978ff]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47125 b/active/CVE-2021-47125
new file mode 100644
index 00000000..202a0e78
--- /dev/null
+++ b/active/CVE-2021-47125
@@ -0,0 +1,16 @@
+Description: sch_htb: fix refcount leak in htb_parent_to_leaf_offload
+References:
+Notes:
+ carnil> Introduced in ae81feb7338c ("sch_htb: fix null pointer dereference on a null
+ carnil> new_q"). Vulnerable versions: 5.12-rc7.
+Bugs:
+upstream: released (5.13-rc5) [944d671d5faa0d78980a3da5c0f04960ef1ad893]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47126 b/active/CVE-2021-47126
new file mode 100644
index 00000000..7469aed5
--- /dev/null
+++ b/active/CVE-2021-47126
@@ -0,0 +1,18 @@
+Description: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions
+References:
+Notes:
+ carnil> Introduced in f88d8ea67fbdb ("ipv6: Plumb support for nexthop object in a
+ carnil> fib6_info")
+ carnil> 706ec91916462 ("ipv6: Fix nexthop refcnt leak when creating ipv6 route info").
+ carnil> Vulnerable versions: 5.3-rc1 5.4.58 5.7.15 5.8.
+Bugs:
+upstream: released (5.13-rc5) [821bbf79fe46a8b1d18aa456e8ed0a3c208c3754]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [09870235827451409ff546b073d754a19fd17e2e]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47127 b/active/CVE-2021-47127
new file mode 100644
index 00000000..db6c7394
--- /dev/null
+++ b/active/CVE-2021-47127
@@ -0,0 +1,16 @@
+Description: ice: track AF_XDP ZC enabled queues in bitmap
+References:
+Notes:
+ carnil> Introduced in c7a219048e45 ("ice: Remove xsk_buff_pool from VSI structure").
+ carnil> Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc5) [e102db780e1c14f10c70dafa7684af22a745b51d]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47128 b/active/CVE-2021-47128
new file mode 100644
index 00000000..529b4471
--- /dev/null
+++ b/active/CVE-2021-47128
@@ -0,0 +1,16 @@
+Description: bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks
+References:
+Notes:
+ carnil> Introduced in 59438b46471a ("security,lockdown,selinux: implement SELinux
+ carnil> lockdown"). Vulnerable versions: 5.6-rc1.
+Bugs:
+upstream: released (5.13-rc5) [ff40e51043af63715ab413995ff46996ecf9583f]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [ff5039ec75c83d2ed5b781dc7733420ee8c985fc]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47129 b/active/CVE-2021-47129
new file mode 100644
index 00000000..f9838405
--- /dev/null
+++ b/active/CVE-2021-47129
@@ -0,0 +1,16 @@
+Description: netfilter: nft_ct: skip expectations for confirmed conntrack
+References:
+Notes:
+ carnil> Introduced in 857b46027d6f ("netfilter: nft_ct: add ct expectations support").
+ carnil> Vulnerable versions: 5.3-rc1.
+Bugs:
+upstream: released (5.13-rc5) [1710eb913bdcda3917f44d383c32de6bdabfc836]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [5f3429c05e4028a0e241afdad856dd15dec2ffb9]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47130 b/active/CVE-2021-47130
new file mode 100644
index 00000000..ee2d4af1
--- /dev/null
+++ b/active/CVE-2021-47130
@@ -0,0 +1,16 @@
+Description: nvmet: fix freeing unallocated p2pmem
+References:
+Notes:
+ carnil> Introduced in c6e3f1339812 ("nvmet: add metadata support for block devices").
+ carnil> Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (5.13-rc5) [bcd9a0797d73eeff659582f23277e7ab6e5f18f3]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [c440cd080761b18a52cac20f2a42e5da1e3995af]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47131 b/active/CVE-2021-47131
new file mode 100644
index 00000000..15370f22
--- /dev/null
+++ b/active/CVE-2021-47131
@@ -0,0 +1,16 @@
+Description: net/tls: Fix use-after-free after the TLS device goes down and up
+References:
+Notes:
+ carnil> Introduced in e8f69799810c ("net/tls: Add generic NIC offload infrastructure").
+ carnil> Vulnerable versions: 4.18-rc1.
+Bugs:
+upstream: released (5.13-rc5) [c55dcdd435aa6c6ad6ccac0a4c636d010ee367a4]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [f1d4184f128dede82a59a841658ed40d4e6d3aa2]
+4.19-upstream-stable: needed
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47132 b/active/CVE-2021-47132
new file mode 100644
index 00000000..bf34c4f8
--- /dev/null
+++ b/active/CVE-2021-47132
@@ -0,0 +1,16 @@
+Description: mptcp: fix sk_forward_memory corruption on retransmission
+References:
+Notes:
+ carnil> Introduced in 64b9cea7a0af ("mptcp: fix spurious retransmissions"). Vulnerable
+ carnil> versions: 5.11.4 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc5) [b5941f066b4ca331db225a976dae1d6ca8cf0ae3]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47133 b/active/CVE-2021-47133
new file mode 100644
index 00000000..4a78e032
--- /dev/null
+++ b/active/CVE-2021-47133
@@ -0,0 +1,16 @@
+Description: HID: amd_sfh: Fix memory leak in amd_sfh_work
+References:
+Notes:
+ carnil> Introduced in 4b2c53d93a4b ("SFH:Transport Driver to add support of AMD Sensor
+ carnil> Fusion Hub (SFH)"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.13-rc5) [5ad755fd2b326aa2bc8910b0eb351ee6aece21b1]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47134 b/active/CVE-2021-47134
new file mode 100644
index 00000000..8958a6f6
--- /dev/null
+++ b/active/CVE-2021-47134
@@ -0,0 +1,16 @@
+Description: efi/fdt: fix panic when no valid fdt found
+References:
+Notes:
+ carnil> Introduced in b91540d52a08b ("RISC-V: Add EFI runtime services"). Vulnerable
+ carnil> versions: 5.10-rc1.
+Bugs:
+upstream: released (5.13-rc5) [668a84c1bfb2b3fd5a10847825a854d63fac7baa]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.43) [5148066edbdc89c6fe5bc419c31a5c22e5f83bdb]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.46-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47135 b/active/CVE-2021-47135
new file mode 100644
index 00000000..8aece323
--- /dev/null
+++ b/active/CVE-2021-47135
@@ -0,0 +1,16 @@
+Description: mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report
+References:
+Notes:
+ carnil> Introduced in 1c099ab44727c ("mt76: mt7921: add MCU support"). Vulnerable
+ carnil> versions: 5.12-rc1.
+Bugs:
+upstream: released (5.13-rc5) [d874e6c06952382897d35bf4094193cd44ae91bd]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"

© 2014-2024 Faster IT GmbH | imprint | privacy policy