diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2024-03-21 20:39:30 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2024-03-21 20:39:30 +0100 |
| commit | a49eb64f8bbcf0ee040d49ae323ac0220b23f7b4 (patch) | |
| tree | c5a261a889866e7544a5d4379b0af437dbcb08b6 | |
| parent | d0a39ddad221ca88bd6c2857510b6bfbc93b15b9 (diff) | |
Add new CVEs
| -rw-r--r-- | active/CVE-2023-52620 | 15 | ||||
| -rw-r--r-- | active/CVE-2024-26642 | 16 | ||||
| -rw-r--r-- | active/CVE-2024-26643 | 17 |
3 files changed, 48 insertions, 0 deletions
diff --git a/active/CVE-2023-52620 b/active/CVE-2023-52620 new file mode 100644 index 00000000..81f5ee41 --- /dev/null +++ b/active/CVE-2023-52620 @@ -0,0 +1,15 @@ +Description: netfilter: nf_tables: disallow timeout for anonymous sets +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (6.4) [e26d3009efda338f19016df4175f354a9bd0a4ab] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: released (6.1.81) [b7be6c737a179a76901c872f6b4c1d00552d9a1b] +5.10-upstream-stable: needed +4.19-upstream-stable: needed +sid: released (6.4.4-1) +6.1-bookworm-security: needed +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-26642 b/active/CVE-2024-26642 new file mode 100644 index 00000000..d5108d27 --- /dev/null +++ b/active/CVE-2024-26642 @@ -0,0 +1,16 @@ +Description: netfilter: nf_tables: disallow anonymous set with timeout flag +References: +Notes: + carnil> Introduced in 761da2935d6e ("netfilter: nf_tables: add set timeout API + carnil> support"). Vulnerable versions: 4.1-rc1. +Bugs: +upstream: released (6.8) [16603605b667b70da974bea8216c93e7db043bf1] +6.7-upstream-stable: needed +6.6-upstream-stable: needed +6.1-upstream-stable: needed +5.10-upstream-stable: needed +4.19-upstream-stable: needed +sid: needed +6.1-bookworm-security: needed +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-26643 b/active/CVE-2024-26643 new file mode 100644 index 00000000..c6bbee18 --- /dev/null +++ b/active/CVE-2024-26643 @@ -0,0 +1,17 @@ +Description: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout +References: +Notes: + carnil> Introduced in 5f68718b34a5 ("netfilter: nf_tables: GC transaction API to avoid + carnil> race with control plane"). Vulnerable versions: 5.4.262 5.10.198 5.15.134 + carnil> 6.1.56 6.4.11 6.5-rc6. +Bugs: +upstream: released (6.8) [552705a3650bbf46a22b1adedc1b04181490fc36] +6.7-upstream-stable: needed +6.6-upstream-stable: needed +6.1-upstream-stable: needed +5.10-upstream-stable: needed +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: needed +6.1-bookworm-security: needed +5.10-bullseye-security: needed +4.19-buster-security: N/A "Vulnerable code not present" |