From 46d3ff7af9c8962aaec313a06051e2dec3c91393 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Wed, 27 Mar 2024 16:17:18 +0100 Subject: Add two new assigned CVEs --- active/CVE-2024-26651 | 16 ++++++++++++++++ active/CVE-2024-26652 | 16 ++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 active/CVE-2024-26651 create mode 100644 active/CVE-2024-26652 diff --git a/active/CVE-2024-26651 b/active/CVE-2024-26651 new file mode 100644 index 00000000..5b8b8f51 --- /dev/null +++ b/active/CVE-2024-26651 @@ -0,0 +1,16 @@ +Description: sr9800: Add check for usbnet_get_endpoints +References: +Notes: + carnil> Introduced in 19a38d8e0aa3 ("USB2NET : SR9800 : One chip USB2.0 USB2NET SR9800 + carnil> Device Driver Support"). Vulnerable versions: 3.14-rc3. +Bugs: +upstream: released (6.9-rc1) [07161b2416f740a2cb87faa5566873f401440a61] +6.7-upstream-stable: released (6.7.11) [efba65777f98457773c5b65e3135c6132d3b015f] +6.6-upstream-stable: released (6.6.23) [e39a3a14eafcf17f03c037290b78c8f483529028] +6.1-upstream-stable: released (6.1.83) [9c402819620a842cbfe39359a3ddfaac9adc8384] +5.10-upstream-stable: released (5.10.214) [6b4a39acafaf0186ed8e97c16e0aa6fca0e52009] +4.19-upstream-stable: released (4.19.311) [424eba06ed405d557077339edb19ce0ebe39e7c7] +sid: needed +6.1-bookworm-security: needed +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-26652 b/active/CVE-2024-26652 new file mode 100644 index 00000000..be76ef1d --- /dev/null +++ b/active/CVE-2024-26652 @@ -0,0 +1,16 @@ +Description: net: pds_core: Fix possible double free in error handling path +References: +Notes: + carnil> Introduced in 4569cce43bc6 ("pds_core: add auxiliary_bus devices"). Vulnerable + carnil> versions: 6.4-rc1. +Bugs: +upstream: released (6.8) [ba18deddd6d502da71fd6b6143c53042271b82bd] +6.7-upstream-stable: released (6.7.10) [ffda0e962f270b3ec937660afd15b685263232d3] +6.6-upstream-stable: released (6.6.22) [995f802abff209514ac2ee03b96224237646cec3] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: needed +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" -- cgit v1.2.3