From 62443b3b9228f7a245451d0f5edd1b85020968f8 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Mon, 25 Mar 2024 20:48:33 +0100 Subject: Add new batch of CVEs --- active/CVE-2021-47136 | 18 ++++++++++++++++++ active/CVE-2021-47137 | 16 ++++++++++++++++ active/CVE-2021-47138 | 16 ++++++++++++++++ active/CVE-2021-47139 | 16 ++++++++++++++++ active/CVE-2021-47140 | 16 ++++++++++++++++ active/CVE-2021-47141 | 16 ++++++++++++++++ active/CVE-2021-47142 | 15 +++++++++++++++ active/CVE-2021-47143 | 16 ++++++++++++++++ active/CVE-2021-47144 | 15 +++++++++++++++ active/CVE-2021-47145 | 15 +++++++++++++++ active/CVE-2021-47146 | 16 ++++++++++++++++ active/CVE-2021-47147 | 16 ++++++++++++++++ active/CVE-2021-47148 | 16 ++++++++++++++++ active/CVE-2021-47149 | 15 +++++++++++++++ active/CVE-2021-47150 | 16 ++++++++++++++++ active/CVE-2021-47151 | 16 ++++++++++++++++ active/CVE-2021-47152 | 16 ++++++++++++++++ active/CVE-2021-47153 | 16 ++++++++++++++++ active/CVE-2021-47158 | 18 ++++++++++++++++++ active/CVE-2021-47159 | 16 ++++++++++++++++ active/CVE-2021-47160 | 16 ++++++++++++++++ active/CVE-2021-47161 | 16 ++++++++++++++++ active/CVE-2021-47162 | 16 ++++++++++++++++ active/CVE-2021-47163 | 16 ++++++++++++++++ active/CVE-2021-47164 | 16 ++++++++++++++++ active/CVE-2021-47165 | 16 ++++++++++++++++ active/CVE-2021-47166 | 16 ++++++++++++++++ active/CVE-2021-47167 | 16 ++++++++++++++++ active/CVE-2021-47168 | 16 ++++++++++++++++ active/CVE-2021-47169 | 15 +++++++++++++++ active/CVE-2021-47170 | 15 +++++++++++++++ active/CVE-2021-47171 | 17 +++++++++++++++++ active/CVE-2021-47172 | 16 ++++++++++++++++ active/CVE-2021-47173 | 16 ++++++++++++++++ active/CVE-2021-47174 | 16 ++++++++++++++++ active/CVE-2021-47175 | 16 ++++++++++++++++ active/CVE-2021-47176 | 16 ++++++++++++++++ active/CVE-2021-47177 | 16 ++++++++++++++++ active/CVE-2021-47178 | 20 ++++++++++++++++++++ active/CVE-2021-47179 | 17 +++++++++++++++++ active/CVE-2021-47180 | 16 ++++++++++++++++ 41 files changed, 660 insertions(+) create mode 100644 active/CVE-2021-47136 create mode 100644 active/CVE-2021-47137 create mode 100644 active/CVE-2021-47138 create mode 100644 active/CVE-2021-47139 create mode 100644 active/CVE-2021-47140 create mode 100644 active/CVE-2021-47141 create mode 100644 active/CVE-2021-47142 create mode 100644 active/CVE-2021-47143 create mode 100644 active/CVE-2021-47144 create mode 100644 active/CVE-2021-47145 create mode 100644 active/CVE-2021-47146 create mode 100644 active/CVE-2021-47147 create mode 100644 active/CVE-2021-47148 create mode 100644 active/CVE-2021-47149 create mode 100644 active/CVE-2021-47150 create mode 100644 active/CVE-2021-47151 create mode 100644 active/CVE-2021-47152 create mode 100644 active/CVE-2021-47153 create mode 100644 active/CVE-2021-47158 create mode 100644 active/CVE-2021-47159 create mode 100644 active/CVE-2021-47160 create mode 100644 active/CVE-2021-47161 create mode 100644 active/CVE-2021-47162 create mode 100644 active/CVE-2021-47163 create mode 100644 active/CVE-2021-47164 create mode 100644 active/CVE-2021-47165 create mode 100644 active/CVE-2021-47166 create mode 100644 active/CVE-2021-47167 create mode 100644 active/CVE-2021-47168 create mode 100644 active/CVE-2021-47169 create mode 100644 active/CVE-2021-47170 create mode 100644 active/CVE-2021-47171 create mode 100644 active/CVE-2021-47172 create mode 100644 active/CVE-2021-47173 create mode 100644 active/CVE-2021-47174 create mode 100644 active/CVE-2021-47175 create mode 100644 active/CVE-2021-47176 create mode 100644 active/CVE-2021-47177 create mode 100644 active/CVE-2021-47178 create mode 100644 active/CVE-2021-47179 create mode 100644 active/CVE-2021-47180 diff --git a/active/CVE-2021-47136 b/active/CVE-2021-47136 new file mode 100644 index 00000000..d2e8a29c --- /dev/null +++ b/active/CVE-2021-47136 @@ -0,0 +1,18 @@ +Description: net: zero-initialize tc skb extension on allocation +References: +Notes: + carnil> Introduced in 038ebb1a713d ("net/sched: act_ct: fix miss set mru for ovs after + carnil> defrag in act_ct") + carnil> d29334c15d33 ("net/sched: act_api: fix miss set post_ct for ovs after do + carnil> conntrack in act_ct"). Vulnerable versions: 5.7.15 5.9-rc1 5.12-rc5. +Bugs: +upstream: released (5.13-rc4) [9453d45ecb6c2199d72e73c993e9d98677a2801b] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [ac493452e937b8939eaf2d24cac51a4804b6c20e] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47137 b/active/CVE-2021-47137 new file mode 100644 index 00000000..60a7a4e1 --- /dev/null +++ b/active/CVE-2021-47137 @@ -0,0 +1,16 @@ +Description: net: lantiq: fix memory corruption in RX ring +References: +Notes: + carnil> Introduced in fe1a56420cf2 ("net: lantiq: Add Lantiq / Intel VRX200 Ethernet + carnil> driver "). Vulnerable versions: 4.20-rc1. +Bugs: +upstream: released (5.13-rc4) [c7718ee96dbc2f9c5fc3b578abdf296dd44b9c20] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [5ac72351655f8b033a2935646f53b7465c903418] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47138 b/active/CVE-2021-47138 new file mode 100644 index 00000000..f9ac6665 --- /dev/null +++ b/active/CVE-2021-47138 @@ -0,0 +1,16 @@ +Description: cxgb4: avoid accessing registers when clearing filters +References: +Notes: + carnil> Introduced in b1a79360ee86 ("cxgb4: Delete all hash and TCAM filters before + carnil> resource cleanup"). Vulnerable versions: 5.2-rc1. +Bugs: +upstream: released (5.13-rc4) [88c380df84fbd03f9b137c2b9d0a44b9f2f553b0] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [02f03883fdb10ad7e66717c70ea163a8d27ae6e7] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47139 b/active/CVE-2021-47139 new file mode 100644 index 00000000..cc3aba9d --- /dev/null +++ b/active/CVE-2021-47139 @@ -0,0 +1,16 @@ +Description: net: hns3: put off calling register_netdev() until client initialize complete +References: +Notes: + carnil> Introduced in 08a100689d4b ("net: hns3: re-organize vector handle"). Vulnerable + carnil> versions: 5.6-rc1. +Bugs: +upstream: released (5.13-rc4) [a289a7e5c1d49b7d47df9913c1cc81fb48fab613] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [a663c1e418a3b5b8e8edfad4bc8e7278c312d6fc] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47140 b/active/CVE-2021-47140 new file mode 100644 index 00000000..1b26ce39 --- /dev/null +++ b/active/CVE-2021-47140 @@ -0,0 +1,16 @@ +Description: iommu/amd: Clear DMA ops when switching domain +References: +Notes: + carnil> Introduced in 08a27c1c3ecf ("iommu: Add support to change default domain of an + carnil> iommu group"). Vulnerable versions: 5.11-rc1. +Bugs: +upstream: released (5.13-rc4) [d6177a6556f853785867e2ec6d5b7f4906f0d809] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47141 b/active/CVE-2021-47141 new file mode 100644 index 00000000..a520a37d --- /dev/null +++ b/active/CVE-2021-47141 @@ -0,0 +1,16 @@ +Description: gve: Add NULL pointer checks when freeing irqs. +References: +Notes: + carnil> Introduced in 893ce44df565 ("gve: Add basic driver framework for Compute Engine + carnil> Virtual NIC"). Vulnerable versions: 5.3-rc1. +Bugs: +upstream: released (5.13-rc4) [5218e919c8d06279884aa0baf76778a6817d5b93] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [da21a35c00ff1a1794d4f166d3b3fa8db4d0f6fb] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47142 b/active/CVE-2021-47142 new file mode 100644 index 00000000..f7a40fe7 --- /dev/null +++ b/active/CVE-2021-47142 @@ -0,0 +1,15 @@ +Description: drm/amdgpu: Fix a use-after-free +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (5.13-rc3) [1e5c37385097c35911b0f8a0c67ffd10ee1af9a2] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [f98cdf084405333ee2f5be548a91b2d168e49276] +4.19-upstream-stable: released (4.19.193) [a849e218556f932576c0fb1c5a88714b61709a17] +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47143 b/active/CVE-2021-47143 new file mode 100644 index 00000000..c4627432 --- /dev/null +++ b/active/CVE-2021-47143 @@ -0,0 +1,16 @@ +Description: net/smc: remove device from smcd_dev_list after failed device_add() +References: +Notes: + carnil> Introduced in c6ba7c9ba43d ("net/smc: add base infrastructure for SMC-D and + carnil> ISM"). Vulnerable versions: 4.19-rc1. +Bugs: +upstream: released (5.13-rc4) [444d7be9532dcfda8e0385226c862fd7e986f607] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [8b2cdc004d21a7255f219706dca64411108f7897] +4.19-upstream-stable: needed +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: needed diff --git a/active/CVE-2021-47144 b/active/CVE-2021-47144 new file mode 100644 index 00000000..10e65ecd --- /dev/null +++ b/active/CVE-2021-47144 @@ -0,0 +1,15 @@ +Description: drm/amd/amdgpu: fix refcount leak +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (5.13-rc3) [fa7e6abc75f3d491bc561734312d065dc9dc2a77] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [9fdb8ed37a3a44f9c49372b69f87fd5f61cb3240] +4.19-upstream-stable: released (4.19.193) [599e5d61ace952b0bb9bd942b198bbd0cfded1d7] +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47145 b/active/CVE-2021-47145 new file mode 100644 index 00000000..e94f00c4 --- /dev/null +++ b/active/CVE-2021-47145 @@ -0,0 +1,15 @@ +Description: btrfs: do not BUG_ON in link_to_fixup_dir +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (5.13-rc3) [91df99a6eb50d5a1bc70fff4a09a0b7ae6aab96d] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [7e13db503918820e6333811cdc6f151dcea5090a] +4.19-upstream-stable: released (4.19.193) [6eccfb28f8dca70c9b1b3bb3194ca54cbe73a9fa] +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47146 b/active/CVE-2021-47146 new file mode 100644 index 00000000..b2eada1e --- /dev/null +++ b/active/CVE-2021-47146 @@ -0,0 +1,16 @@ +Description: mld: fix panic in mld_newpack() +References: +Notes: + carnil> Introduced in 72e09ad107e7 ("ipv6: avoid high order allocations"). Vulnerable + carnil> versions: 2.6.35-rc3. +Bugs: +upstream: released (5.13-rc4) [020ef930b826d21c5446fdc9db80fd72a791bc21] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [beb39adb150f8f3b516ddf7c39835a9788704d23] +4.19-upstream-stable: released (4.19.193) [4b77ad9097067b31237eeeee0bf70f80849680a0] +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47147 b/active/CVE-2021-47147 new file mode 100644 index 00000000..c5cc5ffa --- /dev/null +++ b/active/CVE-2021-47147 @@ -0,0 +1,16 @@ +Description: ptp: ocp: Fix a resource leak in an error handling path +References: +Notes: + carnil> Introduced in a7e1abad13f3 ("ptp: Add clock driver for the OpenCompute + carnil> TimeCard."). Vulnerable versions: 5.11-rc1. +Bugs: +upstream: released (5.13-rc4) [9c1bb37f8cad5e2ee1933fa1da9a6baa7876a8e4] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47148 b/active/CVE-2021-47148 new file mode 100644 index 00000000..5df6864e --- /dev/null +++ b/active/CVE-2021-47148 @@ -0,0 +1,16 @@ +Description: octeontx2-pf: fix a buffer overflow in otx2_set_rxfh_context() +References: +Notes: + carnil> Introduced in 81a4362016e7 ("octeontx2-pf: Add RSS multi group support"). + carnil> Vulnerable versions: 5.12-rc1. +Bugs: +upstream: released (5.13-rc4) [e5cc361e21648b75f935f9571d4003aaee480214] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47149 b/active/CVE-2021-47149 new file mode 100644 index 00000000..b1b1ca41 --- /dev/null +++ b/active/CVE-2021-47149 @@ -0,0 +1,15 @@ +Description: net: fujitsu: fix potential null-ptr-deref +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (5.13-rc3) [52202be1cd996cde6e8969a128dc27ee45a7cb5e] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [71723a796ab7881f491d663c6cd94b29be5fba50] +4.19-upstream-stable: released (4.19.193) [7883d3895d0fbb0ba9bff0f8665f99974b45210f] +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47150 b/active/CVE-2021-47150 new file mode 100644 index 00000000..bd562813 --- /dev/null +++ b/active/CVE-2021-47150 @@ -0,0 +1,16 @@ +Description: net: fec: fix the potential memory leak in fec_enet_init() +References: +Notes: + carnil> Introduced in 59d0f7465644 ("net: fec: init multi queue date structure"). + carnil> Vulnerable versions: 3.18-rc1. +Bugs: +upstream: released (5.13-rc4) [619fee9eb13b5d29e4267cb394645608088c28a8] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [8ee7ef4a57a9e1228b6f345aaa70aa8951c7e9cd] +4.19-upstream-stable: released (4.19.193) [15102886bc8f5f29daaadf2d925591d564c17e9f] +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47151 b/active/CVE-2021-47151 new file mode 100644 index 00000000..cbb1acff --- /dev/null +++ b/active/CVE-2021-47151 @@ -0,0 +1,16 @@ +Description: interconnect: qcom: bcm-voter: add a missing of_node_put() +References: +Notes: + carnil> Introduced in 976daac4a1c5 ("interconnect: qcom: Consolidate interconnect RPMh + carnil> support"). Vulnerable versions: 5.7-rc1. +Bugs: +upstream: released (5.13-rc4) [a00593737f8bac2c9e97b696e7ff84a4446653e8] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [4e3cea8035b6f1b9055e69cc6ebf9fa4e50763ae] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47152 b/active/CVE-2021-47152 new file mode 100644 index 00000000..00fefcfc --- /dev/null +++ b/active/CVE-2021-47152 @@ -0,0 +1,16 @@ +Description: mptcp: fix data stream corruption +References: +Notes: + carnil> Introduced in 18b683bff89d ("mptcp: queue data for mptcp level + carnil> retransmission"). Vulnerable versions: 5.7-rc1. +Bugs: +upstream: released (5.13-rc4) [29249eac5225429b898f278230a6ca2baa1ae154] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [3267a061096efc91eda52c2a0c61ba76e46e4b34] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47153 b/active/CVE-2021-47153 new file mode 100644 index 00000000..993c17ba --- /dev/null +++ b/active/CVE-2021-47153 @@ -0,0 +1,16 @@ +Description: i2c: i801: Don't generate an interrupt on bus reset +References: +Notes: + carnil> Introduced in 636752bcb517 ("i2c-i801: Enable IRQ for SMBus transactions"). + carnil> Vulnerable versions: 3.6-rc1. +Bugs: +upstream: released (5.13-rc4) [e4d8716c3dcec47f1557024add24e1f3c09eb24b] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [b523feb7e8e44652f92f3babb953a976e7ccbbef] +4.19-upstream-stable: released (4.19.193) [c70e1ba2e7e65255a0ce004f531dd90dada97a8c] +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47158 b/active/CVE-2021-47158 new file mode 100644 index 00000000..cef78d31 --- /dev/null +++ b/active/CVE-2021-47158 @@ -0,0 +1,18 @@ +Description: net: dsa: sja1105: add error handling in sja1105_setup() +References: +Notes: + carnil> Introduced in 0a7bdbc23d8a ("net: dsa: sja1105: move devlink param code to + carnil> sja1105_devlink.c") + carnil> 8aa9ebccae87 ("net: dsa: Introduce driver for NXP SJA1105 5-port L2 switch"). + carnil> Vulnerable versions: 5.2-rc1 5.10-rc1. +Bugs: +upstream: released (5.13-rc4) [cec279a898a3b004411682f212215ccaea1cd0fb] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [dd8609f203448ca6d58ae71461208b3f6b0329b0] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47159 b/active/CVE-2021-47159 new file mode 100644 index 00000000..6893562f --- /dev/null +++ b/active/CVE-2021-47159 @@ -0,0 +1,16 @@ +Description: net: dsa: fix a crash if ->get_sset_count() fails +References: +Notes: + carnil> Introduced in badf3ada60ab ("net: dsa: Provide CPU port statistics to master + carnil> netdev"). Vulnerable versions: 4.7-rc1. +Bugs: +upstream: released (5.13-rc4) [a269333fa5c0c8e53c92b5a28a6076a28cde3e83] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [caff86f85512b8e0d9830e8b8b0dfe13c68ce5b6] +4.19-upstream-stable: released (4.19.193) [0f2cb08c57edefb0e7b5045e0e3e9980a3d3aa37] +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47160 b/active/CVE-2021-47160 new file mode 100644 index 00000000..ed97bcd9 --- /dev/null +++ b/active/CVE-2021-47160 @@ -0,0 +1,16 @@ +Description: net: dsa: mt7530: fix VLAN traffic leaks +References: +Notes: + carnil> Introduced in 83163f7dca56 ("net: dsa: mediatek: add VLAN support for MT7530"). + carnil> Vulnerable versions: 4.16-rc1. +Bugs: +upstream: released (5.13-rc4) [474a2ddaa192777522a7499784f1d60691cd831a] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [b91117b66fe875723a4e79ec6263526fffdb44d2] +4.19-upstream-stable: released (4.19.193) [ae389812733b1b1e8e07fcc238e41db166b5c78d] +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47161 b/active/CVE-2021-47161 new file mode 100644 index 00000000..adeb7427 --- /dev/null +++ b/active/CVE-2021-47161 @@ -0,0 +1,16 @@ +Description: spi: spi-fsl-dspi: Fix a resource leak in an error handling path +References: +Notes: + carnil> Introduced in 90ba37033cb9 ("spi: spi-fsl-dspi: Add DMA support for Vybrid"). + carnil> Vulnerable versions: 4.10-rc1. +Bugs: +upstream: released (5.13-rc4) [680ec0549a055eb464dce6ffb4bfb736ef87236e] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [fe6921e3b8451a537e01c031b8212366bb386e3e] +4.19-upstream-stable: released (4.19.199) [00450ed03a17143e2433b461a656ef9cd17c2f1d] +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: released (4.19.208-1) diff --git a/active/CVE-2021-47162 b/active/CVE-2021-47162 new file mode 100644 index 00000000..fe078ee1 --- /dev/null +++ b/active/CVE-2021-47162 @@ -0,0 +1,16 @@ +Description: tipc: skb_linearize the head skb when reassembling msgs +References: +Notes: + carnil> Introduced in 45c8b7b175ce ("tipc: allow non-linear first fragment buffer"). + carnil> Vulnerable versions: 4.1.14 4.2.7 4.3. +Bugs: +upstream: released (5.13-rc4) [b7df21cf1b79ab7026f545e7bf837bd5750ac026] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [6da24cfc83ba4f97ea44fc7ae9999a006101755c] +4.19-upstream-stable: released (4.19.193) [4b1761898861117c97066aea6c58f68a7787f0bf] +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47163 b/active/CVE-2021-47163 new file mode 100644 index 00000000..47c51c9a --- /dev/null +++ b/active/CVE-2021-47163 @@ -0,0 +1,16 @@ +Description: tipc: wait and exit until all work queues are done +References: +Notes: + carnil> Introduced in d0f91938bede ("tipc: add ip/udp media type"). Vulnerable + carnil> versions: 4.1-rc1. +Bugs: +upstream: released (5.13-rc4) [04c26faa51d1e2fe71cf13c45791f5174c37f986] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [5195ec5e365a2a9331bfeb585b613a6e94f98dba] +4.19-upstream-stable: needed +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: needed diff --git a/active/CVE-2021-47164 b/active/CVE-2021-47164 new file mode 100644 index 00000000..9d7688fd --- /dev/null +++ b/active/CVE-2021-47164 @@ -0,0 +1,16 @@ +Description: net/mlx5e: Fix null deref accessing lag dev +References: +Notes: + carnil> Introduced in 7e51891a237f ("net/mlx5e: Use netdev events to set/del egress acl + carnil> forward-to-vport rule"). Vulnerable versions: 5.8-rc1. +Bugs: +upstream: released (5.13-rc4) [83026d83186bc48bb41ee4872f339b83f31dfc55] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [2e4b0b95a489259f9d35a3db17023061f8f3d587] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47165 b/active/CVE-2021-47165 new file mode 100644 index 00000000..9c53fc7b --- /dev/null +++ b/active/CVE-2021-47165 @@ -0,0 +1,16 @@ +Description: drm/meson: fix shutdown crash when component not probed +References: +Notes: + carnil> Introduced in fa0c16caf3d7 ("drm: meson_drv add shutdown function"). Vulnerable + carnil> versions: 4.14.226 4.19.181 5.4.106 5.10.24 5.11.7 5.12-rc3. +Bugs: +upstream: released (5.13-rc4) [7cfc4ea78fc103ea51ecbacd9236abb5b1c490d2] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [d66083c0d6f5125a4d982aa177dd71ab4cd3d212] +4.19-upstream-stable: released (4.19.193) [e256a0eb43e17209e347409a80805b1659398d68] +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47166 b/active/CVE-2021-47166 new file mode 100644 index 00000000..391bf256 --- /dev/null +++ b/active/CVE-2021-47166 @@ -0,0 +1,16 @@ +Description: NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() +References: +Notes: + carnil> Introduced in a7d42ddb3099 ("nfs: add mirroring support to pgio layer"). + carnil> Vulnerable versions: 4.0-rc1 4.1.52 4.4.124 4.9.90. +Bugs: +upstream: released (5.13-rc4) [0d0ea309357dea0d85a82815f02157eb7fcda39f] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [7087db95c0a06ab201b8ebfac6a7ec1e34257997] +4.19-upstream-stable: released (4.19.193) [40f139a6d50c232c0d1fd1c5e65a845c62db0ede] +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47167 b/active/CVE-2021-47167 new file mode 100644 index 00000000..0ed3fc82 --- /dev/null +++ b/active/CVE-2021-47167 @@ -0,0 +1,16 @@ +Description: NFS: Fix an Oopsable condition in __nfs_pageio_add_request() +References: +Notes: + carnil> Introduced in a7d42ddb3099 ("nfs: add mirroring support to pgio layer"). + carnil> Vulnerable versions: 4.0-rc1 4.1.52 4.4.124 4.9.90. +Bugs: +upstream: released (5.13-rc4) [56517ab958b7c11030e626250c00b9b1a24b41eb] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [ee21cd3aa8548e0cbc8c67a80b62113aedd2d101] +4.19-upstream-stable: needed +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: needed diff --git a/active/CVE-2021-47168 b/active/CVE-2021-47168 new file mode 100644 index 00000000..8b97c4cc --- /dev/null +++ b/active/CVE-2021-47168 @@ -0,0 +1,16 @@ +Description: NFS: fix an incorrect limit in filelayout_decode_layout() +References: +Notes: + carnil> Introduced in 16b374ca439f ("NFSv4.1: pnfs: filelayout: add driver's LAYOUTGET + carnil> and GETDEVICEINFO infrastructure"). Vulnerable versions: 2.6.37-rc1. +Bugs: +upstream: released (5.13-rc4) [769b01ea68b6c49dc3cde6adf7e53927dacbd3a8] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [9b367fe770b1b80d7bf64ed0d177544a44405f6e] +4.19-upstream-stable: released (4.19.193) [945ebef997227ca8c20bad7f8a8358c8ee57a84a] +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47169 b/active/CVE-2021-47169 new file mode 100644 index 00000000..54ce9fb6 --- /dev/null +++ b/active/CVE-2021-47169 @@ -0,0 +1,15 @@ +Description: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (5.13-rc4) [016002848c82eeb5d460489ce392d91fe18c475c] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [6a931ceb0b9401fe18d0c500e08164bf9cc7be4b] +4.19-upstream-stable: released (4.19.193) [35265552c7fe9553c75e324c80f45e28ff14eb6e] +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47170 b/active/CVE-2021-47170 new file mode 100644 index 00000000..65b51338 --- /dev/null +++ b/active/CVE-2021-47170 @@ -0,0 +1,15 @@ +Description: USB: usbfs: Don't WARN about excessively large memory allocations +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (5.13-rc4) [4f2629ea67e7225c3fd292c7fe4f5b3c9d6392de] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [8d83f109e920d2776991fa142bb904d985dca2ed] +4.19-upstream-stable: released (4.19.193) [2ab21d6e1411999b5fb43434f421f00bf50002eb] +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47171 b/active/CVE-2021-47171 new file mode 100644 index 00000000..f69056a3 --- /dev/null +++ b/active/CVE-2021-47171 @@ -0,0 +1,17 @@ +Description: net: usb: fix memory leak in smsc75xx_bind +References: +Notes: + carnil> Introduced in d0cad871703b ("smsc75xx: SMSC LAN75xx USB gigabit ethernet + carnil> adapter driver"). Vulnerable versions: 2.6.34-rc2 3.16.61 3.18.120 4.4.152 + carnil> 4.9.124 4.14.67 4.17.19. +Bugs: +upstream: released (5.13-rc4) [46a8b29c6306d8bbfd92b614ef65a47c900d8e70] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [635ac38b36255d3cfb8312cf7c471334f4d537e0] +4.19-upstream-stable: released (4.19.193) [9e6a3eccb28779710cbbafc4f4258d92509c6d07] +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47172 b/active/CVE-2021-47172 new file mode 100644 index 00000000..def6a22a --- /dev/null +++ b/active/CVE-2021-47172 @@ -0,0 +1,16 @@ +Description: iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers +References: +Notes: + carnil> Introduced in d7857e4ee1ba6 ("iio: adc: ad7124: Fix DT channel configuration"). + carnil> Vulnerable versions: 5.4.14 5.5-rc7. +Bugs: +upstream: released (5.13-rc4) [f2a772c51206b0c3f262e4f6a3812c89a650191b] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [f70122825076117787b91e7f219e21c09f11a5b9] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47173 b/active/CVE-2021-47173 new file mode 100644 index 00000000..7d6b3624 --- /dev/null +++ b/active/CVE-2021-47173 @@ -0,0 +1,16 @@ +Description: misc/uss720: fix memory leak in uss720_probe +References: +Notes: + carnil> Introduced in 0f36163d3abe ("[PATCH] usb: fix uss720 schedule with interrupts + carnil> off"). Vulnerable versions: 2.6.14-rc1. +Bugs: +upstream: released (5.13-rc4) [dcb4b8ad6a448532d8b681b5d1a7036210b622de] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [5394ae9d8c7961dd93807fdf1b12a1dde96b0a55] +4.19-upstream-stable: released (4.19.193) [386918878ce4cd676e4607233866e03c9399a46a] +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47174 b/active/CVE-2021-47174 new file mode 100644 index 00000000..95f78369 --- /dev/null +++ b/active/CVE-2021-47174 @@ -0,0 +1,16 @@ +Description: netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version +References: +Notes: + carnil> Introduced in 7400b063969b ("nft_set_pipapo: Introduce AVX2-based lookup + carnil> implementation"). Vulnerable versions: 5.7-rc1. +Bugs: +upstream: released (5.13-rc4) [f0b3d338064e1fe7531f0d2977e35f3b334abfb4] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [b1f45a26bd322525c14edd9504f6d46dfad679a4] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47175 b/active/CVE-2021-47175 new file mode 100644 index 00000000..4a578144 --- /dev/null +++ b/active/CVE-2021-47175 @@ -0,0 +1,16 @@ +Description: net/sched: fq_pie: fix OOB access in the traffic path +References: +Notes: + carnil> Introduced in ec97ecf1ebe4 ("net: sched: add Flow Queue PIE packet scheduler"). + carnil> Vulnerable versions: 5.6-rc1. +Bugs: +upstream: released (5.13-rc4) [e70f7a11876a1a788ceadf75e9e5f7af2c868680] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [e6294c06e7c62ffdd5bf3df696d3a4fcbb753d3c] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47176 b/active/CVE-2021-47176 new file mode 100644 index 00000000..5fee9edd --- /dev/null +++ b/active/CVE-2021-47176 @@ -0,0 +1,16 @@ +Description: s390/dasd: add missing discipline function +References: +Notes: + carnil> Introduced in b72949328869 ("s390/dasd: Prepare for additional path event + carnil> handling"). Vulnerable versions: 5.4.235 5.10.173 5.11-rc1. +Bugs: +upstream: released (5.13-rc4) [c0c8a8397fa8a74d04915f4d3d28cb4a5d401427] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.175) [aa8579bc084673c651204f7cd0d6308a47dffc16] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.178-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47177 b/active/CVE-2021-47177 new file mode 100644 index 00000000..ca669707 --- /dev/null +++ b/active/CVE-2021-47177 @@ -0,0 +1,16 @@ +Description: iommu/vt-d: Fix sysfs leak in alloc_iommu() +References: +Notes: + carnil> Introduced in 39ab9555c2411 ("iommu: Add sysfs bindings for struct + carnil> iommu_device"). Vulnerable versions: 4.11-rc1. +Bugs: +upstream: released (5.13-rc4) [0ee74d5a48635c848c20f152d0d488bf84641304] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [f01134321d04f47c718bb41b799bcdeda27873d2] +4.19-upstream-stable: released (4.19.193) [2ec5e9bb6b0560c90d315559c28a99723c80b996] +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47178 b/active/CVE-2021-47178 new file mode 100644 index 00000000..3a0a73ff --- /dev/null +++ b/active/CVE-2021-47178 @@ -0,0 +1,20 @@ +Description: scsi: target: core: Avoid smp_processor_id() in preemptible code +References: +Notes: + carnil> Introduced in 1526d9f10c61 ("scsi: target: Make state_list per CPU"). + carnil> Vulnerable versions: 5.10.180 5.11-rc1. + carnil> Technically N/A for sid branch as no released version in unstable + carnil> was ever affected. But the issue was backported in the 5.10.y series. + carnil> As wokraround for the security-tracker import mark the unstable + carnil> 5.14.6-1 as the fixed one. +Bugs: +upstream: released (5.13-rc4) [70ca3c57ff914113f681e657634f7fbfa68e1ad1] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: needed +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: needed +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47179 b/active/CVE-2021-47179 new file mode 100644 index 00000000..68fe90c7 --- /dev/null +++ b/active/CVE-2021-47179 @@ -0,0 +1,17 @@ +Description: NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() +References: +Notes: + carnil> Introduced in de144ff4234f ("NFSv4: Don't discard segments marked for return in + carnil> _pnfs_return_layout()"). Vulnerable versions: 4.9.269 4.14.233 4.19.191 5.4.118 + carnil> 5.10.36 5.11.20 5.12.3 5.13-rc1. +Bugs: +upstream: released (5.13-rc4) [a421d218603ffa822a0b8045055c03eae394a7eb] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.42) [f9890652185b72b8de9ebeb4406037640b6e1b53] +4.19-upstream-stable: released (4.19.193) [39785761feadf261bc5101372b0b0bbaf6a94494] +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47180 b/active/CVE-2021-47180 new file mode 100644 index 00000000..68dfae55 --- /dev/null +++ b/active/CVE-2021-47180 @@ -0,0 +1,16 @@ +Description: NFC: nci: fix memory leak in nci_allocate_device +References: +Notes: + carnil> Introduced in 11f54f228643 ("NFC: nci: Add HCI over NCI protocol support"). + carnil> Vulnerable versions: 4.0-rc1. +Bugs: +upstream: released (5.13-rc4) [e0652f8bb44d6294eeeac06d703185357f25d50b] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.41) [b34cb7ac32cc8e5471dc773180ea9ae676b1a745] +4.19-upstream-stable: released (4.19.193) [0365701bc44e078682ee1224866a71897495c7ef] +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.46-1) +4.19-buster-security: released (4.19.194-1) -- cgit v1.2.3