From 64a38df8b392033c012ab5b8b6bf22aa84f652f8 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Fri, 15 Mar 2024 21:45:18 +0100 Subject: Add new batch of CVEs One source of problem for the automatic processing was the following manual fixup: - detection of N/A in case the version never affected a unstable released version and so the sid: field should be N/A "Vulnerable code not present" - The second manual fixup is where 5.14.6-1 was placed as fixed version for sid, as it should have been 5.10.46-1 as this is before the branching point. There is no such support of tracking branching points yet so it seems to cause fallouts on the recent CVEs assigned by importing the issues from the GSD. --- active/CVE-2021-47109 | 16 ++++++++++++++++ active/CVE-2021-47110 | 15 +++++++++++++++ active/CVE-2021-47111 | 16 ++++++++++++++++ active/CVE-2021-47112 | 15 +++++++++++++++ active/CVE-2021-47113 | 15 +++++++++++++++ active/CVE-2021-47114 | 15 +++++++++++++++ active/CVE-2021-47115 | 16 ++++++++++++++++ active/CVE-2021-47116 | 15 +++++++++++++++ active/CVE-2021-47117 | 15 +++++++++++++++ active/CVE-2021-47118 | 16 ++++++++++++++++ active/CVE-2021-47119 | 18 ++++++++++++++++++ active/CVE-2021-47120 | 16 ++++++++++++++++ active/CVE-2021-47121 | 16 ++++++++++++++++ active/CVE-2021-47122 | 16 ++++++++++++++++ active/CVE-2021-47123 | 16 ++++++++++++++++ active/CVE-2021-47124 | 16 ++++++++++++++++ active/CVE-2021-47125 | 16 ++++++++++++++++ active/CVE-2021-47126 | 18 ++++++++++++++++++ active/CVE-2021-47127 | 16 ++++++++++++++++ active/CVE-2021-47128 | 16 ++++++++++++++++ active/CVE-2021-47129 | 16 ++++++++++++++++ active/CVE-2021-47130 | 16 ++++++++++++++++ active/CVE-2021-47131 | 16 ++++++++++++++++ active/CVE-2021-47132 | 16 ++++++++++++++++ active/CVE-2021-47133 | 16 ++++++++++++++++ active/CVE-2021-47134 | 16 ++++++++++++++++ active/CVE-2021-47135 | 16 ++++++++++++++++ 27 files changed, 430 insertions(+) create mode 100644 active/CVE-2021-47109 create mode 100644 active/CVE-2021-47110 create mode 100644 active/CVE-2021-47111 create mode 100644 active/CVE-2021-47112 create mode 100644 active/CVE-2021-47113 create mode 100644 active/CVE-2021-47114 create mode 100644 active/CVE-2021-47115 create mode 100644 active/CVE-2021-47116 create mode 100644 active/CVE-2021-47117 create mode 100644 active/CVE-2021-47118 create mode 100644 active/CVE-2021-47119 create mode 100644 active/CVE-2021-47120 create mode 100644 active/CVE-2021-47121 create mode 100644 active/CVE-2021-47122 create mode 100644 active/CVE-2021-47123 create mode 100644 active/CVE-2021-47124 create mode 100644 active/CVE-2021-47125 create mode 100644 active/CVE-2021-47126 create mode 100644 active/CVE-2021-47127 create mode 100644 active/CVE-2021-47128 create mode 100644 active/CVE-2021-47129 create mode 100644 active/CVE-2021-47130 create mode 100644 active/CVE-2021-47131 create mode 100644 active/CVE-2021-47132 create mode 100644 active/CVE-2021-47133 create mode 100644 active/CVE-2021-47134 create mode 100644 active/CVE-2021-47135 diff --git a/active/CVE-2021-47109 b/active/CVE-2021-47109 new file mode 100644 index 00000000..54604371 --- /dev/null +++ b/active/CVE-2021-47109 @@ -0,0 +1,16 @@ +Description: neighbour: allow NUD_NOARP entries to be forced GCed +References: +Notes: + carnil> Introduced in 58956317c8de (neighbor: Improve garbage collection). Vulnerable + carnil> versions: 5.0-rc1. +Bugs: +upstream: released (5.13-rc7) [7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.43) [d17d47da59f726dc4c87caebda3a50333d7e2fd3] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.10.46-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47110 b/active/CVE-2021-47110 new file mode 100644 index 00000000..50bfadd1 --- /dev/null +++ b/active/CVE-2021-47110 @@ -0,0 +1,15 @@ +Description: x86/kvm: Disable kvmclock on all CPUs on shutdown +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (5.13-rc2) [c02027b5742b5aa804ef08a4a9db433295533046] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.43) [3b0becf8b1ecf642a9edaf4c9628ffc641e490d6] +4.19-upstream-stable: needed +sid: released (5.10.46-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: needed diff --git a/active/CVE-2021-47111 b/active/CVE-2021-47111 new file mode 100644 index 00000000..065a14aa --- /dev/null +++ b/active/CVE-2021-47111 @@ -0,0 +1,16 @@ +Description: xen-netback: take a reference to the RX task thread +References: +Notes: + carnil> Introduced in 2ac061ce97f4 ('xen/netback: cleanup init and deinit code'). + carnil> Vulnerable versions: 5.5-rc1. +Bugs: +upstream: released (5.13-rc6) [107866a8eb0b664675a260f1ba0655010fac1e08] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.43) [6b53db8c4c14b4e7256f058d202908b54a7b85b4] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.10.46-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47112 b/active/CVE-2021-47112 new file mode 100644 index 00000000..ddfb141c --- /dev/null +++ b/active/CVE-2021-47112 @@ -0,0 +1,15 @@ +Description: x86/kvm: Teardown PV features on boot CPU as well +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (5.13-rc2) [8b79feffeca28c5459458fe78676b081e87c93a4] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.43) [38b858da1c58ad46519a257764e059e663b59ff2] +4.19-upstream-stable: needed +sid: released (5.10.46-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: needed diff --git a/active/CVE-2021-47113 b/active/CVE-2021-47113 new file mode 100644 index 00000000..d5bccfcb --- /dev/null +++ b/active/CVE-2021-47113 @@ -0,0 +1,15 @@ +Description: btrfs: abort in rename_exchange if we fail to insert the second ref +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (5.13-rc5) [dc09ef3562726cd520c8338c1640872a60187af5] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.43) [0df50d47d17401f9f140dfbe752a65e5d72f9932] +4.19-upstream-stable: needed +sid: released (5.10.46-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: needed diff --git a/active/CVE-2021-47114 b/active/CVE-2021-47114 new file mode 100644 index 00000000..b40b06d4 --- /dev/null +++ b/active/CVE-2021-47114 @@ -0,0 +1,15 @@ +Description: ocfs2: fix data corruption by fallocate +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (5.13-rc5) [6bba4471f0cc1296fe3c2089b9e52442d3074b2e] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.43) [c8d5faee46242c3f33b8a71a4d7d52214785bfcc] +4.19-upstream-stable: released (4.19.194) [cec4e857ffaa8c447f51cd8ab4e72350077b6770] +sid: released (5.10.46-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47115 b/active/CVE-2021-47115 new file mode 100644 index 00000000..f3dcec9a --- /dev/null +++ b/active/CVE-2021-47115 @@ -0,0 +1,16 @@ +Description: nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect +References: +Notes: + carnil> Introduced in d646960f7986 ("NFC: Initial LLCP support"). Vulnerable versions: + carnil> 3.3-rc1. +Bugs: +upstream: released (5.13-rc5) [4ac06a1e013cf5fdd963317ffd3b968560f33bba] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.43) [48ee0db61c8299022ec88c79ad137f290196cac2] +4.19-upstream-stable: released (4.19.194) [93e4ac2a9979a9a4ecc158409ed9c3044dc0ae1f] +sid: released (5.10.46-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47116 b/active/CVE-2021-47116 new file mode 100644 index 00000000..a86673f5 --- /dev/null +++ b/active/CVE-2021-47116 @@ -0,0 +1,15 @@ +Description: ext4: fix memory leak in ext4_mb_init_backend on error path. +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (5.13-rc5) [a8867f4e3809050571c98de7a2d465aff5e4daf5] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.43) [2050c6e5b161e5e25ce3c420fef58b24fa388a49] +4.19-upstream-stable: needed +sid: released (5.10.46-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: needed diff --git a/active/CVE-2021-47117 b/active/CVE-2021-47117 new file mode 100644 index 00000000..83a24607 --- /dev/null +++ b/active/CVE-2021-47117 @@ -0,0 +1,15 @@ +Description: ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (5.13-rc5) [082cd4ec240b8734a82a89ffb890216ac98fec68] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.43) [d3b668b96ad3192c0581a248ae2f596cd054792a] +4.19-upstream-stable: released (4.19.194) [569496aa3776eea1ff0d49d0174ac1b7e861e107] +sid: released (5.10.46-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47118 b/active/CVE-2021-47118 new file mode 100644 index 00000000..210b07e5 --- /dev/null +++ b/active/CVE-2021-47118 @@ -0,0 +1,16 @@ +Description: pid: take a reference when initializing `cad_pid` +References: +Notes: + carnil> Introduced in 9ec52099e4b8678a ("[PATCH] replace cad_pid by a struct pid"). + carnil> Vulnerable versions: 2.6.19-rc1. +Bugs: +upstream: released (5.13-rc5) [0711f0d7050b9e07c44bc159bbc64ac0a1022c7f] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.43) [7178be006d495ffb741c329012da289b62dddfe6] +4.19-upstream-stable: released (4.19.194) [d106f05432e60f9f62d456ef017687f5c73cb414] +sid: released (5.10.46-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47119 b/active/CVE-2021-47119 new file mode 100644 index 00000000..7095baff --- /dev/null +++ b/active/CVE-2021-47119 @@ -0,0 +1,18 @@ +Description: ext4: fix memory leak in ext4_fill_super +References: +Notes: + carnil> Introduced in ce40733ce93d ("ext4: Check for return value from + carnil> sb_set_blocksize") + carnil> ac27a0ec112a ("ext4: initial copy of files from ext3"). Vulnerable versions: + carnil> 2.6.19-rc2 2.6.25-rc1. +Bugs: +upstream: released (5.13-rc5) [afd09b617db3786b6ef3dc43e28fe728cfea84df] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.43) [01d349a481f0591230300a9171330136f9159bcd] +4.19-upstream-stable: needed +sid: released (5.10.46-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: needed diff --git a/active/CVE-2021-47120 b/active/CVE-2021-47120 new file mode 100644 index 00000000..7ccb3f60 --- /dev/null +++ b/active/CVE-2021-47120 @@ -0,0 +1,16 @@ +Description: HID: magicmouse: fix NULL-deref on disconnect +References: +Notes: + carnil> Introduced in 9d7b18668956 ("HID: magicmouse: add support for Apple Magic + carnil> Trackpad 2"). Vulnerable versions: 4.20-rc1. +Bugs: +upstream: released (5.13-rc5) [4b4f6cecca446abcb686c6e6c451d4f1ec1a7497] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.43) [b5d013c4c76b276890135b5d32803c4c63924b77] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.10.46-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47121 b/active/CVE-2021-47121 new file mode 100644 index 00000000..62703df2 --- /dev/null +++ b/active/CVE-2021-47121 @@ -0,0 +1,16 @@ +Description: net: caif: fix memory leak in cfusbl_device_notify +References: +Notes: + carnil> Introduced in 7ad65bf68d70 ("caif: Add support for CAIF over CDC NCM USB + carnil> interface"). Vulnerable versions: 3.3-rc1. +Bugs: +upstream: released (5.13-rc5) [7f5d86669fa4d485523ddb1d212e0a2d90bd62bb] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.43) [46403c1f80b0d3f937ff9c4f5edc63bb64bc5051] +4.19-upstream-stable: released (4.19.194) [9ea0ab48e755d8f29fe89eb235fb86176fdb597f] +sid: released (5.10.46-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47122 b/active/CVE-2021-47122 new file mode 100644 index 00000000..6c9933cd --- /dev/null +++ b/active/CVE-2021-47122 @@ -0,0 +1,16 @@ +Description: net: caif: fix memory leak in caif_device_notify +References: +Notes: + carnil> Introduced in 7c18d2205ea7 ("caif: Restructure how link caif link layer + carnil> enroll"). Vulnerable versions: 3.3-rc1. +Bugs: +upstream: released (5.13-rc5) [b53558a950a89824938e9811eddfc8efcd94e1bb] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.43) [af2806345a37313f01b1c9f15e046745b8ee2daa] +4.19-upstream-stable: released (4.19.194) [3be863c11cab725add9fef4237ed4e232c3fc3bb] +sid: released (5.10.46-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47123 b/active/CVE-2021-47123 new file mode 100644 index 00000000..d1c163e4 --- /dev/null +++ b/active/CVE-2021-47123 @@ -0,0 +1,16 @@ +Description: io_uring: fix ltout double free on completion race +References: +Notes: + carnil> Introduced in 90cd7e424969d ("io_uring: track link timeout's master + carnil> explicitly"). Vulnerable versions: 5.11-rc1. +Bugs: +upstream: released (5.13-rc2) [447c19f3b5074409c794b350b10306e1da1ef4ba] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: N/A "Vulnerable code not present" +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47124 b/active/CVE-2021-47124 new file mode 100644 index 00000000..23c07b01 --- /dev/null +++ b/active/CVE-2021-47124 @@ -0,0 +1,16 @@ +Description: io_uring: fix link timeout refs +References: +Notes: + carnil> Introduced in 9ae1f8dd372e0 ("io_uring: fix inconsistent lock state"). + carnil> Vulnerable versions: 5.10.26 5.11.6 5.12-rc1. +Bugs: +upstream: released (5.13-rc2) [a298232ee6b9a1d5d732aa497ff8be0d45b5bd82] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.55) [6f5d7a45f58d3abe3a936de1441b8d6318f978ff] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.14.6-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: released (5.10.70-1) +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47125 b/active/CVE-2021-47125 new file mode 100644 index 00000000..202a0e78 --- /dev/null +++ b/active/CVE-2021-47125 @@ -0,0 +1,16 @@ +Description: sch_htb: fix refcount leak in htb_parent_to_leaf_offload +References: +Notes: + carnil> Introduced in ae81feb7338c ("sch_htb: fix null pointer dereference on a null + carnil> new_q"). Vulnerable versions: 5.12-rc7. +Bugs: +upstream: released (5.13-rc5) [944d671d5faa0d78980a3da5c0f04960ef1ad893] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: N/A "Vulnerable code not present" +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47126 b/active/CVE-2021-47126 new file mode 100644 index 00000000..7469aed5 --- /dev/null +++ b/active/CVE-2021-47126 @@ -0,0 +1,18 @@ +Description: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions +References: +Notes: + carnil> Introduced in f88d8ea67fbdb ("ipv6: Plumb support for nexthop object in a + carnil> fib6_info") + carnil> 706ec91916462 ("ipv6: Fix nexthop refcnt leak when creating ipv6 route info"). + carnil> Vulnerable versions: 5.3-rc1 5.4.58 5.7.15 5.8. +Bugs: +upstream: released (5.13-rc5) [821bbf79fe46a8b1d18aa456e8ed0a3c208c3754] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.43) [09870235827451409ff546b073d754a19fd17e2e] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.10.46-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47127 b/active/CVE-2021-47127 new file mode 100644 index 00000000..db6c7394 --- /dev/null +++ b/active/CVE-2021-47127 @@ -0,0 +1,16 @@ +Description: ice: track AF_XDP ZC enabled queues in bitmap +References: +Notes: + carnil> Introduced in c7a219048e45 ("ice: Remove xsk_buff_pool from VSI structure"). + carnil> Vulnerable versions: 5.12-rc1. +Bugs: +upstream: released (5.13-rc5) [e102db780e1c14f10c70dafa7684af22a745b51d] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: N/A "Vulnerable code not present" +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47128 b/active/CVE-2021-47128 new file mode 100644 index 00000000..529b4471 --- /dev/null +++ b/active/CVE-2021-47128 @@ -0,0 +1,16 @@ +Description: bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks +References: +Notes: + carnil> Introduced in 59438b46471a ("security,lockdown,selinux: implement SELinux + carnil> lockdown"). Vulnerable versions: 5.6-rc1. +Bugs: +upstream: released (5.13-rc5) [ff40e51043af63715ab413995ff46996ecf9583f] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.43) [ff5039ec75c83d2ed5b781dc7733420ee8c985fc] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.10.46-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47129 b/active/CVE-2021-47129 new file mode 100644 index 00000000..f9838405 --- /dev/null +++ b/active/CVE-2021-47129 @@ -0,0 +1,16 @@ +Description: netfilter: nft_ct: skip expectations for confirmed conntrack +References: +Notes: + carnil> Introduced in 857b46027d6f ("netfilter: nft_ct: add ct expectations support"). + carnil> Vulnerable versions: 5.3-rc1. +Bugs: +upstream: released (5.13-rc5) [1710eb913bdcda3917f44d383c32de6bdabfc836] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.43) [5f3429c05e4028a0e241afdad856dd15dec2ffb9] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.10.46-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47130 b/active/CVE-2021-47130 new file mode 100644 index 00000000..ee2d4af1 --- /dev/null +++ b/active/CVE-2021-47130 @@ -0,0 +1,16 @@ +Description: nvmet: fix freeing unallocated p2pmem +References: +Notes: + carnil> Introduced in c6e3f1339812 ("nvmet: add metadata support for block devices"). + carnil> Vulnerable versions: 5.8-rc1. +Bugs: +upstream: released (5.13-rc5) [bcd9a0797d73eeff659582f23277e7ab6e5f18f3] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.43) [c440cd080761b18a52cac20f2a42e5da1e3995af] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.10.46-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47131 b/active/CVE-2021-47131 new file mode 100644 index 00000000..15370f22 --- /dev/null +++ b/active/CVE-2021-47131 @@ -0,0 +1,16 @@ +Description: net/tls: Fix use-after-free after the TLS device goes down and up +References: +Notes: + carnil> Introduced in e8f69799810c ("net/tls: Add generic NIC offload infrastructure"). + carnil> Vulnerable versions: 4.18-rc1. +Bugs: +upstream: released (5.13-rc5) [c55dcdd435aa6c6ad6ccac0a4c636d010ee367a4] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.43) [f1d4184f128dede82a59a841658ed40d4e6d3aa2] +4.19-upstream-stable: needed +sid: released (5.10.46-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: needed diff --git a/active/CVE-2021-47132 b/active/CVE-2021-47132 new file mode 100644 index 00000000..bf34c4f8 --- /dev/null +++ b/active/CVE-2021-47132 @@ -0,0 +1,16 @@ +Description: mptcp: fix sk_forward_memory corruption on retransmission +References: +Notes: + carnil> Introduced in 64b9cea7a0af ("mptcp: fix spurious retransmissions"). Vulnerable + carnil> versions: 5.11.4 5.12-rc1. +Bugs: +upstream: released (5.13-rc5) [b5941f066b4ca331db225a976dae1d6ca8cf0ae3] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: N/A "Vulnerable code not present" +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47133 b/active/CVE-2021-47133 new file mode 100644 index 00000000..4a78e032 --- /dev/null +++ b/active/CVE-2021-47133 @@ -0,0 +1,16 @@ +Description: HID: amd_sfh: Fix memory leak in amd_sfh_work +References: +Notes: + carnil> Introduced in 4b2c53d93a4b ("SFH:Transport Driver to add support of AMD Sensor + carnil> Fusion Hub (SFH)"). Vulnerable versions: 5.11-rc1. +Bugs: +upstream: released (5.13-rc5) [5ad755fd2b326aa2bc8910b0eb351ee6aece21b1] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: N/A "Vulnerable code not present" +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47134 b/active/CVE-2021-47134 new file mode 100644 index 00000000..8958a6f6 --- /dev/null +++ b/active/CVE-2021-47134 @@ -0,0 +1,16 @@ +Description: efi/fdt: fix panic when no valid fdt found +References: +Notes: + carnil> Introduced in b91540d52a08b ("RISC-V: Add EFI runtime services"). Vulnerable + carnil> versions: 5.10-rc1. +Bugs: +upstream: released (5.13-rc5) [668a84c1bfb2b3fd5a10847825a854d63fac7baa] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.43) [5148066edbdc89c6fe5bc419c31a5c22e5f83bdb] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.10.46-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47135 b/active/CVE-2021-47135 new file mode 100644 index 00000000..8aece323 --- /dev/null +++ b/active/CVE-2021-47135 @@ -0,0 +1,16 @@ +Description: mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report +References: +Notes: + carnil> Introduced in 1c099ab44727c ("mt76: mt7921: add MCU support"). Vulnerable + carnil> versions: 5.12-rc1. +Bugs: +upstream: released (5.13-rc5) [d874e6c06952382897d35bf4094193cd44ae91bd] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: N/A "Vulnerable code not present" +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" -- cgit v1.2.3