From 7e1edb9178af8278e8c6dad575ef962f323c8fe8 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 26 Mar 2024 20:34:06 +0100
Subject: Add new batch of CVEs

---
 active/CVE-2023-52621 | 15 +++++++++++++++
 active/CVE-2023-52622 | 15 +++++++++++++++
 active/CVE-2023-52623 | 15 +++++++++++++++
 active/CVE-2023-52624 | 15 +++++++++++++++
 active/CVE-2023-52625 | 15 +++++++++++++++
 active/CVE-2023-52626 | 16 ++++++++++++++++
 active/CVE-2023-52627 | 16 ++++++++++++++++
 active/CVE-2024-26644 | 15 +++++++++++++++
 active/CVE-2024-26645 | 16 ++++++++++++++++
 active/CVE-2024-26646 | 15 +++++++++++++++
 active/CVE-2024-26647 | 15 +++++++++++++++
 active/CVE-2024-26648 | 15 +++++++++++++++
 active/CVE-2024-26649 | 16 ++++++++++++++++
 active/CVE-2024-26650 | 16 ++++++++++++++++
 14 files changed, 215 insertions(+)
 create mode 100644 active/CVE-2023-52621
 create mode 100644 active/CVE-2023-52622
 create mode 100644 active/CVE-2023-52623
 create mode 100644 active/CVE-2023-52624
 create mode 100644 active/CVE-2023-52625
 create mode 100644 active/CVE-2023-52626
 create mode 100644 active/CVE-2023-52627
 create mode 100644 active/CVE-2024-26644
 create mode 100644 active/CVE-2024-26645
 create mode 100644 active/CVE-2024-26646
 create mode 100644 active/CVE-2024-26647
 create mode 100644 active/CVE-2024-26648
 create mode 100644 active/CVE-2024-26649
 create mode 100644 active/CVE-2024-26650

diff --git a/active/CVE-2023-52621 b/active/CVE-2023-52621
new file mode 100644
index 00000000..1d40c898
--- /dev/null
+++ b/active/CVE-2023-52621
@@ -0,0 +1,15 @@
+Description: bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [169410eba271afc9f0fb476d996795aa26770c6d]
+6.7-upstream-stable: released (6.7.4) [c7f1b6146f4a46d727c0d046284c28b6882c6304]
+6.6-upstream-stable: released (6.6.16) [483cb92334cd7f1d5387dccc0ab5d595d27a669d]
+6.1-upstream-stable: released (6.1.77) [d6d6fe4bb105595118f12abeed4a7bdd450853f3]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52622 b/active/CVE-2023-52622
new file mode 100644
index 00000000..d0c76782
--- /dev/null
+++ b/active/CVE-2023-52622
@@ -0,0 +1,15 @@
+Description: ext4: avoid online resizing failures due to oversized flex bg
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [5d1935ac02ca5aee364a449a35e2977ea84509b0]
+6.7-upstream-stable: released (6.7.4) [dc3e0f55bec4410f3d74352c4a7c79f518088ee2]
+6.6-upstream-stable: released (6.6.16) [8b1413dbfe49646eda2c00c0f1144ee9d3368e0c]
+6.1-upstream-stable: released (6.1.77) [6d2cbf517dcabc093159cf138ad5712c9c7fa954]
+5.10-upstream-stable: released (5.10.210) [cfbbb3199e71b63fc26cee0ebff327c47128a1e8]
+4.19-upstream-stable: released (4.19.307) [cd1f93ca97a9136989f3bd2bf90696732a2ed644]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52623 b/active/CVE-2023-52623
new file mode 100644
index 00000000..e8c9bfed
--- /dev/null
+++ b/active/CVE-2023-52623
@@ -0,0 +1,15 @@
+Description: SUNRPC: Fix a suspicious RCU usage warning
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [31b62908693c90d4d07db597e685d9f25a120073]
+6.7-upstream-stable: released (6.7.4) [8f860c8407470baff2beb9982ad6b172c94f1d0a]
+6.6-upstream-stable: released (6.6.16) [69c7eeb4f622c2a28da965f970f982db171f3dc6]
+6.1-upstream-stable: released (6.1.77) [e8ca3e73301e23e8c0ac0ce2e6bac4545cd776e0]
+5.10-upstream-stable: released (5.10.210) [c430e6bb43955c6bf573665fcebf31694925b9f7]
+4.19-upstream-stable: released (4.19.307) [fece80a2a6718ed58487ce397285bb1b83a3e54e]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52624 b/active/CVE-2023-52624
new file mode 100644
index 00000000..85664e8e
--- /dev/null
+++ b/active/CVE-2023-52624
@@ -0,0 +1,15 @@
+Description: drm/amd/display: Wake DMCUB before executing GPINT commands
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [e5ffd1263dd5b44929c676171802e7b6af483f21]
+6.7-upstream-stable: released (6.7.3) [2ef98c6d753a744e333b7e34b9cf687040fba57d]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52625 b/active/CVE-2023-52625
new file mode 100644
index 00000000..06754870
--- /dev/null
+++ b/active/CVE-2023-52625
@@ -0,0 +1,15 @@
+Description: drm/amd/display: Refactor DMCUB enter/exit idle interface
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [8e57c06bf4b0f51a4d6958e15e1a99c9520d00fa]
+6.7-upstream-stable: released (6.7.3) [820c3870c491946a78950cdf961bf40e28c1025f]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52626 b/active/CVE-2023-52626
new file mode 100644
index 00000000..df266106
--- /dev/null
+++ b/active/CVE-2023-52626
@@ -0,0 +1,16 @@
+Description: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context
+References:
+Notes:
+ carnil> Introduced in 92214be5979c ("net/mlx5e: Update doorbell for port timestamping
+ carnil> CQ before the software counter"). Vulnerable versions: 6.5.13 6.6.3 6.7-rc2.
+Bugs:
+upstream: released (6.8-rc2) [3876638b2c7ebb2c9d181de1191db0de8cac143a]
+6.7-upstream-stable: released (6.7.3) [33cdeae8c6fb58cc445f859b67c014dc9f60b4e0]
+6.6-upstream-stable: released (6.6.15) [40e0d0746390c5b0c31144f4f1688d72f3f8d790]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-52627 b/active/CVE-2023-52627
new file mode 100644
index 00000000..4e03b9ce
--- /dev/null
+++ b/active/CVE-2023-52627
@@ -0,0 +1,16 @@
+Description: iio: adc: ad7091r: Allow users to configure device events
+References:
+Notes:
+ carnil> Introduced in ca69300173b6 ("iio: adc: Add support for AD7091R5 ADC").
+ carnil> Vulnerable versions: 5.6-rc1.
+Bugs:
+upstream: released (6.8-rc1) [020e71c7ffc25dfe29ed9be6c2d39af7bd7f661f]
+6.7-upstream-stable: released (6.7.3) [55aca2ce91a63740278502066beaddbd841af9c6]
+6.6-upstream-stable: released (6.6.15) [89c4e63324e208a23098f7fb15c00487cecbfed2]
+6.1-upstream-stable: released (6.1.76) [137568aa540a9f587c48ff7d4c51cdba08cfe9a4]
+5.10-upstream-stable: released (5.10.210) [1eba6f7ffa295a0eec098c107043074be7cc4ec5]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26644 b/active/CVE-2024-26644
new file mode 100644
index 00000000..cd5178bb
--- /dev/null
+++ b/active/CVE-2024-26644
@@ -0,0 +1,15 @@
+Description: btrfs: don't abort filesystem when attempting to snapshot deleted subvolume
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc2) [7081929ab2572920e94d70be3d332e5c9f97095a]
+6.7-upstream-stable: released (6.7.3) [d8680b722f0ff6d7a01ddacc1844e0d52354d6ff]
+6.6-upstream-stable: released (6.6.15) [ec794a7528199e1be6d47bec03f4755aa75df256]
+6.1-upstream-stable: released (6.1.76) [6e6bca99e8d88d989a7cde4c064abea552d5219b]
+5.10-upstream-stable: released (5.10.210) [2bdf872bcfe629a6202ffd6641615a8ed00e8464]
+4.19-upstream-stable: needed
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26645 b/active/CVE-2024-26645
new file mode 100644
index 00000000..b8375d40
--- /dev/null
+++ b/active/CVE-2024-26645
@@ -0,0 +1,16 @@
+Description: tracing: Ensure visibility when inserting an element into tracing_map
+References:
+Notes:
+ carnil> Introduced in c193707dde77 ("tracing: Remove code which merges duplicates").
+ carnil> Vulnerable versions: 4.17-rc1.
+Bugs:
+upstream: released (6.8-rc2) [2b44760609e9eaafc9d234a6883d042fc21132a7]
+6.7-upstream-stable: released (6.7.3) [bf4aeff7da85c3becd39fb73bac94122331c30fb]
+6.6-upstream-stable: released (6.6.15) [a1eebe76e187dbe11ca299f8dbb6e45d5b1889e7]
+6.1-upstream-stable: released (6.1.76) [f4f7e696db0274ff560482cc52eddbf0551d4b7a]
+5.10-upstream-stable: released (5.10.210) [ef70dfa0b1e5084f32635156c9a5c795352ad860]
+4.19-upstream-stable: released (4.19.307) [5022b331c041e8c54b9a6a3251579bd1e8c0fc0b]
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26646 b/active/CVE-2024-26646
new file mode 100644
index 00000000..b8d8034a
--- /dev/null
+++ b/active/CVE-2024-26646
@@ -0,0 +1,15 @@
+Description: thermal: intel: hfi: Add syscore callbacks for system-wide PM
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [97566d09fd02d2ab329774bb89a2cdf2267e86d9]
+6.7-upstream-stable: released (6.7.3) [c9d6d63b6c03afaa6f185df249af693a7939577c]
+6.6-upstream-stable: released (6.6.15) [019ccc66d56a696a4dfee3bfa2f04d0a7c3d89ee]
+6.1-upstream-stable: released (6.1.76) [28f010dc50df0f7987c04112114fcfa7e0803566]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26647 b/active/CVE-2024-26647
new file mode 100644
index 00000000..7f97d663
--- /dev/null
+++ b/active/CVE-2024-26647
@@ -0,0 +1,15 @@
+Description: drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()'
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [3bb9b1f958c3d986ed90a3ff009f1e77e9553207]
+6.7-upstream-stable: released (6.7.3) [cf656fc7276e5b3709a81bc9d9639459be2b2647]
+6.6-upstream-stable: released (6.6.15) [6aa5ede6665122f4c8abce3c6eba06b49e54d25c]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.6.15-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26648 b/active/CVE-2024-26648
new file mode 100644
index 00000000..e383cf1b
--- /dev/null
+++ b/active/CVE-2024-26648
@@ -0,0 +1,15 @@
+Description: drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [7073934f5d73f8b53308963cee36f0d389ea857c]
+6.7-upstream-stable: released (6.7.3) [c02d257c654191ecda1dc1af6875d527e85310e7]
+6.6-upstream-stable: released (6.6.15) [22ae604aea14756954e1c00ae653e34d2afd2935]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.6.15-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26649 b/active/CVE-2024-26649
new file mode 100644
index 00000000..d5f2f115
--- /dev/null
+++ b/active/CVE-2024-26649
@@ -0,0 +1,16 @@
+Description: drm/amdgpu: Fix the null pointer when load rlc firmware
+References:
+Notes:
+ carnil> Introduced in 3da9b71563cb ("drm/amd: Use `amdgpu_ucode_*` helpers for GFX10").
+ carnil> Vulnerable versions: 6.3-rc1.
+Bugs:
+upstream: released (6.8-rc1) [bc03c02cc1991a066b23e69bbcc0f66e8f1f7453]
+6.7-upstream-stable: released (6.7.3) [d3887448486caeef9687fb5dfebd4ff91e0f25aa]
+6.6-upstream-stable: released (6.6.15) [8b5bacce2d13dbe648f0bfd3f738ecce8db4978c]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26650 b/active/CVE-2024-26650
new file mode 100644
index 00000000..403b2741
--- /dev/null
+++ b/active/CVE-2024-26650
@@ -0,0 +1,16 @@
+Description: platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe
+References:
+Notes:
+ carnil> Introduced in 9745fb07474f ("platform/x86/intel: Add Primary to Sideband (P2SB)
+ carnil> bridge support"). Vulnerable versions: 6.0-rc1.
+Bugs:
+upstream: released (6.8-rc2) [5913320eb0b3ec88158cfcb0fa5e996bf4ef681b]
+6.7-upstream-stable: released (6.7.3) [d281ac9a987c553d93211b90fd4fe97d8eca32cd]
+6.6-upstream-stable: released (6.6.15) [847e1eb30e269a094da046c08273abe3f3361cf2]
+6.1-upstream-stable: released (6.1.76) [2841631a03652f32b595c563695d0461072e0de4]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3