From a9f3898f859d5c7af39d22092a37a0194faf5fa6 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Wed, 13 Mar 2024 21:48:46 +0100 Subject: Add new set of CVEs The script struggles over catching correctly that for CVE-2023-52608 and CVE-2024-26629 the correct sid released version is 6.6.15-1 and not 6.7.7-1. There remains room for improvement as we want to have the manual review needed minimal. --- active/CVE-2023-52608 | 16 ++++++++++++++++ active/CVE-2024-26629 | 17 +++++++++++++++++ active/CVE-2024-26630 | 16 ++++++++++++++++ 3 files changed, 49 insertions(+) create mode 100644 active/CVE-2023-52608 create mode 100644 active/CVE-2024-26629 create mode 100644 active/CVE-2024-26630 diff --git a/active/CVE-2023-52608 b/active/CVE-2023-52608 new file mode 100644 index 00000000..8bc9d29b --- /dev/null +++ b/active/CVE-2023-52608 @@ -0,0 +1,16 @@ +Description: firmware: arm_scmi: Check mailbox/SMT channel for consistency +References: +Notes: + carnil> Introduced in 5c8a47a5a91d ("firmware: arm_scmi: Make scmi core independent of + carnil> the transport type"). Vulnerable versions: 5.7-rc1. +Bugs: +upstream: released (6.8-rc2) [437a310b22244d4e0b78665c3042e5d1c0f45306] +6.7-upstream-stable: released (6.7.3) [12dc4217f16551d6dee9cbefc23fdb5659558cda] +6.6-upstream-stable: released (6.6.15) [9b5e1b93c83ee5fc9f5d7bd2d45b421bd87774a2] +6.1-upstream-stable: released (6.1.76) [7f95f6997f4fdd17abec3200cae45420a5489350] +5.10-upstream-stable: needed +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.6.15-1) +6.1-bookworm-security: released (6.1.76-1) +5.10-bullseye-security: needed +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-26629 b/active/CVE-2024-26629 new file mode 100644 index 00000000..38cccf2f --- /dev/null +++ b/active/CVE-2024-26629 @@ -0,0 +1,17 @@ +Description: nfsd: fix RELEASE_LOCKOWNER +References: +Notes: + carnil> Introduced in ce3c4ad7f4ce ("NFSD: Fix possible sleep during + carnil> nfsd4_release_lockowner()"). Vulnerable versions: 4.9.317 4.14.282 4.19.246 + carnil> 4.19.306 5.4.197 5.10.120 5.15.45 5.17.13 5.18.2 5.19-rc1. +Bugs: +upstream: released (6.8-rc2) [edcf9725150e42beeca42d085149f4c88fa97afd] +6.7-upstream-stable: released (6.7.3) [8f5b860de87039b007e84a28a5eefc888154e098] +6.6-upstream-stable: released (6.6.15) [b7d2eee1f53899b53f069bba3a59a419fc3d331b] +6.1-upstream-stable: released (6.1.79) [e4cf8941664cae2f89f0189c29fe2ce8c6be0d03] +5.10-upstream-stable: needed +4.19-upstream-stable: needed +sid: released (6.6.15-1) +6.1-bookworm-security: needed +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-26630 b/active/CVE-2024-26630 new file mode 100644 index 00000000..078e8719 --- /dev/null +++ b/active/CVE-2024-26630 @@ -0,0 +1,16 @@ +Description: mm: cachestat: fix folio read-after-free in cache walk +References: +Notes: + carnil> Introduced in cf264e1329fb ("cachestat: implement cachestat syscall"). + carnil> Vulnerable versions: 6.5-rc1. +Bugs: +upstream: released (6.8-rc7) [3a75cb05d53f4a6823a32deb078de1366954a804] +6.7-upstream-stable: released (6.7.9) [fe7e008e0ce728252e4ec652cceebcc62211657c] +6.6-upstream-stable: released (6.6.21) [ba60fdf75e89ea762bb617be578dc47f27655117] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.9-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" -- cgit v1.2.3