diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2024-02-29 07:50:43 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2024-02-29 07:53:25 +0100 |
| commit | 78df14178f64ab8464e05f783ff8693946c3b7c5 (patch) | |
| tree | d81c8569e9ad9f124de0aa9835c06f2cf97eafdc | |
| parent | 96eb71c2764b6a2a7eebf2a2857b79f63ab11ab8 (diff) | |
Add new batch of CVEs
This import required only one manual fixup to mark the
6.6-upstream-stable as N/A.
Peer review taking just some random CVEs to review would be welcome.
| -rw-r--r-- | active/CVE-2023-52475 | 15 | ||||
| -rw-r--r-- | active/CVE-2023-52476 | 15 | ||||
| -rw-r--r-- | active/CVE-2023-52477 | 15 | ||||
| -rw-r--r-- | active/CVE-2023-52478 | 15 | ||||
| -rw-r--r-- | active/CVE-2023-52479 | 15 | ||||
| -rw-r--r-- | active/CVE-2023-52480 | 15 | ||||
| -rw-r--r-- | active/CVE-2023-52481 | 15 | ||||
| -rw-r--r-- | active/CVE-2023-52482 | 15 | ||||
| -rw-r--r-- | active/CVE-2023-52483 | 16 | ||||
| -rw-r--r-- | active/CVE-2023-52484 | 15 |
10 files changed, 151 insertions, 0 deletions
diff --git a/active/CVE-2023-52475 b/active/CVE-2023-52475 new file mode 100644 index 00000000..1e3af3ac --- /dev/null +++ b/active/CVE-2023-52475 @@ -0,0 +1,15 @@ +Description: Input: powermate - fix use-after-free in powermate_config_complete +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (6.6-rc6) [5c15c60e7be615f05a45cd905093a54b11f461bc] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: released (6.1.59) [2efe67c581a2a6122b328d4bb6f21b3f36f40d46] +5.10-upstream-stable: released (5.10.199) [cd2fbfd8b922b7fdd50732e47d797754ab59cb06] +4.19-upstream-stable: released (4.19.297) [67cace72606baf1758fd60feb358f4c6be92e1cc] +sid: released (6.5.8-1) +6.1-bookworm-security: released (6.1.64-1) +5.10-bullseye-security: released (5.10.205-1) +4.19-buster-security: released (4.19.304-1) diff --git a/active/CVE-2023-52476 b/active/CVE-2023-52476 new file mode 100644 index 00000000..1d89b23a --- /dev/null +++ b/active/CVE-2023-52476 @@ -0,0 +1,15 @@ +Description: perf/x86/lbr: Filter vsyscall addresses +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (6.6-rc6) [e53899771a02f798d436655efbd9d4b46c0f9265] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: released (6.1.59) [3863989497652488a50f00e96de4331e5efabc6c] +5.10-upstream-stable: needed +4.19-upstream-stable: needed +sid: released (6.5.8-1) +6.1-bookworm-security: released (6.1.64-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2023-52477 b/active/CVE-2023-52477 new file mode 100644 index 00000000..f12727fc --- /dev/null +++ b/active/CVE-2023-52477 @@ -0,0 +1,15 @@ +Description: usb: hub: Guard against accesses to uninitialized BOS descriptors +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (6.6-rc6) [f74a7afc224acd5e922c7a2e52244d891bbe44ee] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: released (6.1.59) [fb9895ab9533534335fa83d70344b397ac862c81] +5.10-upstream-stable: released (5.10.199) [241f230324337ed5eae3846a554fb6d15169872c] +4.19-upstream-stable: released (4.19.297) [8e7346bfea56453e31b7421c1c17ca2fb9ed613d] +sid: released (6.5.8-1) +6.1-bookworm-security: released (6.1.64-1) +5.10-bullseye-security: released (5.10.205-1) +4.19-buster-security: released (4.19.304-1) diff --git a/active/CVE-2023-52478 b/active/CVE-2023-52478 new file mode 100644 index 00000000..abac82c2 --- /dev/null +++ b/active/CVE-2023-52478 @@ -0,0 +1,15 @@ +Description: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (6.6-rc6) [dac501397b9d81e4782232c39f94f4307b137452] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: released (6.1.59) [fd72ac9556a473fc7daf54efb6ca8a97180d621d] +5.10-upstream-stable: released (5.10.199) [093af62c023537f097d2ebdfaa0bc7c1a6e874e1] +4.19-upstream-stable: released (4.19.297) [44481b244fcaa2b895a53081d6204c574720c38c] +sid: released (6.5.8-1) +6.1-bookworm-security: released (6.1.64-1) +5.10-bullseye-security: released (5.10.205-1) +4.19-buster-security: released (4.19.304-1) diff --git a/active/CVE-2023-52479 b/active/CVE-2023-52479 new file mode 100644 index 00000000..386eaf58 --- /dev/null +++ b/active/CVE-2023-52479 @@ -0,0 +1,15 @@ +Description: ksmbd: fix uaf in smb20_oplock_break_ack +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (6.6-rc5) [c69813471a1ec081a0b9bf0c6bd7e8afd818afce] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: released (6.1.57) [8226ffc759ea59f10067b9acdf7f94bae1c69930] +5.10-upstream-stable: needed +4.19-upstream-stable: needed +sid: released (6.5.8-1) +6.1-bookworm-security: released (6.1.64-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2023-52480 b/active/CVE-2023-52480 new file mode 100644 index 00000000..affd7532 --- /dev/null +++ b/active/CVE-2023-52480 @@ -0,0 +1,15 @@ +Description: ksmbd: fix race condition between session lookup and expire +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (6.6-rc5) [53ff5cf89142b978b1a5ca8dc4d4425e6a09745f] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: released (6.1.57) [a2ca5fd3dbcc665e1169044fa0c9e3eba779202b] +5.10-upstream-stable: needed +4.19-upstream-stable: needed +sid: released (6.5.8-1) +6.1-bookworm-security: released (6.1.64-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2023-52481 b/active/CVE-2023-52481 new file mode 100644 index 00000000..fb0104c5 --- /dev/null +++ b/active/CVE-2023-52481 @@ -0,0 +1,15 @@ +Description: arm64: errata: Add Cortex-A520 speculative unprivileged load workaround +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (6.6-rc5) [471470bc7052d28ce125901877dd10e4c048e513] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: released (6.1.57) [6e3ae2927b432a3b7c8374f14dbc1bd9ebe4372c] +5.10-upstream-stable: needed +4.19-upstream-stable: needed +sid: released (6.5.8-1) +6.1-bookworm-security: released (6.1.64-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2023-52482 b/active/CVE-2023-52482 new file mode 100644 index 00000000..a9a52132 --- /dev/null +++ b/active/CVE-2023-52482 @@ -0,0 +1,15 @@ +Description: x86/srso: Add SRSO mitigation for Hygon processors +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (6.6-rc4) [a5ef7d68cea1344cf524f04981c2b3f80bedbb0d] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: released (6.1.56) [6ce2f297a7168274547d0b5aea6c7c16268b8a96] +5.10-upstream-stable: needed +4.19-upstream-stable: needed +sid: released (6.5.6-1) +6.1-bookworm-security: released (6.1.64-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2023-52483 b/active/CVE-2023-52483 new file mode 100644 index 00000000..43db8a4a --- /dev/null +++ b/active/CVE-2023-52483 @@ -0,0 +1,16 @@ +Description: mctp: perform route lookups under a RCU read-side lock +References: +Notes: + carnil> Introduced in 889b7da23abf ("mctp: Add initial routing framework"). Vulnerable + carnil> versions: 5.15-rc1. +Bugs: +upstream: released (6.6-rc6) [5093bbfc10ab6636b32728e35813cbd79feb063c] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: released (6.1.59) [1db0724a01b558feb1ecae551782add1951a114a] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.5.8-1) +6.1-bookworm-security: released (6.1.64-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2023-52484 b/active/CVE-2023-52484 new file mode 100644 index 00000000..60b9c700 --- /dev/null +++ b/active/CVE-2023-52484 @@ -0,0 +1,15 @@ +Description: iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (6.6-rc5) [d5afb4b47e13161b3f33904d45110f9e6463bad6] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: released (6.1.56) [f90f4c562003ac3d3b135c5a40a5383313f27264] +5.10-upstream-stable: needed +4.19-upstream-stable: needed +sid: released (6.5.6-1) +6.1-bookworm-security: released (6.1.64-1) +5.10-bullseye-security: needed +4.19-buster-security: needed |