diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2024-02-29 23:43:11 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2024-02-29 23:43:11 +0100 |
| commit | aa24ddf69ffa705f108631622f09ace0d7495fa5 (patch) | |
| tree | f5b454a6ec352c080fcbe08d86574ca3feb900e6 | |
| parent | 14b6c0b24e722ea4281cdd186262b0b943ff8a3b (diff) | |
Add three more CVEs
| -rw-r--r-- | active/CVE-2021-46959 | 17 | ||||
| -rw-r--r-- | active/CVE-2021-47016 | 17 | ||||
| -rw-r--r-- | active/CVE-2021-47020 | 16 |
3 files changed, 50 insertions, 0 deletions
diff --git a/active/CVE-2021-46959 b/active/CVE-2021-46959 new file mode 100644 index 00000000..4f0dd358 --- /dev/null +++ b/active/CVE-2021-46959 @@ -0,0 +1,17 @@ +Description: spi: Fix use-after-free with devm_spi_alloc_* +References: +Notes: + carnil> Introduced in 5e844cc37a5c ("spi: Introduce device-managed SPI controller + carnil> allocation"). Vulnerable versions: 4.4.248 4.9.248 4.14.212 4.19.163 5.4.80 + carnil> 5.9.11 5.10-rc5. +Bugs: +upstream: released (5.13-rc1) [794aaf01444d4e765e2b067cba01cc69c1c68ed9] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.37) [c7fabe372a9031acd00498bc718ce27c253abfd1] +4.19-upstream-stable: released (4.19.191) [28a5529068c51cdf0295ab1e11a99a3a909a03e4] +sid: released (5.10.38-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.194-1) diff --git a/active/CVE-2021-47016 b/active/CVE-2021-47016 new file mode 100644 index 00000000..8287b06f --- /dev/null +++ b/active/CVE-2021-47016 @@ -0,0 +1,17 @@ +Description: m68k: mvme147,mvme16x: Don't wipe PCC timer config bits +References: +Notes: + carnil> Introduced in 7529b90d051e ("m68k: mvme147: Handle timer counter overflow") + carnil> 19999a8b8782 ("m68k: mvme16x: Handle timer counter overflow"). Vulnerable + carnil> versions: 5.2-rc1. +Bugs: +upstream: released (5.13-rc1) [43262178c043032e7c42d00de44c818ba05f9967] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.37) [1dfb26df15fc7036a74221d43de7427f74293dae] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.10.38-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-47020 b/active/CVE-2021-47020 new file mode 100644 index 00000000..16be4b37 --- /dev/null +++ b/active/CVE-2021-47020 @@ -0,0 +1,16 @@ +Description: soundwire: stream: fix memory leak in stream config error path +References: +Notes: + carnil> Introduced in 89e590535f32 ("soundwire: Add support for SoundWire stream + carnil> management"). Vulnerable versions: 4.18-rc1. +Bugs: +upstream: released (5.13-rc1) [48f17f96a81763c7c8bf5500460a359b9939359f] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: N/A "Fixed before branching point" +5.10-upstream-stable: released (5.10.37) [7c468deae306d0cbbd539408c26cfec04c66159a] +4.19-upstream-stable: released (4.19.191) [342260fe821047c3d515e3d28085d73fbdce3e80] +sid: released (5.10.38-1) +6.1-bookworm-security: N/A "Fixed before branching point" +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.194-1) |