Add new batch of CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2024-03-25 20:48:33 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-03-25 20:48:33 +0100
commit: 62443b3b9228f7a245451d0f5edd1b85020968f8 (patch)
tree: 3e8911ca832b08680d84a7e8ba8a411e8dfb9300 /active/CVE-2021-47178
parent: 6484bea9c3b70add985f45ad5f7d3cff65caef29 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/active/CVE-2021-47178 b/active/CVE-2021-47178
new file mode 100644
index 00000000..3a0a73ff
--- /dev/null
+++ b/active/CVE-2021-47178
@@ -0,0 +1,20 @@
+Description: scsi: target: core: Avoid smp_processor_id() in preemptible code
+References:
+Notes:
+ carnil> Introduced in 1526d9f10c61 ("scsi: target: Make state_list per CPU").
+ carnil> Vulnerable versions: 5.10.180 5.11-rc1.
+ carnil> Technically N/A for sid branch as no released version in unstable
+ carnil> was ever affected. But the issue was backported in the 5.10.y series.
+ carnil> As wokraround for the security-tracker import mark the unstable
+ carnil> 5.14.6-1 as the fixed one.
+Bugs:
+upstream: released (5.13-rc4) [70ca3c57ff914113f681e657634f7fbfa68e1ad1]
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2024-03-25 20:48:33 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-03-25 20:48:33 +0100
commit	62443b3b9228f7a245451d0f5edd1b85020968f8 (patch)
tree	3e8911ca832b08680d84a7e8ba8a411e8dfb9300 /active/CVE-2021-47178
parent	6484bea9c3b70add985f45ad5f7d3cff65caef29 (diff)