Add new batch of CVEs assigned for Linux

author: Salvatore Bonaccorso <carnil@debian.org> 2024-04-03 21:33:11 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-04-03 21:33:11 +0200
commit: e2b12639eebeadc5925bec1ffdecf7df5192aace (patch)
tree: c43a5a7f293006eced7e9c712f34efab9c774abb /active/CVE-2023-52637
parent: 03801e090c9fbe79615a6fe3fc2a075311f2bd8b (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/active/CVE-2023-52637 b/active/CVE-2023-52637
new file mode 100644
index 00000000..44f89bb3
--- /dev/null
+++ b/active/CVE-2023-52637
@@ -0,0 +1,16 @@
+Description: can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)
+References:
+Notes:
+ carnil> Introduced in 9d71dd0c70099 ("can: add support of SAE J1939 protocol").
+ carnil> Vulnerable versions: 5.4-rc1.
+Bugs:
+upstream: released (6.8-rc5) [efe7cf828039aedb297c1f9920b638fffee6aabc]
+6.7-upstream-stable: released (6.7.6) [fc74b9cb789cae061bbca7b203a3842e059f6b5d]
+6.6-upstream-stable: released (6.6.18) [f84e7534457dcd7835be743517c35378bb4e7c50]
+6.1-upstream-stable: released (6.1.79) [4dd684d4bb3cd5454e0bf6e2a1bdfbd5c9c872ed]
+5.10-upstream-stable: released (5.10.210) [978e50ef8c38dc71bd14d1b0143d554ff5d188ba]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2024-04-03 21:33:11 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-04-03 21:33:11 +0200
commit	e2b12639eebeadc5925bec1ffdecf7df5192aace (patch)
tree	c43a5a7f293006eced7e9c712f34efab9c774abb /active/CVE-2023-52637
parent	03801e090c9fbe79615a6fe3fc2a075311f2bd8b (diff)