Add new batch of CVEs

Fixup for fix in earlier versions as 6.6.15-1 and one N/A as vulnerable code was only introduced in 6.7 series.
author: Salvatore Bonaccorso <carnil@debian.org> 2024-03-18 18:04:48 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-03-18 18:04:48 +0100
commit: bcd9eccef0863578591f91cfde157a7c1fcf4d9e (patch)
tree: 51bcfe848aef821a7b1a16ad6c272fc86e25630e /active/CVE-2024-26639
parent: 602dff7a3e25bb7b7271a9400d5ff4ce861d05c0 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/active/CVE-2024-26639 b/active/CVE-2024-26639
new file mode 100644
index 00000000..6641b3e0
--- /dev/null
+++ b/active/CVE-2024-26639
@@ -0,0 +1,17 @@
+Description: mm, kmsan: fix infinite recursion due to RCU critical section
+References:
+Notes:
+ carnil> Introduced in 5ec8e8ea8b77 ("mm/sparsemem: fix race in accessing
+ carnil> memory_section->usage"). Vulnerable versions: 5.10.210 5.15.149 6.1.76 6.6.15
+ carnil> 6.7.3 6.8-rc1.
+Bugs:
+upstream: released (6.8-rc3) [f6564fce256a3944aa1bc76cb3c40e792d97c1eb]
+6.7-upstream-stable: released (6.7.4) [5a33420599fa0288792537e6872fd19cc8607ea6]
+6.6-upstream-stable: released (6.6.16) [6335c0cdb2ea0ea02c999e04d34fd84f69fb27ff]
+6.1-upstream-stable: released (6.1.77) [dc904345e3771aa01d0b8358b550802fdc6fe00b]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2024-03-18 18:04:48 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-03-18 18:04:48 +0100
commit	bcd9eccef0863578591f91cfde157a7c1fcf4d9e (patch)
tree	51bcfe848aef821a7b1a16ad6c272fc86e25630e /active/CVE-2024-26639
parent	602dff7a3e25bb7b7271a9400d5ff4ce861d05c0 (diff)