Add new batch of CVEs assigned from Linux kernel CNA

Manual fixup for the sid version not correctly detecting 6.6.15-1 as the right now and instead using 6.7.7-1 one.
author: Salvatore Bonaccorso <carnil@debian.org> 2024-04-02 10:56:31 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-04-02 10:56:31 +0200
commit: 394790af91161b751b9411f7737a4207ba5c0b55 (patch)
tree: e24f0764bf786f47a569956869194e71add754ec /active/CVE-2024-26664
parent: 612fa53fe5f7ec56deab8572d3abc0d9f345e3c0 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/active/CVE-2024-26664 b/active/CVE-2024-26664
new file mode 100644
index 00000000..b3850fcb
--- /dev/null
+++ b/active/CVE-2024-26664
@@ -0,0 +1,16 @@
+Description: hwmon: (coretemp) Fix out-of-bounds memory access
+References:
+Notes:
+ carnil> Introduced in 7108b80a542b ("hwmon/coretemp: Handle large core ID value").
+ carnil> Vulnerable versions: 4.19.264 5.4.221 5.10.152 5.15.76 6.0.6 6.1-rc2.
+Bugs:
+upstream: released (6.8-rc4) [4e440abc894585a34c2904a32cd54af1742311b3]
+6.7-upstream-stable: released (6.7.5) [3a7753bda55985dc26fae17795cb10d825453ad1]
+6.6-upstream-stable: released (6.6.17) [853a6503c586a71abf27e60a7f8c4fb28092976d]
+6.1-upstream-stable: released (6.1.78) [9bce69419271eb8b2b3ab467387cb59c99d80deb]
+5.10-upstream-stable: released (5.10.210) [f0da068c75c20ffc5ba28243ff577531dc2af1fd]
+4.19-upstream-stable: released (4.19.307) [93f0f4e846fcb682c3ec436e3b2e30e5a3a8ee6a]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
author	Salvatore Bonaccorso <carnil@debian.org>	2024-04-02 10:56:31 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-04-02 10:56:31 +0200
commit	394790af91161b751b9411f7737a4207ba5c0b55 (patch)
tree	e24f0764bf786f47a569956869194e71add754ec /active/CVE-2024-26664
parent	612fa53fe5f7ec56deab8572d3abc0d9f345e3c0 (diff)