Add new batch of CVEs assigned for Linux

author: Salvatore Bonaccorso <carnil@debian.org> 2024-04-03 21:33:11 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-04-03 21:33:11 +0200
commit: e2b12639eebeadc5925bec1ffdecf7df5192aace (patch)
tree: c43a5a7f293006eced7e9c712f34efab9c774abb /active/CVE-2024-26754
parent: 03801e090c9fbe79615a6fe3fc2a075311f2bd8b (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/active/CVE-2024-26754 b/active/CVE-2024-26754
new file mode 100644
index 000000000..d0c955975
--- /dev/null
+++ b/active/CVE-2024-26754
@@ -0,0 +1,16 @@
+Description: gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
+References:
+Notes:
+ carnil> Introduced in 459aa660eb1d ("gtp: add initial driver for datapath of GPRS
+ carnil> Tunneling Protocol (GTP-U)"). Vulnerable versions: 4.7-rc1.
+Bugs:
+upstream: released (6.8-rc6) [136cfaca22567a03bbb3bf53a43d8cb5748b80ec]
+6.7-upstream-stable: released (6.7.7) [5013bd54d283eda5262c9ae3bcc966d01daf8576]
+6.6-upstream-stable: released (6.6.19) [ba6b8b02a3314e62571a540efa96560888c5f03e]
+6.1-upstream-stable: released (6.1.80) [3963f16cc7643b461271989b712329520374ad2a]
+5.10-upstream-stable: released (5.10.211) [2e534fd15e5c2ca15821c897352cf0e8a3e30dca]
+4.19-upstream-stable: released (4.19.308) [f0ecdfa679189d26aedfe24212d4e69e42c2c861]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
author	Salvatore Bonaccorso <carnil@debian.org>	2024-04-03 21:33:11 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-04-03 21:33:11 +0200
commit	e2b12639eebeadc5925bec1ffdecf7df5192aace (patch)
tree	c43a5a7f293006eced7e9c712f34efab9c774abb /active/CVE-2024-26754
parent	03801e090c9fbe79615a6fe3fc2a075311f2bd8b (diff)