Add new batch of CVEs assigned

author: Salvatore Bonaccorso <carnil@debian.org> 2024-04-04 21:03:24 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-04-04 21:03:24 +0200
commit: 509a8073b54876c19b79eb622cc24fde0309bb38 (patch)
tree: f14b6050fb356f8e081b5149333a8649a722215c /active/CVE-2024-26805
parent: e2b12639eebeadc5925bec1ffdecf7df5192aace (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/active/CVE-2024-26805 b/active/CVE-2024-26805
new file mode 100644
index 000000000..27dbb9d02
--- /dev/null
+++ b/active/CVE-2024-26805
@@ -0,0 +1,17 @@
+Description: netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
+References:
+Notes:
+ carnil> Introduced in 1853c9496460 ("netlink, mmap: transform mmap skb into full skb on
+ carnil> taps"). Vulnerable versions: 3.12.49 3.14.54 3.16.35 3.18.23 4.1.10 4.2.3
+ carnil> 4.3-rc3.
+Bugs:
+upstream: released (6.8-rc7) [661779e1fcafe1b74b3f3fe8e980c1e207fea1fd]
+6.7-upstream-stable: released (6.7.9) [59fc3e3d049e39e7d0d271f20dd5fb47c57faf1d]
+6.6-upstream-stable: released (6.6.21) [d3ada42e534a83b618bbc1e490d23bf0fdae4736]
+6.1-upstream-stable: released (6.1.81) [0b27bf4c494d61e5663baa34c3edd7ccebf0ea44]
+5.10-upstream-stable: released (5.10.212) [f19d1f98e60e68b11fc60839105dd02a30ec0d77]
+4.19-upstream-stable: released (4.19.309) [ec343a55b687a452f5e87f3b52bf9f155864df65]
+sid: released (6.7.9-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
author	Salvatore Bonaccorso <carnil@debian.org>	2024-04-04 21:03:24 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-04-04 21:03:24 +0200
commit	509a8073b54876c19b79eb622cc24fde0309bb38 (patch)
tree	f14b6050fb356f8e081b5149333a8649a722215c /active/CVE-2024-26805
parent	e2b12639eebeadc5925bec1ffdecf7df5192aace (diff)