Add batch of CVEs from CNA

author: Salvatore Bonaccorso <carnil@debian.org> 2024-04-17 19:42:10 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-04-17 19:42:10 +0200
commit: 340814e1a325812027f37a78f5052c8c470caa62 (patch)
tree: 7ef5ef0ab7ed2d3c56b2a1da4e9fb0373757586a /active/CVE-2024-26820
parent: 16ca5f383c524df1ff66a64d96eba1266dd6e1dc (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/active/CVE-2024-26820 b/active/CVE-2024-26820
new file mode 100644
index 000000000..94fa9bf9b
--- /dev/null
+++ b/active/CVE-2024-26820
@@ -0,0 +1,18 @@
+Description: hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
+References:
+Notes:
+ carnil> Introduced in 85520856466e ("hv_netvsc: Fix race of register_netdevice_notifier
+ carnil> and VF register"). Vulnerable versions: 4.19.301 5.4.263 5.10.203 5.15.141
+ carnil> 6.1.65 6.6.4 6.7-rc3.
+Bugs:
+upstream: released (6.8-rc4) [9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [4d29a58d96a78728cb01ee29ed70dc4bd642f135]
+6.6-upstream-stable: released (6.6.18) [a71302c8638939c45e4ba5a99ea438185fd3f418]
+6.1-upstream-stable: released (6.1.79) [309ef7de5d840e17607e7d65cbf297c0564433ef]
+5.10-upstream-stable: released (5.10.213) [5b10a88f64c0315cfdef45de0aaaa4eef57de0b7]
+4.19-upstream-stable: released (4.19.310) [bcb7164258d0a9a8aa2e73ddccc2d78f67d2519d]
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
author	Salvatore Bonaccorso <carnil@debian.org>	2024-04-17 19:42:10 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-04-17 19:42:10 +0200
commit	340814e1a325812027f37a78f5052c8c470caa62 (patch)
tree	7ef5ef0ab7ed2d3c56b2a1da4e9fb0373757586a /active/CVE-2024-26820
parent	16ca5f383c524df1ff66a64d96eba1266dd6e1dc (diff)