Add batch of CVEs from CNA

author: Salvatore Bonaccorso <carnil@debian.org> 2024-04-17 19:42:10 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-04-17 19:42:10 +0200
commit: 340814e1a325812027f37a78f5052c8c470caa62 (patch)
tree: 7ef5ef0ab7ed2d3c56b2a1da4e9fb0373757586a /active/CVE-2024-26883
parent: 16ca5f383c524df1ff66a64d96eba1266dd6e1dc (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/active/CVE-2024-26883 b/active/CVE-2024-26883
new file mode 100644
index 000000000..c985dbdfd
--- /dev/null
+++ b/active/CVE-2024-26883
@@ -0,0 +1,18 @@
+Description: bpf: Fix stackmap overflow check on 32-bit arches
+References:
+Notes:
+ carnil> Introduced in 6183f4d3a0a2 ("bpf: Check for integer overflow when using
+ carnil> roundup_pow_of_two()"). Vulnerable versions: 4.9.258 4.14.222 4.19.177 5.4.99
+ carnil> 5.10.17 5.11.
+Bugs:
+upstream: released (6.9-rc1) [7a4b21250bf79eef26543d35bd390448646c536b]
+6.8-upstream-stable: released (6.8.2) [0971126c8164abe2004b8536b49690a0d6005b0a]
+6.7-upstream-stable: released (6.7.11) [43f798b9036491fb014b55dd61c4c5c3193267d0]
+6.6-upstream-stable: released (6.6.23) [7070b274c7866a4c5036f8d54fcaf315c64ac33a]
+6.1-upstream-stable: released (6.1.83) [f06899582ccee09bd85d0696290e3eaca9aa042d]
+5.10-upstream-stable: released (5.10.214) [15641007df0f0d35fa28742b25c2a7db9dcd6895]
+4.19-upstream-stable: released (4.19.311) [d0e214acc59145ce25113f617311aa79dda39cb3]
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
author	Salvatore Bonaccorso <carnil@debian.org>	2024-04-17 19:42:10 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-04-17 19:42:10 +0200
commit	340814e1a325812027f37a78f5052c8c470caa62 (patch)
tree	7ef5ef0ab7ed2d3c56b2a1da4e9fb0373757586a /active/CVE-2024-26883
parent	16ca5f383c524df1ff66a64d96eba1266dd6e1dc (diff)