Some more CVEs assigned by the Linux kernel CNA

20 files changed, 312 insertions, 0 deletions

diff --git a/active/CVE-2022-48686 b/active/CVE-2022-48686
new file mode 100644
index 00000000..7256613f
--- /dev/null
+++ b/active/CVE-2022-48686
@@ -0,0 +1,16 @@
+Description: nvme-tcp: fix UAF when detecting digest errors
+References:
+Notes:
+ carnil> Introduced in 3f2304f8c6d6 ("nvme-tcp: add NVMe over TCP host driver").
+ carnil> Vulnerable versions: 5.0-rc1.
+Bugs:
+upstream: released (6.0-rc5) [160f3549a907a50e51a8518678ba2dcf2541abea]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.143) [5914fa32ef1b7766fea933f9eed94ac5c00aa7ff]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2022-48687 b/active/CVE-2022-48687
new file mode 100644
index 00000000..cdc840d9
--- /dev/null
+++ b/active/CVE-2022-48687
@@ -0,0 +1,16 @@
+Description: ipv6: sr: fix out-of-bounds read when setting HMAC data.
+References:
+Notes:
+ carnil> Introduced in 4f4853dc1c9c1 ("ipv6: sr: implement API to control SR HMAC
+ carnil> structure"). Vulnerable versions: 4.10-rc1.
+Bugs:
+upstream: released (6.0-rc5) [84a53580c5d2138c7361c7c3eea5b31827e63b35]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.143) [076f2479fc5a15c4a970ca3b5e57d42ba09a31fa]
+4.19-upstream-stable: released (4.19.258) [f684c16971ed5e77dfa25a9ad25b5297e1f58eab]
+sid: released (5.19.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/active/CVE-2022-48688 b/active/CVE-2022-48688
new file mode 100644
index 00000000..93a45b89
--- /dev/null
+++ b/active/CVE-2022-48688
@@ -0,0 +1,16 @@
+Description: i40e: Fix kernel crash during module removal
+References:
+Notes:
+ carnil> Introduced in 0ef2d5afb12d ("i40e: KISS the client interface"). Vulnerable
+ carnil> versions: 4.12-rc1.
+Bugs:
+upstream: released (6.0-rc5) [fb8396aeda5872369a8ed6d2301e2c86e303c520]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.143) [342d77769a6cceb3df7720a1e18baa4339eee3fc]
+4.19-upstream-stable: released (4.19.258) [c49f320e2492738d478bc427dcd54ccfe0cba746]
+sid: released (5.19.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/active/CVE-2022-48689 b/active/CVE-2022-48689
new file mode 100644
index 00000000..efd4ae26
--- /dev/null
+++ b/active/CVE-2022-48689
@@ -0,0 +1,16 @@
+Description: tcp: TX zerocopy should not sense pfmemalloc status
+References:
+Notes:
+ carnil> Introduced in c07aea3ef4d4 ("mm: add a signature in struct page"). Vulnerable
+ carnil> versions: 5.14-rc1.
+Bugs:
+upstream: released (6.0-rc5) [3261400639463a853ba2b3be8bd009c2a8089775]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2022-48690 b/active/CVE-2022-48690
new file mode 100644
index 00000000..3fb1b2e0
--- /dev/null
+++ b/active/CVE-2022-48690
@@ -0,0 +1,16 @@
+Description: ice: Fix DMA mappings leak
+References:
+Notes:
+ carnil> Introduced in 617f3e1b588c ("ice: xsk: allocate separate memory for XDP SW
+ carnil> ring"). Vulnerable versions: 5.16-rc7.
+Bugs:
+upstream: released (6.0-rc5) [7e753eb675f0523207b184558638ee2eed6c9ac2]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2022-48691 b/active/CVE-2022-48691
new file mode 100644
index 00000000..b6bf58d3
--- /dev/null
+++ b/active/CVE-2022-48691
@@ -0,0 +1,16 @@
+Description: netfilter: nf_tables: clean up hook list when offload flags check fails
+References:
+Notes:
+ carnil> Introduced in d54725cd11a5 ("netfilter: nf_tables: support for multiple devices
+ carnil> per netdev hook"). Vulnerable versions: 5.5-rc1.
+Bugs:
+upstream: released (6.0-rc5) [77972a36ecc4db7fc7c68f0e80714263c5f03f65]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.143) [910891a2a44cdc49efcc4fe7459c1085ba00d0f4]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2022-48692 b/active/CVE-2022-48692
new file mode 100644
index 00000000..10b633f3
--- /dev/null
+++ b/active/CVE-2022-48692
@@ -0,0 +1,16 @@
+Description: RDMA/srp: Set scmnd->result only when scmnd is not NULL
+References:
+Notes:
+ carnil> Introduced in ad215aaea4f9 ("RDMA/srp: Make struct scsi_cmnd and struct
+ carnil> srp_request adjacent"). Vulnerable versions: 5.10.199 5.14-rc1.
+Bugs:
+upstream: released (6.0-rc5) [12f35199a2c0551187edbf8eb01379f0598659fa]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.199) [f022576aa03c2385ea7f2b27ee5b331e43abf624]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2022-48693 b/active/CVE-2022-48693
new file mode 100644
index 00000000..04bfedf3
--- /dev/null
+++ b/active/CVE-2022-48693
@@ -0,0 +1,16 @@
+Description: soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
+References:
+Notes:
+ carnil> Introduced in 0b741b8234c8 ("soc: bcm: brcmstb: Add support for S2/S3/S5
+ carnil> suspend states (ARM)"). Vulnerable versions: 4.15-rc1.
+Bugs:
+upstream: released (6.0-rc5) [1085f5080647f0c9f357c270a537869191f7f2a1]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.143) [6dc0251638a4a1a998506dbd4627f8317e907558]
+4.19-upstream-stable: released (4.19.258) [0284b4e6dec6088a41607aa3f42bf51edff01883]
+sid: released (5.19.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/active/CVE-2022-48694 b/active/CVE-2022-48694
new file mode 100644
index 00000000..ae8a388e
--- /dev/null
+++ b/active/CVE-2022-48694
@@ -0,0 +1,16 @@
+Description: RDMA/irdma: Fix drain SQ hang with no completion
+References:
+Notes:
+ carnil> Introduced in 81091d7696ae ("RDMA/irdma: Add SW mechanism to generate
+ carnil> completions on error"). Vulnerable versions: 5.15.116 5.19-rc1.
+Bugs:
+upstream: released (6.0-rc5) [ead54ced6321099978d30d62dc49c282a6e70574]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2022-48695 b/active/CVE-2022-48695
new file mode 100644
index 00000000..9cc8ec7e
--- /dev/null
+++ b/active/CVE-2022-48695
@@ -0,0 +1,15 @@
+Description: scsi: mpt3sas: Fix use-after-free warning
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.0-rc5) [991df3dd5144f2e6b1c38b8d20ed3d4d21e20b34]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.143) [ea10a652ad2ae2cf3eced6f632a5c98f26727057]
+4.19-upstream-stable: released (4.19.258) [82efb917eeb27454dc4c6fe26432fc8f6c75bc16]
+sid: released (5.19.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/active/CVE-2022-48696 b/active/CVE-2022-48696
new file mode 100644
index 00000000..c905b752
--- /dev/null
+++ b/active/CVE-2022-48696
@@ -0,0 +1,16 @@
+Description: regmap: spi: Reserve space for register address/padding
+References:
+Notes:
+ carnil> Introduced in f231ff38b7b2 ("regmap: spi: Set regmap max raw r/w from
+ carnil> max_transfer_size"). Vulnerable versions: 5.16-rc1.
+Bugs:
+upstream: released (6.0-rc5) [f5723cfc01932c7a8d5c78dbf7e067e537c91439]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2022-48697 b/active/CVE-2022-48697
new file mode 100644
index 00000000..adb97de2
--- /dev/null
+++ b/active/CVE-2022-48697
@@ -0,0 +1,16 @@
+Description: nvmet: fix a use-after-free
+References:
+Notes:
+ carnil> Introduced in a07b4970f464 ("nvmet: add a generic NVMe target"). Vulnerable
+ carnil> versions: 4.8-rc1.
+Bugs:
+upstream: released (6.0-rc5) [6a02a61e81c231cc5c680c5dbf8665275147ac52]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.143) [be01f1c988757b95f11f090a9f491365670a522b]
+4.19-upstream-stable: released (4.19.260) [17f121ca3ec6be0fb32d77c7f65362934a38cc8e]
+sid: released (5.19.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/active/CVE-2022-48698 b/active/CVE-2022-48698
new file mode 100644
index 00000000..a4ee6082
--- /dev/null
+++ b/active/CVE-2022-48698
@@ -0,0 +1,15 @@
+Description: drm/amd/display: fix memory leak when using debugfs_lookup()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.0-rc5) [cbfac7fa491651c57926c99edeb7495c6c1aeac2]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (5.19.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2022-48699 b/active/CVE-2022-48699
new file mode 100644
index 00000000..d610b97c
--- /dev/null
+++ b/active/CVE-2022-48699
@@ -0,0 +1,15 @@
+Description: sched/debug: fix dentry leak in update_sched_domain_debugfs
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.0-rc5) [c2e406596571659451f4b95e37ddfd5a8ef1d0dc]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (5.19.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2022-48700 b/active/CVE-2022-48700
new file mode 100644
index 00000000..bc671304
--- /dev/null
+++ b/active/CVE-2022-48700
@@ -0,0 +1,15 @@
+Description: vfio/type1: Unpin zero pages
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.0-rc5) [873aefb376bbc0ed1dd2381ea1d6ec88106fdbd4]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.146) [578d644edc7d2c1ff53f7e4d0a25da473deb4a03]
+4.19-upstream-stable: needed
+sid: released (5.19.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2022-48701 b/active/CVE-2022-48701
new file mode 100644
index 00000000..ac74f8ce
--- /dev/null
+++ b/active/CVE-2022-48701
@@ -0,0 +1,15 @@
+Description: ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.0-rc5) [e53f47f6c1a56d2af728909f1cb894da6b43d9bf]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.143) [6123bec8480d23369e2ee0b2208611619f269faf]
+4.19-upstream-stable: released (4.19.258) [2a308e415d247a23d4d64c964c02e782eede2936]
+sid: released (5.19.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/active/CVE-2022-48702 b/active/CVE-2022-48702
new file mode 100644
index 00000000..65b10bc9
--- /dev/null
+++ b/active/CVE-2022-48702
@@ -0,0 +1,15 @@
+Description: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.0-rc5) [d29f59051d3a07b81281b2df2b8c9dfe4716067f]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.143) [39a90720f3abe96625d1224e7a7463410875de4c]
+4.19-upstream-stable: released (4.19.258) [88aac6684cf8bc885cca15463cb4407e91f28ff7]
+sid: released (5.19.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/active/CVE-2022-48703 b/active/CVE-2022-48703
new file mode 100644
index 00000000..b6f0d373
--- /dev/null
+++ b/active/CVE-2022-48703
@@ -0,0 +1,15 @@
+Description: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.0-rc3) [7931e28098a4c1a2a6802510b0cbe57546d2049d]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (5.19.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2022-48704 b/active/CVE-2022-48704
new file mode 100644
index 00000000..ad2064b5
--- /dev/null
+++ b/active/CVE-2022-48704
@@ -0,0 +1,15 @@
+Description: drm/radeon: add a force flush to delay work when radeon
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.0-rc3) [f461950fdc374a3ada5a63c669d997de4600dffe]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.143) [826b46fd5974113515abe9e4fc8178009a8ce18c]
+4.19-upstream-stable: released (4.19.258) [c0a45f41fde4a0f2c900f719817493ee5c4a5aa3]
+sid: released (5.19.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.148-1)
+4.19-buster-security: released (4.19.260-1)
diff --git a/active/CVE-2022-48705 b/active/CVE-2022-48705
new file mode 100644
index 00000000..221dd8ff
--- /dev/null
+++ b/active/CVE-2022-48705
@@ -0,0 +1,16 @@
+Description: wifi: mt76: mt7921e: fix crash in chip reset fail
+References:
+Notes:
+ carnil> Introduced in 0efaf31dec57 ("mt76: mt7921: fix MT7921E reset failure").
+ carnil> Vulnerable versions: 5.16.3 5.17-rc1.
+Bugs:
+upstream: released (6.0-rc5) [fa3fbe64037839f448dc569212bafc5a495d8219]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.19.11-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"