diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2024-05-01 20:48:05 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2024-05-01 20:48:05 +0200 |
commit | d05469adc091243005292db82d4b4e6556c58199 (patch) | |
tree | 9bfb90da2a4dc8e0c470909cad02a4592addbe59 /active | |
parent | 0763ac5322d01bfc34edc852640cce8a7f68afff (diff) |
Add new batch of CVEs from Linux kernel CNA
Diffstat (limited to 'active')
69 files changed, 1105 insertions, 0 deletions
diff --git a/active/CVE-2022-48669 b/active/CVE-2022-48669 new file mode 100644 index 00000000..42133200 --- /dev/null +++ b/active/CVE-2022-48669 @@ -0,0 +1,16 @@ +Description: powerpc/pseries: Fix potential memleak in papr_get_attr() +References: +Notes: + carnil> Introduced in 3c14b73454cf ("powerpc/pseries: Interface to represent PAPR + carnil> firmware attributes"). Vulnerable versions: 5.18-rc1. +Bugs: +upstream: released (6.9-rc1) [cda9c0d556283e2d4adaa9960b2dc19b16156bae] +6.8-upstream-stable: released (6.8.2) [d0647c3e81eff62b66d46fd4e475318cb8cb3610] +6.6-upstream-stable: released (6.6.23) [1699fb915b9f61794d559b55114c09a390aaf234] +6.1-upstream-stable: released (6.1.83) [a3f22feb2220a945d1c3282e34199e8bcdc5afc4] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2023-52649 b/active/CVE-2023-52649 new file mode 100644 index 00000000..3e2b3d8e --- /dev/null +++ b/active/CVE-2023-52649 @@ -0,0 +1,16 @@ +Description: drm/vkms: Avoid reading beyond LUT array +References: +Notes: + carnil> Introduced in db1f254f2cfa ("drm/vkms: Add support to 1D gamma LUT"). + carnil> Vulnerable versions: 6.6-rc1. +Bugs: +upstream: released (6.9-rc1) [2fee84030d12d9fddfa874e4562d71761a129277] +6.8-upstream-stable: released (6.8.2) [92800aaeff51b8358d1e0a7eb74daf8aa2d7ce9d] +6.6-upstream-stable: released (6.6.23) [9556c167673057d48ce4a0da675026fe046654c1] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2023-52650 b/active/CVE-2023-52650 new file mode 100644 index 00000000..28a1d908 --- /dev/null +++ b/active/CVE-2023-52650 @@ -0,0 +1,16 @@ +Description: drm/tegra: dsi: Add missing check for of_find_device_by_node +References: +Notes: + carnil> Introduced in e94236cde4d5 ("drm/tegra: dsi: Add ganged mode support"). + carnil> Vulnerable versions: 3.19-rc1. +Bugs: +upstream: released (6.9-rc1) [afe6fcb9775882230cd29b529203eabd5d2a638d] +6.8-upstream-stable: released (6.8.2) [3169eaf1365541fd8e521091010c44fbe14691fc] +6.6-upstream-stable: released (6.6.23) [52aa507148c4aad41436e2005d742ffcafad9976] +6.1-upstream-stable: released (6.1.83) [50c0ad785a780c72a2fdaba10b38c645ffb4eae6] +5.10-upstream-stable: released (5.10.214) [92003981a6df5dc84af8a5904f8ee112fa324129] +4.19-upstream-stable: released (4.19.311) [47a13d0b9d8527518639ab5c39667f69d6203e80] +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2023-52651 b/active/CVE-2023-52651 new file mode 100644 index 00000000..354453a6 --- /dev/null +++ b/active/CVE-2023-52651 @@ -0,0 +1,16 @@ +Description: wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() +References: +Notes: + carnil> Introduced in dc405152bb64 ("ath10k: handle mgmt tx completion event"). + carnil> Vulnerable versions: 4.19-rc1. +Bugs: +upstream: released (6.9-rc1) [ad25ee36f00172f7d53242dc77c69fff7ced0755] +6.8-upstream-stable: released (6.8.2) [835c5d37f4b0ba99e9ec285ffa645bc532714191] +6.6-upstream-stable: released (6.6.23) [10a342fa2fe4c4dd22f2c8fe917d3b1929582076] +6.1-upstream-stable: released (6.1.83) [90f089d77e38db1c48629f111f3c8c336be1bc38] +5.10-upstream-stable: released (5.10.214) [e1dc7aa814a95aeeb1b2c05be2b62af8423b15cc] +4.19-upstream-stable: released (4.19.311) [0cd3b0a1dc987697cba1fe93c784365aa1f8a230] +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2023-52652 b/active/CVE-2023-52652 new file mode 100644 index 00000000..c5e1e697 --- /dev/null +++ b/active/CVE-2023-52652 @@ -0,0 +1,16 @@ +Description: NTB: fix possible name leak in ntb_register_device() +References: +Notes: + carnil> Introduced in a1bd3baeb2f1 ("NTB: Add NTB hardware abstraction layer"). + carnil> Vulnerable versions: 4.2-rc1. +Bugs: +upstream: released (6.9-rc1) [aebfdfe39b9327a3077d0df8db3beb3160c9bdd0] +6.8-upstream-stable: released (6.8.2) [913421f9f7fd8324dcc41753d0f28b52e177ef04] +6.6-upstream-stable: released (6.6.23) [a039690d323221eb5865f1f31db3ec264e7a14b6] +6.1-upstream-stable: released (6.1.83) [6632a54ac8057cc0b0d789c6f73883e871bcd25c] +5.10-upstream-stable: needed +4.19-upstream-stable: needed +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2023-52653 b/active/CVE-2023-52653 new file mode 100644 index 00000000..edfeeab6 --- /dev/null +++ b/active/CVE-2023-52653 @@ -0,0 +1,16 @@ +Description: SUNRPC: fix a memleak in gss_import_v2_context +References: +Notes: + carnil> Introduced in 47d848077629 ("gss_krb5: handle new context format from gssd"). + carnil> Vulnerable versions: 2.6.35-rc1. +Bugs: +upstream: released (6.9-rc1) [e67b652d8e8591d3b1e569dbcdfcee15993e91fa] +6.8-upstream-stable: released (6.8.2) [d111e30d9cd846bb368faf3637dc0f71fcbcf822] +6.6-upstream-stable: released (6.6.23) [99044c01ed5329e73651c054d8a4baacdbb1a27c] +6.1-upstream-stable: needed +5.10-upstream-stable: needed +4.19-upstream-stable: needed +sid: released (6.7.12-1) +6.1-bookworm-security: needed +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-27023 b/active/CVE-2024-27023 new file mode 100644 index 00000000..41d680eb --- /dev/null +++ b/active/CVE-2024-27023 @@ -0,0 +1,16 @@ +Description: md: Fix missing release of 'active_io' for flush +References: +Notes: + carnil> Introduced in fa2bbff7b0b4 ("md: synchronize flush io with array + carnil> reconfiguration"). Vulnerable versions: 6.1.75 6.6.14 6.7.2 6.8-rc1. +Bugs: +upstream: released (6.8-rc6) [855678ed8534518e2b428bcbcec695de9ba248e8] +6.8-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: released (6.6.19) [02dad157ba11064d073f5499dc33552b227d5d3a] +6.1-upstream-stable: released (6.1.80) [6b2ff10390b19a2364af622b6666b690443f9f3f] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.7-1) +6.1-bookworm-security: released (6.1.82-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27024 b/active/CVE-2024-27024 new file mode 100644 index 00000000..788329be --- /dev/null +++ b/active/CVE-2024-27024 @@ -0,0 +1,16 @@ +Description: net/rds: fix WARNING in rds_conn_connect_if_down +References: +Notes: + carnil> Introduced in 584a8279a44a ("RDS: RDMA: return appropriate error on rdma map + carnil> failures"). Vulnerable versions: 3.18.85 4.1.48 4.4.103 4.9.66 4.11-rc1. +Bugs: +upstream: released (6.8) [c055fc00c07be1f0df7375ab0036cebd1106ed38] +6.8-upstream-stable: released (6.8) [c055fc00c07be1f0df7375ab0036cebd1106ed38] +6.6-upstream-stable: released (6.6.22) [2b505d05280739ce31d5708da840f42df827cb85] +6.1-upstream-stable: released (6.1.82) [998fd719e6d6468b930ac0c44552ea9ff8b07b80] +5.10-upstream-stable: released (5.10.213) [9dfc15a10dfd44f8ff7f27488651cb5be6af83c2] +4.19-upstream-stable: released (4.19.310) [786854141057751bc08eb26f1b02e97c1631c8f4] +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.82-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-27025 b/active/CVE-2024-27025 new file mode 100644 index 00000000..1836149c --- /dev/null +++ b/active/CVE-2024-27025 @@ -0,0 +1,16 @@ +Description: nbd: null check for nla_nest_start +References: +Notes: + carnil> Introduced in 47d902b90a32 ("nbd: add a status netlink command"). Vulnerable + carnil> versions: 4.12-rc1. +Bugs: +upstream: released (6.9-rc1) [31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d] +6.8-upstream-stable: released (6.8.2) [ba6a9970ce9e284cbc04099361c58731e308596a] +6.6-upstream-stable: released (6.6.23) [b7f5aed55829f376e4f7e5ea5b80ccdcb023e983] +6.1-upstream-stable: released (6.1.83) [96436365e5d80d0106ea785a4f80a58e7c9edff8] +5.10-upstream-stable: released (5.10.214) [4af837db0fd3679fabc7b7758397090b0c06dced] +4.19-upstream-stable: needed +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-27026 b/active/CVE-2024-27026 new file mode 100644 index 00000000..840095be --- /dev/null +++ b/active/CVE-2024-27026 @@ -0,0 +1,16 @@ +Description: vmxnet3: Fix missing reserved tailroom +References: +Notes: + carnil> Introduced in 54f00cce1178 ("vmxnet3: Add XDP support."). Vulnerable versions: + carnil> 6.6-rc1. +Bugs: +upstream: released (6.9-rc1) [e127ce7699c1e05279ee5ee61f00893e7bfa9671] +6.8-upstream-stable: released (6.8.2) [91d017d19d5a9ad153e2dc23ed3c0e2e79ef5262] +6.6-upstream-stable: released (6.6.23) [aba8659caf88017507419feea06069f529329ea6] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27027 b/active/CVE-2024-27027 new file mode 100644 index 00000000..c9676d62 --- /dev/null +++ b/active/CVE-2024-27027 @@ -0,0 +1,16 @@ +Description: dpll: fix dpll_xa_ref_*_del() for multiple registrations +References: +Notes: + carnil> Introduced in 9431063ad323 ("dpll: core: Add DPLL framework base functions"). + carnil> Vulnerable versions: 6.7-rc1. +Bugs: +upstream: released (6.9-rc1) [b446631f355ece73b13c311dd712c47381a23172] +6.8-upstream-stable: released (6.8.2) [b27e32e9367dac024cd6f61f22655714f483fd67] +6.6-upstream-stable: N/A "Vulnerable code not present" +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27028 b/active/CVE-2024-27028 new file mode 100644 index 00000000..78d2af9e --- /dev/null +++ b/active/CVE-2024-27028 @@ -0,0 +1,16 @@ +Description: spi: spi-mt65xx: Fix NULL pointer access in interrupt handler +References: +Notes: + carnil> Introduced in 1ce24864bff4 ("spi: mediatek: Only do dma for 4-byte aligned + carnil> buffers"). Vulnerable versions: 4.11-rc1. +Bugs: +upstream: released (6.9-rc1) [a20ad45008a7c82f1184dc6dee280096009ece55] +6.8-upstream-stable: released (6.8.2) [1784053cf10a14c4ebd8a890bad5cfe1bee51713] +6.6-upstream-stable: released (6.6.23) [62b1f837b15cf3ec2835724bdf8577e47d14c753] +6.1-upstream-stable: released (6.1.83) [766ec94cc57492eab97cbbf1595bd516ab0cb0e4] +5.10-upstream-stable: released (5.10.214) [bcfcdf19698024565eff427706ebbd8df65abd11] +4.19-upstream-stable: released (4.19.311) [2342b05ec5342a519e00524a507f7a6ea6791a38] +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-27029 b/active/CVE-2024-27029 new file mode 100644 index 00000000..e92756b9 --- /dev/null +++ b/active/CVE-2024-27029 @@ -0,0 +1,16 @@ +Description: drm/amdgpu: fix mmhub client id out-of-bounds access +References: +Notes: + carnil> Introduced in aba2be41470a ("drm/amdgpu: add mmhub 3.3.0 support"). Vulnerable + carnil> versions: 6.7-rc1. +Bugs: +upstream: released (6.9-rc1) [6540ff6482c1a5a6890ae44b23d0852ba1986d9e] +6.8-upstream-stable: released (6.8.2) [1f24b3040f2b6ffcb97151fabb3070328254d923] +6.6-upstream-stable: N/A "Vulnerable code not present" +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27030 b/active/CVE-2024-27030 new file mode 100644 index 00000000..06305fdd --- /dev/null +++ b/active/CVE-2024-27030 @@ -0,0 +1,16 @@ +Description: octeontx2-af: Use separate handlers for interrupts +References: +Notes: + carnil> Introduced in 7304ac4567bc ("octeontx2-af: Add mailbox IRQ and msg handlers"). + carnil> Vulnerable versions: 4.20-rc1. +Bugs: +upstream: released (6.9-rc1) [50e60de381c342008c0956fd762e1c26408f372c] +6.8-upstream-stable: released (6.8.2) [4fedae8f9eafa2ac8cdaca58e315f52a7e2a8701] +6.6-upstream-stable: released (6.6.23) [dc29dd00705a62c77de75b6d752259b869aac49d] +6.1-upstream-stable: released (6.1.83) [29d2550d79a8cbd31e0fbaa5c0e2a2efdc444e44] +5.10-upstream-stable: released (5.10.214) [766c2627acb2d9d1722cce2e24837044d52d888a] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27031 b/active/CVE-2024-27031 new file mode 100644 index 00000000..30bd48f5 --- /dev/null +++ b/active/CVE-2024-27031 @@ -0,0 +1,16 @@ +Description: NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt +References: +Notes: + carnil> Introduced in 000dbe0bec05 ("NFS: Convert buffered read paths to use netfs when + carnil> fscache is enabled"). Vulnerable versions: 6.4-rc1. +Bugs: +upstream: released (6.9-rc1) [fd5860ab6341506004219b080aea40213b299d2e] +6.8-upstream-stable: released (6.8.2) [8a2e5977cecd3cde6a0e3e86b7b914d00240e5dc] +6.6-upstream-stable: released (6.6.23) [ad27382f8495f8ef6d2c66c413d756bfd13c0598] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27032 b/active/CVE-2024-27032 new file mode 100644 index 00000000..859d6e14 --- /dev/null +++ b/active/CVE-2024-27032 @@ -0,0 +1,17 @@ +Description: f2fs: fix to avoid potential panic during recovery +References: +Notes: + carnil> Introduced in 956fa1ddc132 ("f2fs: fix to check return value of + carnil> f2fs_reserve_new_block()"). Vulnerable versions: 4.19.307 5.4.269 5.10.210 + carnil> 5.15.149 6.1.77 6.6.16 6.7.4 6.8-rc1. +Bugs: +upstream: released (6.9-rc1) [21ec68234826b1b54ab980a8df6e33c74cfbee58] +6.8-upstream-stable: released (6.8.2) [f26091a981318b5b7451d61f99bc073a6af8db67] +6.6-upstream-stable: released (6.6.23) [8844b2f8a3f0c428b74672f9726f9950b1a7764c] +6.1-upstream-stable: released (6.1.83) [fe4de493572a4263554903bf9c3afc5c196e15f0] +5.10-upstream-stable: needed +4.19-upstream-stable: needed +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-27033 b/active/CVE-2024-27033 new file mode 100644 index 00000000..d8af9f85 --- /dev/null +++ b/active/CVE-2024-27033 @@ -0,0 +1,16 @@ +Description: f2fs: fix to remove unnecessary f2fs_bug_on() to avoid panic +References: +Notes: + carnil> Introduced in 18792e64c86d ("f2fs: support fault injection for + carnil> f2fs_is_valid_blkaddr()"). Vulnerable versions: 6.2-rc1. +Bugs: +upstream: released (6.9-rc1) [b896e302f79678451a94769ddd9e52e954c64fbb] +6.8-upstream-stable: released (6.8.2) [abe98a05e7162f64759bf9111108ebcb11322dec] +6.6-upstream-stable: released (6.6.23) [0386408036bfc8b50296d9e544ff91c4d52af2db] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27034 b/active/CVE-2024-27034 new file mode 100644 index 00000000..8018d776 --- /dev/null +++ b/active/CVE-2024-27034 @@ -0,0 +1,16 @@ +Description: f2fs: compress: fix to cover normal cluster write with cp_rwsem +References: +Notes: + carnil> Introduced in 4c8ff7095bef ("f2fs: support data compression"). Vulnerable + carnil> versions: 5.6-rc1. +Bugs: +upstream: released (6.9-rc1) [fd244524c2cf07b5f4c3fe8abd6a99225c76544b] +6.8-upstream-stable: released (6.8.2) [52982edfcefd475cc34af663d5c47c0cddaa5739] +6.6-upstream-stable: released (6.6.23) [75abfd61392b1db391bde6d738a30d685b843286] +6.1-upstream-stable: released (6.1.83) [542c8b3c774a480bfd0804291a12f6f2391b0cd1] +5.10-upstream-stable: needed +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27035 b/active/CVE-2024-27035 new file mode 100644 index 00000000..35376519 --- /dev/null +++ b/active/CVE-2024-27035 @@ -0,0 +1,16 @@ +Description: f2fs: compress: fix to guarantee persisting compressed blocks by CP +References: +Notes: + carnil> Introduced in 4c8ff7095bef ("f2fs: support data compression"). Vulnerable + carnil> versions: 5.6-rc1. +Bugs: +upstream: released (6.9-rc1) [8a430dd49e9cb021372b0ad91e60aeef9c6ced00] +6.8-upstream-stable: released (6.8.2) [57e8b17d0522c8f4daf0c4d9969b4d7358033532] +6.6-upstream-stable: released (6.6.23) [82704e598d7b33c7e45526e34d3c585426319bed] +6.1-upstream-stable: released (6.1.83) [e54cce8137258a550b49cae45d09e024821fb28d] +5.10-upstream-stable: needed +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27036 b/active/CVE-2024-27036 new file mode 100644 index 00000000..caa4e371 --- /dev/null +++ b/active/CVE-2024-27036 @@ -0,0 +1,16 @@ +Description: cifs: Fix writeback data corruption +References: +Notes: + carnil> Introduced in d08089f649a0 ("cifs: Change the I/O paths to use an iterator + carnil> rather than a page list"). Vulnerable versions: 6.3-rc1. +Bugs: +upstream: released (6.9-rc1) [f3dc1bdb6b0b0693562c7c54a6c28bafa608ba3c] +6.8-upstream-stable: released (6.8.2) [844b4e132f57f1333dc79feaa035075a096762e4] +6.6-upstream-stable: released (6.6.23) [e45deec35bf7f1f4f992a707b2d04a8c162f2240] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27037 b/active/CVE-2024-27037 new file mode 100644 index 00000000..ef4b0847 --- /dev/null +++ b/active/CVE-2024-27037 @@ -0,0 +1,16 @@ +Description: clk: zynq: Prevent null pointer dereference caused by kmalloc failure +References: +Notes: + carnil> Introduced in 0ee52b157b8e ("clk: zynq: Add clock controller driver"). + carnil> Vulnerable versions: 3.11-rc1. +Bugs: +upstream: released (6.9-rc1) [7938e9ce39d6779d2f85d822cc930f73420e54a6] +6.8-upstream-stable: released (6.8.2) [58a946ab43501f2eba058d24d96af0ad1122475b] +6.6-upstream-stable: released (6.6.23) [0801c893fd48cdba66a3c8f44c3fe43cc67d3b85] +6.1-upstream-stable: released (6.1.83) [8c4889a9ea861d7be37463c10846eb75e1b49c9d] +5.10-upstream-stable: needed +4.19-upstream-stable: needed +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-27038 b/active/CVE-2024-27038 new file mode 100644 index 00000000..1c13db61 --- /dev/null +++ b/active/CVE-2024-27038 @@ -0,0 +1,16 @@ +Description: clk: Fix clk_core_get NULL dereference +References: +Notes: + carnil> Introduced in dde4eff47c82 ("clk: Look for parents with clkdev based + carnil> clk_lookups"). Vulnerable versions: 5.2-rc1. +Bugs: +upstream: released (6.9-rc1) [e97fe4901e0f59a0bfd524578fe3768f8ca42428] +6.8-upstream-stable: released (6.8.2) [6f073b24a9e2becd25ac4505a9780a87e621bb51] +6.6-upstream-stable: released (6.6.23) [a5d9b1aa61b401867b9066d54086b3e4ee91f8ed] +6.1-upstream-stable: released (6.1.83) [a8b2b26fdd011ebe36d68a9a321ca45801685959] +5.10-upstream-stable: released (5.10.214) [239174535dba11f7b83de0eaaa27909024f8c185] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27039 b/active/CVE-2024-27039 new file mode 100644 index 00000000..47053f0e --- /dev/null +++ b/active/CVE-2024-27039 @@ -0,0 +1,16 @@ +Description: clk: hisilicon: hi3559a: Fix an erroneous devm_kfree() +References: +Notes: + carnil> Introduced in 6c81966107dc ("clk: hisilicon: Add clock driver for hi3559A + carnil> SoC"). Vulnerable versions: 5.14-rc1. +Bugs: +upstream: released (6.9-rc1) [64c6a38136b74a2f18c42199830975edd9fbc379] +6.8-upstream-stable: released (6.8.2) [d575765b1b62e8bdb00af11caa1aabeb01763d9f] +6.6-upstream-stable: released (6.6.23) [95d1f1228c1bb54803ae57525b76db60e99b37e4] +6.1-upstream-stable: released (6.1.83) [e0b0d1c46a2ce1e46b79d004a7270fdef872e097] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27040 b/active/CVE-2024-27040 new file mode 100644 index 00000000..df6f4b43 --- /dev/null +++ b/active/CVE-2024-27040 @@ -0,0 +1,16 @@ +Description: drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()' +References: +Notes: + carnil> Introduced in c7ddc0a800bc ("drm/amd/display: Add Functions to enable Freesync + carnil> Panel Replay"). Vulnerable versions: 6.6-rc1. +Bugs: +upstream: released (6.9-rc1) [f6aed043ee5d75b3d1bfc452b1a9584b63c8f76b] +6.8-upstream-stable: released (6.8.2) [d0e94f4807ff0df66cf447d6b4bbb8ac830e99c3] +6.6-upstream-stable: released (6.6.23) [f610c46771ef1047e46d61807aa7c69cd29e63d8] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27041 b/active/CVE-2024-27041 new file mode 100644 index 00000000..5bcb5d58 --- /dev/null +++ b/active/CVE-2024-27041 @@ -0,0 +1,16 @@ +Description: drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini() +References: +Notes: + carnil> Introduced in 81927e2808be ("drm/amd/display: Support for DMUB AUX"). + carnil> Vulnerable versions: 5.14-rc1. +Bugs: +upstream: released (6.9-rc1) [2a3cfb9a24a28da9cc13d2c525a76548865e182c] +6.8-upstream-stable: released (6.8.2) [1c62697e4086de988b31124fb8c79c244ea05f2b] +6.6-upstream-stable: released (6.6.23) [e040f1fbe9abae91b12b074cfc3bbb5367b79811] +6.1-upstream-stable: needed +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: needed +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27042 b/active/CVE-2024-27042 new file mode 100644 index 00000000..ce0a3726 --- /dev/null +++ b/active/CVE-2024-27042 @@ -0,0 +1,16 @@ +Description: drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' +References: +Notes: + carnil> Introduced in a0ccc717c4ab ("drm/amdgpu/discovery: validate VCN and SDMA + carnil> instances"). Vulnerable versions: 5.19-rc1. +Bugs: +upstream: released (6.9-rc1) [cdb637d339572398821204a1142d8d615668f1e9] +6.8-upstream-stable: released (6.8.2) [8db10cee51e3e11a6658742465edc21986cf1e8d] +6.6-upstream-stable: released (6.6.23) [8f3e68c6a3fff53c2240762a47a0045d89371775] +6.1-upstream-stable: needed +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: needed +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27043 b/active/CVE-2024-27043 new file mode 100644 index 00000000..53568c89 --- /dev/null +++ b/active/CVE-2024-27043 @@ -0,0 +1,16 @@ +Description: media: edia: dvbdev: fix a use-after-free +References: +Notes: + carnil> Introduced in b61901024776 ("V4L/DVB (5244): Dvbdev: fix illegal re-usage of + carnil> fileoperations struct"). Vulnerable versions: 2.6.20.2. +Bugs: +upstream: released (6.9-rc1) [8c64f4cdf4e6cc5682c52523713af8c39c94e6d5] +6.8-upstream-stable: released (6.8.2) [b7586e902128e4fb7bfbb661cb52e4215a65637b] +6.6-upstream-stable: released (6.6.23) [779e8db7efb22316c8581d6c229636d2f5694a62] +6.1-upstream-stable: released (6.1.83) [437a111f79a2f5b2a5f21e27fdec6f40c8768712] +5.10-upstream-stable: released (5.10.214) [096237039d00c839f3e3a5fe6d001bf0db45b644] +4.19-upstream-stable: released (4.19.311) [d0f5c28333822f9baa5280d813124920720fd856] +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-27044 b/active/CVE-2024-27044 new file mode 100644 index 00000000..f02c4cd5 --- /dev/null +++ b/active/CVE-2024-27044 @@ -0,0 +1,16 @@ +Description: drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' +References: +Notes: + carnil> Introduced in ddef02de0d71 ("drm/amd/display: add null checks before logging"). + carnil> Vulnerable versions: 5.4-rc1. +Bugs: +upstream: released (6.9-rc1) [9ccfe80d022df7c595f1925afb31de2232900656] +6.8-upstream-stable: released (6.8.2) [7874ab3105ca4657102fee1cc14b0af70883c484] +6.6-upstream-stable: released (6.6.23) [2d9fe7787af01188dc470a649bdbb842d6511fd7] +6.1-upstream-stable: released (6.1.83) [29fde8895b2fcc33f44aea28c644ce2d9b62f9e0] +5.10-upstream-stable: released (5.10.214) [330caa061af53ea6d287d7c43d0703714e510e08] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27045 b/active/CVE-2024-27045 new file mode 100644 index 00000000..7fd2190e --- /dev/null +++ b/active/CVE-2024-27045 @@ -0,0 +1,16 @@ +Description: drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' +References: +Notes: + carnil> Introduced in c06e09b76639 ("drm/amd/display: Add DSC parameters logging to + carnil> debugfs"). Vulnerable versions: 5.9-rc1. +Bugs: +upstream: released (6.9-rc1) [4b09715f1504f1b6e8dff0e9643630610bc05141] +6.8-upstream-stable: released (6.8.2) [cf114d8d4a8d78df272116a745bb43b48cef65f4] +6.6-upstream-stable: released (6.6.23) [ad76fd30557d6a106c481e4606a981221ca525f7] +6.1-upstream-stable: released (6.1.83) [d346b3e5b25c95d504478507eb867cd3818775ab] +5.10-upstream-stable: released (5.10.214) [ff28893c96c5e0927a4da10cd24a3522ca663515] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27046 b/active/CVE-2024-27046 new file mode 100644 index 00000000..caaf7003 --- /dev/null +++ b/active/CVE-2024-27046 @@ -0,0 +1,16 @@ +Description: nfp: flower: handle acti_netdevs allocation failure +References: +Notes: + carnil> Introduced in bb9a8d031140 ("nfp: flower: monitor and offload LAG groups"). + carnil> Vulnerable versions: 4.18-rc1. +Bugs: +upstream: released (6.9-rc1) [84e95149bd341705f0eca6a7fcb955c548805002] +6.8-upstream-stable: released (6.8.2) [9d8eb1238377cd994829f9162ae396a84ae037b2] +6.6-upstream-stable: released (6.6.23) [408ba7fd04f959c61b50db79c983484312fea642] +6.1-upstream-stable: released (6.1.83) [c9b4e220dd18f79507803f38a55d53b483f6c9c3] +5.10-upstream-stable: released (5.10.214) [928705e341010dd910fdece61ccb974f494a758f] +4.19-upstream-stable: released (4.19.311) [d746889db75a76aeee95fb705b8e1ac28c684a2e] +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-27047 b/active/CVE-2024-27047 new file mode 100644 index 00000000..9f52ffa9 --- /dev/null +++ b/active/CVE-2024-27047 @@ -0,0 +1,16 @@ +Description: net: phy: fix phy_get_internal_delay accessing an empty array +References: +Notes: + carnil> Introduced in 92252eec913b ("net: phy: Add a helper to return the index for of + carnil> the internal delay"). Vulnerable versions: 5.9-rc1. +Bugs: +upstream: released (6.9-rc1) [4469c0c5b14a0919f5965c7ceac96b523eb57b79] +6.8-upstream-stable: released (6.8.2) [0307cf443308ecc6be9b2ca312bb31bae5e5a7ad] +6.6-upstream-stable: released (6.6.23) [589ec16174dd9378953b8232ae76fad0a96e1563] +6.1-upstream-stable: released (6.1.83) [2a2ff709511617de9c6c072eeee82bcbbdfecaf8] +5.10-upstream-stable: released (5.10.214) [06dd21045a7e8bc8701b0ebedcd9a30a6325878b] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27048 b/active/CVE-2024-27048 new file mode 100644 index 00000000..e50f6d98 --- /dev/null +++ b/active/CVE-2024-27048 @@ -0,0 +1,16 @@ +Description: wifi: brcm80211: handle pmk_op allocation failure +References: +Notes: + carnil> Introduced in a96202acaea4 ("wifi: brcmfmac: cfg80211: Add support for PMKID_V3 + carnil> operations"). Vulnerable versions: 6.4-rc1. +Bugs: +upstream: released (6.9-rc1) [b4152222e04cb8afeeca239c90e3fcaf4c553b42] +6.8-upstream-stable: released (6.8.2) [6138a82f3bccfc67ed7ac059493579fc326c02e5] +6.6-upstream-stable: released (6.6.23) [df62e22c2e27420e8990a4f09e30d7bf56c2036f] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27049 b/active/CVE-2024-27049 new file mode 100644 index 00000000..34edc9f8 --- /dev/null +++ b/active/CVE-2024-27049 @@ -0,0 +1,16 @@ +Description: wifi: mt76: mt7925e: fix use-after-free in free_irq() +References: +Notes: + carnil> Introduced in c948b5da6bbe ("wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for + carnil> mt7925 chips"). Vulnerable versions: 6.7-rc1. +Bugs: +upstream: released (6.9-rc1) [a5a5f4413d91f395cb2d89829d376d7393ad48b9] +6.8-upstream-stable: released (6.8.2) [6d9930096e1f13cf6d9aabfbf95d0e05fb04144f] +6.6-upstream-stable: N/A "Vulnerable code not present" +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27050 b/active/CVE-2024-27050 new file mode 100644 index 00000000..42ccec02 --- /dev/null +++ b/active/CVE-2024-27050 @@ -0,0 +1,16 @@ +Description: libbpf: Use OPTS_SET() macro in bpf_xdp_query() +References: +Notes: + carnil> Introduced in 13ce2daa259a ("xsk: add new netlink attribute dedicated for ZC + carnil> max frags"). Vulnerable versions: 6.6-rc1. +Bugs: +upstream: released (6.9-rc1) [92a871ab9fa59a74d013bc04f321026a057618e7] +6.8-upstream-stable: released (6.8.2) [cd3be9843247edb8fc6fcd8d8237cbce2bc19f5e] +6.6-upstream-stable: released (6.6.23) [fa5bef5e80c6a3321b2b1a7070436f3bc5daf07c] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27051 b/active/CVE-2024-27051 new file mode 100644 index 00000000..133ff54e --- /dev/null +++ b/active/CVE-2024-27051 @@ -0,0 +1,16 @@ +Description: cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value +References: +Notes: + carnil> Introduced in de322e085995 ("cpufreq: brcmstb-avs-cpufreq: AVS CPUfreq driver + carnil> for Broadcom STB SoCs"). Vulnerable versions: 4.10-rc1. +Bugs: +upstream: released (6.9-rc1) [f661017e6d326ee187db24194cabb013d81bc2a6] +6.8-upstream-stable: released (6.8.2) [e6e3e51ffba0784782b1a076d7441605697ea3c6] +6.6-upstream-stable: released (6.6.23) [b25b64a241d769e932a022e5c780cf135ef56035] +6.1-upstream-stable: released (6.1.83) [e72160cb6e23b78b41999d6885a34ce8db536095] +5.10-upstream-stable: released (5.10.214) [9127599c075caff234359950117018a010dd01db] +4.19-upstream-stable: needed +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-27052 b/active/CVE-2024-27052 new file mode 100644 index 00000000..8ccce55b --- /dev/null +++ b/active/CVE-2024-27052 @@ -0,0 +1,16 @@ +Description: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work +References: +Notes: + carnil> Introduced in e542e66b7c2e ("rtl8xxxu: add bluetooth co-existence support for + carnil> single antenna"). Vulnerable versions: 5.5-rc1. +Bugs: +upstream: released (6.9-rc1) [1213acb478a7181cd73eeaf00db430f1e45b1361] +6.8-upstream-stable: released (6.8.2) [58fe3bbddfec10c6b216096d8c0e517cd8463e3a] +6.6-upstream-stable: released (6.6.23) [156012667b85ca7305cb363790d3ae8519a6f41e] +6.1-upstream-stable: released (6.1.83) [3518cea837de4d106efa84ddac18a07b6de1384e] +5.10-upstream-stable: released (5.10.214) [dddedfa3b29a63c2ca4336663806a6128b8545b4] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27053 b/active/CVE-2024-27053 new file mode 100644 index 00000000..d9a97b89 --- /dev/null +++ b/active/CVE-2024-27053 @@ -0,0 +1,16 @@ +Description: wifi: wilc1000: fix RCU usage in connect path +References: +Notes: + carnil> Introduced in c460495ee072 ("staging: wilc1000: fix incorrent type in + carnil> initializer"). Vulnerable versions: 5.1-rc1. +Bugs: +upstream: released (6.9-rc1) [205c50306acf58a335eb19fa84e40140f4fe814f] +6.8-upstream-stable: released (6.8.2) [dd50d3ead6e3707bb0a5df7cc832730c93ace3a7] +6.6-upstream-stable: released (6.6.23) [4bfd20d5f5c62b5495d6c0016ee6933bd3add7ce] +6.1-upstream-stable: released (6.1.83) [745003b5917b610352f52fe0d11ef658d6471ec2] +5.10-upstream-stable: released (5.10.214) [b4bbf38c350acb6500cbe667b1e2e68f896e4b38] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27054 b/active/CVE-2024-27054 new file mode 100644 index 00000000..31a2367c --- /dev/null +++ b/active/CVE-2024-27054 @@ -0,0 +1,16 @@ +Description: s390/dasd: fix double module refcount decrement +References: +Notes: + carnil> Introduced in c020d722b110 ("s390/dasd: fix panic during offline processing"). + carnil> Vulnerable versions: 4.9-rc1. +Bugs: +upstream: released (6.9-rc1) [c3116e62ddeff79cae342147753ce596f01fcf06] +6.8-upstream-stable: released (6.8.2) [ebc5a3bd79e54f98c885c26f0862a27a02c487c5] +6.6-upstream-stable: released (6.6.23) [ec09bcab32fc4765e0cc97e1b72cdd067135f37e] +6.1-upstream-stable: released (6.1.83) [ad999aa18103fa038787b6a8a55020abcf34df1a] +5.10-upstream-stable: needed +4.19-upstream-stable: needed +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-27055 b/active/CVE-2024-27055 new file mode 100644 index 00000000..2b0d5a5a --- /dev/null +++ b/active/CVE-2024-27055 @@ -0,0 +1,17 @@ +Description: workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active() +References: +Notes: + carnil> Introduced in 5797b1c18919 ("workqueue: Implement system-wide nr_active + carnil> enforcement for unbound workqueues"). Vulnerable versions: 6.6.25 6.7.11 6.8.4 + carnil> 6.9-rc1. +Bugs: +upstream: released (6.9-rc1) [15930da42f8981dc42c19038042947b475b19f47] +6.8-upstream-stable: released (6.8.4) [adc646d2126988a64234502f579e4bc2b080d7cf] +6.6-upstream-stable: released (6.6.25) [a75ac2693d734d20724f0e10e039ca85f1fcfc4e] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27056 b/active/CVE-2024-27056 new file mode 100644 index 00000000..ebde3ad9 --- /dev/null +++ b/active/CVE-2024-27056 @@ -0,0 +1,15 @@ +Description: wifi: iwlwifi: mvm: ensure offloading TID queue exists +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (6.8-rc7) [78f65fbf421a61894c14a1b91fe2fb4437b3fe5f] +6.8-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: needed +6.1-upstream-stable: needed +5.10-upstream-stable: needed +4.19-upstream-stable: needed +sid: released (6.7.12-1) +6.1-bookworm-security: needed +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-27057 b/active/CVE-2024-27057 new file mode 100644 index 00000000..b2b377a5 --- /dev/null +++ b/active/CVE-2024-27057 @@ -0,0 +1,15 @@ +Description: ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (6.8-rc5) [c40aad7c81e5fba34b70123ed7ce3397fa62a4d2] +6.8-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: released (6.6.23) [3cac6eebea9b4bc5f041e157e45c76e212ad6759] +6.1-upstream-stable: needed +5.10-upstream-stable: needed +4.19-upstream-stable: needed +sid: released (6.7.12-1) +6.1-bookworm-security: needed +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-27058 b/active/CVE-2024-27058 new file mode 100644 index 00000000..d7f30129 --- /dev/null +++ b/active/CVE-2024-27058 @@ -0,0 +1,16 @@ +Description: tmpfs: fix race on handling dquot rbtree +References: +Notes: + carnil> Introduced in eafc474e2029 ("shmem: prepare shmem quota infrastructure"). + carnil> Vulnerable versions: 6.6-rc1. +Bugs: +upstream: released (6.9-rc2) [0a69b6b3a026543bc215ccc866d0aea5579e6ce2] +6.8-upstream-stable: released (6.8.3) [f82f184874d2761ebaa60dccf577921a0dbb3810] +6.6-upstream-stable: released (6.6.24) [c7077f43f30d817d10a9f8245e51576ac114b2f0] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27059 b/active/CVE-2024-27059 new file mode 100644 index 00000000..ca14ef44 --- /dev/null +++ b/active/CVE-2024-27059 @@ -0,0 +1,16 @@ +Description: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command +References: +Notes: + carnil> Introduced in 1da177e4c3f4 ("Linux-2.6.12-rc2"). Vulnerable versions: + carnil> 2.6.12-rc2^0. +Bugs: +upstream: released (6.8) [014bcf41d946b36a8f0b8e9b5d9529efbb822f49] +6.8-upstream-stable: released (6.8) [014bcf41d946b36a8f0b8e9b5d9529efbb822f49] +6.6-upstream-stable: released (6.6.24) [871fd7b10b56d280990b7e754f43d888382ca325] +6.1-upstream-stable: released (6.1.84) [f42ba916689f5c7b1642092266d2f53cf527aaaa] +5.10-upstream-stable: released (5.10.215) [284fb1003d5da111019b9e0bf99b084fd71ac133] +4.19-upstream-stable: released (4.19.312) [9968c701cba7eda42e5f0052b040349d6222ae34] +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-27060 b/active/CVE-2024-27060 new file mode 100644 index 00000000..cc9e53c6 --- /dev/null +++ b/active/CVE-2024-27060 @@ -0,0 +1,16 @@ +Description: thunderbolt: Fix NULL pointer dereference in tb_port_update_credits() +References: +Notes: + carnil> Introduced in 81af2952e606 ("thunderbolt: Add support for asymmetric link"). + carnil> Vulnerable versions: 6.7-rc1. +Bugs: +upstream: released (6.8) [d3d17e23d1a0d1f959b4fa55b35f1802d9c584fa] +6.8-upstream-stable: released (6.8) [d3d17e23d1a0d1f959b4fa55b35f1802d9c584fa] +6.6-upstream-stable: N/A "Vulnerable code not present" +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27061 b/active/CVE-2024-27061 new file mode 100644 index 00000000..cf18512f --- /dev/null +++ b/active/CVE-2024-27061 @@ -0,0 +1,16 @@ +Description: crypto: sun8i-ce - Fix use after free in unprepare +References: +Notes: + carnil> Introduced in 4136212ab18e ("crypto: sun8i-ce - Remove prepare/unprepare + carnil> request"). Vulnerable versions: 6.6-rc1. +Bugs: +upstream: released (6.8) [183420038444547c149a0fc5f58e792c2752860c] +6.8-upstream-stable: released (6.8) [183420038444547c149a0fc5f58e792c2752860c] +6.6-upstream-stable: released (6.6.24) [dc60b25540c82fc4baa95d1458ae96ead21859e0] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27062 b/active/CVE-2024-27062 new file mode 100644 index 00000000..352184c5 --- /dev/null +++ b/active/CVE-2024-27062 @@ -0,0 +1,15 @@ +Description: nouveau: lock the client object tree. +References: +Notes: + carnil> First introducing commit could not be determined. +Bugs: +upstream: released (6.8) [b7cc4ff787a572edf2c55caeffaa88cd801eb135] +6.8-upstream-stable: released (6.8) [b7cc4ff787a572edf2c55caeffaa88cd801eb135] +6.6-upstream-stable: released (6.6.24) [6887314f5356389fc219b8152e951ac084a10ef7] +6.1-upstream-stable: needed +5.10-upstream-stable: needed +4.19-upstream-stable: needed +sid: released (6.7.12-1) +6.1-bookworm-security: needed +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-27063 b/active/CVE-2024-27063 new file mode 100644 index 00000000..2b8afb63 --- /dev/null +++ b/active/CVE-2024-27063 @@ -0,0 +1,16 @@ +Description: leds: trigger: netdev: Fix kernel panic on interface rename trig notify +References: +Notes: + carnil> Introduced in d5e01266e7f5 ("leds: trigger: netdev: add additional specific + carnil> link speed mode"). Vulnerable versions: 6.5-rc1. +Bugs: +upstream: released (6.9-rc1) [415798bc07dd1c1ae3a656aa026580816e0b9fe8] +6.8-upstream-stable: released (6.8.3) [3f360227cb46edb2cd2494128e1e06ed5768a62e] +6.6-upstream-stable: released (6.6.24) [10f2af1af8ab8a7064f193446abd5579d3def7e3] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27064 b/active/CVE-2024-27064 new file mode 100644 index 00000000..c9c7b2d7 --- /dev/null +++ b/active/CVE-2024-27064 @@ -0,0 +1,16 @@ +Description: netfilter: nf_tables: Fix a memory leak in nf_tables_updchain +References: +Notes: + carnil> Introduced in b9703ed44ffb ("netfilter: nf_tables: support for adding new + carnil> devices to an existing netdev chain"). Vulnerable versions: 6.3.3 6.4-rc1. +Bugs: +upstream: released (6.9-rc1) [7eaf837a4eb5f74561e2486972e7f5184b613f6e] +6.8-upstream-stable: released (6.8.2) [e77a6b53a3a547b6dedfc40c37cee4f310701090] +6.6-upstream-stable: released (6.6.23) [79846fdcc548d617b0b321addc6a3821d3b75b20] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27065 b/active/CVE-2024-27065 new file mode 100644 index 00000000..9bef68d3 --- /dev/null +++ b/active/CVE-2024-27065 @@ -0,0 +1,16 @@ +Description: netfilter: nf_tables: do not compare internal table flags on updates +References: +Notes: + carnil> Introduced in 179d9ba5559a ("netfilter: nf_tables: fix table flag updates"). + carnil> Vulnerable versions: 5.4.262 5.10.202 5.13-rc5. +Bugs: +upstream: released (6.9-rc1) [4a0e7f2decbf9bd72461226f1f5f7dcc4b08f139] +6.8-upstream-stable: released (6.8.2) [df257c435e51651c43b86326d112ddadda76350e] +6.6-upstream-stable: released (6.6.23) [4d37f12707ee965d338028732575f0b85f6d9e4f] +6.1-upstream-stable: released (6.1.83) [9683cb6c2c6c0f45537bf0b8868b5d38fcb63fc7] +5.10-upstream-stable: released (5.10.214) [fcf32a5bfcb8a57ac0ce717fcfa4d688c91f1005] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27066 b/active/CVE-2024-27066 new file mode 100644 index 00000000..23a9f5f0 --- /dev/null +++ b/active/CVE-2024-27066 @@ -0,0 +1,16 @@ +Description: virtio: packed: fix unmap leak for indirect desc table +References: +Notes: + carnil> Introduced in b319940f83c2 ("virtio_ring: skip unmap for premapped"). + carnil> Vulnerable versions: 6.6-rc1. +Bugs: +upstream: released (6.9-rc1) [d5c0ed17fea60cca9bc3bf1278b49ba79242bbcd] +6.8-upstream-stable: released (6.8.2) [51bacd9d29bf98c3ebc65e4a0477bb86306b4140] +6.6-upstream-stable: released (6.6.23) [e142169aca5546ae6619c39a575cda8105362100] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27067 b/active/CVE-2024-27067 new file mode 100644 index 00000000..e9112c2b --- /dev/null +++ b/active/CVE-2024-27067 @@ -0,0 +1,16 @@ +Description: xen/evtchn: avoid WARN() when unbinding an event channel +References: +Notes: + carnil> Introduced in 9e90e58c11b7 ("xen: evtchn: Allow shared registration of IRQ + carnil> handers"). Vulnerable versions: 6.6.19 6.7-rc1. +Bugs: +upstream: released (6.9-rc1) [51c23bd691c0f1fb95b29731c356c6fd69925d17] +6.8-upstream-stable: released (6.8.2) [9e2d4b58c1da48a32905802aaeadba7084b46895] +6.6-upstream-stable: released (6.6.23) [99e425032c6ec13584d3cd33846e0c7307501b47] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27068 b/active/CVE-2024-27068 new file mode 100644 index 00000000..90c0f06e --- /dev/null +++ b/active/CVE-2024-27068 @@ -0,0 +1,16 @@ +Description: thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path +References: +Notes: + carnil> Introduced in f5f633b18234 ("thermal/drivers/mediatek: Add the Low Voltage + carnil> Thermal Sensor driver"). Vulnerable versions: 6.3-rc1. +Bugs: +upstream: released (6.9-rc1) [ca93bf607a44c1f009283dac4af7df0d9ae5e357] +6.8-upstream-stable: released (6.8.2) [9b02197596671800dd934609384b1aca7c6ad218] +6.6-upstream-stable: released (6.6.23) [2db869da91afd48e5b9ec76814709be49662b07d] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27069 b/active/CVE-2024-27069 new file mode 100644 index 00000000..aafce61c --- /dev/null +++ b/active/CVE-2024-27069 @@ -0,0 +1,16 @@ +Description: ovl: relax WARN_ON in ovl_verify_area() +References: +Notes: + carnil> Introduced in ca7ab482401c ("ovl: add permission hooks outside of + carnil> do_splice_direct()"). Vulnerable versions: 6.8-rc1. +Bugs: +upstream: released (6.9-rc1) [77a28aa476873048024ad56daf8f4f17d58ee48e] +6.8-upstream-stable: released (6.8.2) [c3c85aefc0da1e5074a06c682542a54ccc99bdca] +6.6-upstream-stable: N/A "Vulnerable code not present" +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: needed +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27070 b/active/CVE-2024-27070 new file mode 100644 index 00000000..3e40da4a --- /dev/null +++ b/active/CVE-2024-27070 @@ -0,0 +1,16 @@ +Description: f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault +References: +Notes: + carnil> Introduced in 87f3afd366f7 ("f2fs: add tracepoint for f2fs_vm_page_mkwrite()"). + carnil> Vulnerable versions: 6.8-rc1. +Bugs: +upstream: released (6.9-rc1) [eb70d5a6c932d9d23f4bb3e7b83782c21ac4b064] +6.8-upstream-stable: released (6.8.2) [8186e16a766d709a08f188d2f4e84098f364bea1] +6.6-upstream-stable: N/A "Vulnerable code not present" +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: needed +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27071 b/active/CVE-2024-27071 new file mode 100644 index 00000000..9ba2d477 --- /dev/null +++ b/active/CVE-2024-27071 @@ -0,0 +1,16 @@ +Description: backlight: hx8357: Fix potential NULL pointer dereference +References: +Notes: + carnil> Introduced in 7d84a63a39b7 ("backlight: hx8357: Convert to agnostic GPIO API"). + carnil> Vulnerable versions: 6.8-rc1. +Bugs: +upstream: released (6.9-rc1) [b1ba8bcb2d1ffce11b308ce166c9cc28d989e3b9] +6.8-upstream-stable: released (6.8.2) [67e578c8ff2d7df03bf8ca9a7f5436b1796f6ad1] +6.6-upstream-stable: N/A "Vulnerable code not present" +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: needed +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27072 b/active/CVE-2024-27072 new file mode 100644 index 00000000..efe34542 --- /dev/null +++ b/active/CVE-2024-27072 @@ -0,0 +1,18 @@ +Description: media: usbtv: Remove useless locks in usbtv_video_free() +References: +Notes: + carnil> Introduced in c838530d230b ("media: media videobuf2: Be more flexible on the + carnil> number of queue stored buffers") + carnil> f3d27f34fdd7 ("[media] usbtv: Add driver for Fushicai USBTV007 video frame + carnil> grabber"). Vulnerable versions: 3.11-rc1. +Bugs: +upstream: released (6.9-rc1) [65e6a2773d655172143cc0b927cdc89549842895] +6.8-upstream-stable: released (6.8.2) [3e7d82ebb86e94643bdb30b0b5b077ed27dce1c2] +6.6-upstream-stable: needed +6.1-upstream-stable: needed +5.10-upstream-stable: needed +4.19-upstream-stable: needed +sid: needed +6.1-bookworm-security: needed +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-27073 b/active/CVE-2024-27073 new file mode 100644 index 00000000..dbc5974f --- /dev/null +++ b/active/CVE-2024-27073 @@ -0,0 +1,16 @@ +Description: media: ttpci: fix two memleaks in budget_av_attach +References: +Notes: + carnil> Introduced in 1da177e4c3f4 ("Linux-2.6.12-rc2"). Vulnerable versions: + carnil> 2.6.12-rc2^0. +Bugs: +upstream: released (6.9-rc1) [d0b07f712bf61e1a3cf23c87c663791c42e50837] +6.8-upstream-stable: released (6.8.2) [656b8cc123d7635dd399d9f02594f27aa797ac3c] +6.6-upstream-stable: released (6.6.23) [7393c681f9aa05ffe2385e8716989565eed2fe06] +6.1-upstream-stable: released (6.1.83) [55ca0c7eae8499bb96f4e5d9b26af95e89c4e6a0] +5.10-upstream-stable: released (5.10.214) [910363473e4bf97da3c350e08d915546dd6cc30b] +4.19-upstream-stable: needed +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-27074 b/active/CVE-2024-27074 new file mode 100644 index 00000000..8d105938 --- /dev/null +++ b/active/CVE-2024-27074 @@ -0,0 +1,16 @@ +Description: media: go7007: fix a memleak in go7007_load_encoder +References: +Notes: + carnil> Introduced in 95ef39403f89 ("[media] go7007: remember boot firmware"). + carnil> Vulnerable versions: 3.10-rc1. +Bugs: +upstream: released (6.9-rc1) [b9b683844b01d171a72b9c0419a2d760d946ee12] +6.8-upstream-stable: released (6.8.2) [7405a0d4442792988e9ae834e7d84f9d163731a4] +6.6-upstream-stable: released (6.6.23) [f31c1cc37411f5f7bcb266133f9a7e1b4bdf2975] +6.1-upstream-stable: released (6.1.83) [e04d15c8bb3e111dd69f98894acd92d63e87aac3] +5.10-upstream-stable: released (5.10.214) [b49fe84c6cefcc1c2336d793b53442e716c95073] +4.19-upstream-stable: released (4.19.311) [7f11dd3d165b178e738fe73dfeea513e383bedb5] +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-27075 b/active/CVE-2024-27075 new file mode 100644 index 00000000..3b4923f7 --- /dev/null +++ b/active/CVE-2024-27075 @@ -0,0 +1,16 @@ +Description: media: dvb-frontends: avoid stack overflow warnings with clang +References: +Notes: + carnil> Introduced in 3cd890dbe2a4 ("media: dvb-frontends: fix i2c access helpers for + carnil> KASAN"). Vulnerable versions: 4.4.168 4.9.82 4.14.20 4.15.4 4.16-rc1. +Bugs: +upstream: released (6.9-rc1) [7a4cf27d1f0538f779bf31b8c99eda394e277119] +6.8-upstream-stable: released (6.8.2) [ed514ecf4f29c80a2f09ae3c877059b401efe893] +6.6-upstream-stable: released (6.6.23) [8fad9c5bb00d3a9508d18bbfe832e33a47377730] +6.1-upstream-stable: released (6.1.83) [107052a8cfeff3a97326277192b4f052e4860a8a] +5.10-upstream-stable: released (5.10.214) [fb07104a02e87c06c39914d13ed67fd8f839ca82] +4.19-upstream-stable: released (4.19.311) [c073c8cede5abd3836e83d70d72606d11d0759d4] +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-27076 b/active/CVE-2024-27076 new file mode 100644 index 00000000..6adcf2af --- /dev/null +++ b/active/CVE-2024-27076 @@ -0,0 +1,16 @@ +Description: media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak +References: +Notes: + carnil> Introduced in a8ef0488cc59 ("media: imx: add csc/scaler mem2mem device"). + carnil> Vulnerable versions: 5.4-rc1. +Bugs: +upstream: released (6.9-rc1) [4797a3dd46f220e6d83daf54d70c5b33db6deb01] +6.8-upstream-stable: released (6.8.2) [6c92224721a439d6350db5933a1060768dcd565e] +6.6-upstream-stable: released (6.6.23) [d164ddc21e986dd9ad614b4b01746e5457aeb24f] +6.1-upstream-stable: released (6.1.83) [8df9a3c7044b847e9c4dc7e683fd64c6b873f328] +5.10-upstream-stable: released (5.10.214) [5d9fe604bf9b5b09d2215225df55f22a4cbbc684] +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27077 b/active/CVE-2024-27077 new file mode 100644 index 00000000..3828e542 --- /dev/null +++ b/active/CVE-2024-27077 @@ -0,0 +1,16 @@ +Description: media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity +References: +Notes: + carnil> Introduced in be2fff656322 ("media: add helpers for memory-to-memory media + carnil> controller"). Vulnerable versions: 4.19-rc1. +Bugs: +upstream: released (6.9-rc1) [8f94b49a5b5d386c038e355bef6347298aabd211] +6.8-upstream-stable: released (6.8.2) [9c23ef30e840fedc66948299509f6c2777c9cf4f] +6.6-upstream-stable: released (6.6.23) [90029b9c979b60de5cb2b70ade4bbf61d561bc5d] +6.1-upstream-stable: released (6.1.83) [0c9550b032de48d6a7fa6a4ddc09699d64d9300d] +5.10-upstream-stable: released (5.10.214) [afd2a82fe300032f63f8be5d6cd6981e75f8bbf2] +4.19-upstream-stable: released (4.19.311) [3dd8abb0ed0e0a7c66d6d677c86ccb188cc39333] +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-27078 b/active/CVE-2024-27078 new file mode 100644 index 00000000..055b0be5 --- /dev/null +++ b/active/CVE-2024-27078 @@ -0,0 +1,16 @@ +Description: media: v4l2-tpg: fix some memleaks in tpg_alloc +References: +Notes: + carnil> Introduced in 63881df94d3e ("[media] vivid: add the Test Pattern Generator"). + carnil> Vulnerable versions: 3.18-rc1. +Bugs: +upstream: released (6.9-rc1) [8cf9c5051076e0eb958f4361d50d8b0c3ee6691c] +6.8-upstream-stable: released (6.8.2) [622b1cf38521569869c8f7b9fbe9e4f1a289add7] +6.6-upstream-stable: released (6.6.23) [4c86c772fef06f5d7a66151bac42366825db0941] +6.1-upstream-stable: released (6.1.83) [6bf5c2fade8ed53b2d26fa9875e5b04f36c7145d] +5.10-upstream-stable: released (5.10.214) [94303a06e1852a366e9671fff46d19459f88cb28] +4.19-upstream-stable: released (4.19.311) [0de691ff547d86dd54c24b40a81f9c925df8dd77] +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-27079 b/active/CVE-2024-27079 new file mode 100644 index 00000000..e514edc1 --- /dev/null +++ b/active/CVE-2024-27079 @@ -0,0 +1,16 @@ +Description: iommu/vt-d: Fix NULL domain on device release +References: +Notes: + carnil> Introduced in 586081d3f6b1 ("iommu/vt-d: Remove DEFER_DEVICE_DOMAIN_INFO"). + carnil> Vulnerable versions: 5.18-rc1. +Bugs: +upstream: released (6.9-rc1) [81e921fd321614c2ad8ac333b041aae1da7a1c6d] +6.8-upstream-stable: released (6.8.2) [333fe86968482ca701c609af590003bcea450e8f] +6.6-upstream-stable: needed +6.1-upstream-stable: needed +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: needed +6.1-bookworm-security: needed +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27080 b/active/CVE-2024-27080 new file mode 100644 index 00000000..b262d485 --- /dev/null +++ b/active/CVE-2024-27080 @@ -0,0 +1,16 @@ +Description: btrfs: fix race when detecting delalloc ranges during fiemap +References: +Notes: + carnil> Introduced in b0ad381fa769 ("btrfs: fix deadlock with fiemap and extent + carnil> locking"). Vulnerable versions: 6.6.24 6.7.12 6.8-rc6. +Bugs: +upstream: released (6.9-rc1) [978b63f7464abcfd364a6c95f734282c50f3decf] +6.8-upstream-stable: released (6.8.2) [ced63fffd63072c0ca55d5a451010d71bf08c0b3] +6.6-upstream-stable: released (6.6.26) [49d640d2946c35a17b051d54171a032dd95b0f50] +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: needed +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27388 b/active/CVE-2024-27388 new file mode 100644 index 00000000..962cb73e --- /dev/null +++ b/active/CVE-2024-27388 @@ -0,0 +1,16 @@ +Description: SUNRPC: fix some memleaks in gssx_dec_option_array +References: +Notes: + carnil> Introduced in 1d658336b05f ("SUNRPC: Add RPC based upcall mechanism for RPCGSS + carnil> auth"). Vulnerable versions: 3.10-rc1. +Bugs: +upstream: released (6.9-rc1) [3cfcfc102a5e57b021b786a755a38935e357797d] +6.8-upstream-stable: released (6.8.2) [996997d1fb2126feda550d6adcedcbd94911fc69] +6.6-upstream-stable: released (6.6.23) [5e6013ae2c8d420faea553d363935f65badd32c3] +6.1-upstream-stable: released (6.1.83) [934212a623cbab851848b6de377eb476718c3e4c] +5.10-upstream-stable: released (5.10.214) [bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8] +4.19-upstream-stable: released (4.19.311) [b97c37978ca825557d331c9012e0c1ddc0e42364] +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: needed diff --git a/active/CVE-2024-27389 b/active/CVE-2024-27389 new file mode 100644 index 00000000..88344fd1 --- /dev/null +++ b/active/CVE-2024-27389 @@ -0,0 +1,16 @@ +Description: pstore: inode: Only d_invalidate() is needed +References: +Notes: + carnil> Introduced in 609e28bb139e ("pstore: Remove filesystem records when backend is + carnil> unregistered"). Vulnerable versions: 5.8-rc1. +Bugs: +upstream: released (6.9-rc1) [a43e0fc5e9134a46515de2f2f8d4100b74e50de3] +6.8-upstream-stable: released (6.8.2) [340682ed1932b8e3bd0bfc6c31a0c6354eb57cc6] +6.6-upstream-stable: released (6.6.23) [4cdf9006fc095af71da80e9b5f48a32e991b9ed3] +6.1-upstream-stable: released (6.1.83) [db6e5e16f1ee9e3b01d2f71c7f0ba945f4bf0f4e] +5.10-upstream-stable: needed +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: needed +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27390 b/active/CVE-2024-27390 new file mode 100644 index 00000000..d7515f2f --- /dev/null +++ b/active/CVE-2024-27390 @@ -0,0 +1,16 @@ +Description: ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down() +References: +Notes: + carnil> Introduced in f185de28d9ae ("mld: add new workqueues for process mld events"). + carnil> Vulnerable versions: 5.13-rc1. +Bugs: +upstream: released (6.9-rc1) [17ef8efc00b34918b966388b2af0993811895a8c] +6.8-upstream-stable: released (6.8.2) [5da9a218340a2bc804dc4327e5804392e24a0b88] +6.6-upstream-stable: released (6.6.23) [26d4bac55750d535f1f0b8790dc26daf6089e373] +6.1-upstream-stable: released (6.1.83) [a03ede2282ebbd181bd6f5c38cbfcb5765afcd04] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27391 b/active/CVE-2024-27391 new file mode 100644 index 00000000..020ab76d --- /dev/null +++ b/active/CVE-2024-27391 @@ -0,0 +1,16 @@ +Description: wifi: wilc1000: do not realloc workqueue everytime an interface is added +References: +Notes: + carnil> Introduced in 09ed8bfc5215 ("wilc1000: Rename workqueue from "WILC_wq" to + carnil> "NETDEV-wq""). Vulnerable versions: 5.17-rc1. +Bugs: +upstream: released (6.9-rc1) [328efda22af81130c2ad981c110518cb29ff2f1d] +6.8-upstream-stable: released (6.8.2) [9ab0c303ccabfd6bdce14432792d41090070008c] +6.6-upstream-stable: released (6.6.23) [4041c60a9d543b3ad50225385b072ba68e96166e] +6.1-upstream-stable: released (6.1.83) [515cc676dfbce40d93c92b1ff3c1070e917f4e52] +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: released (6.7.12-1) +6.1-bookworm-security: released (6.1.85-1) +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-27392 b/active/CVE-2024-27392 new file mode 100644 index 00000000..71207821 --- /dev/null +++ b/active/CVE-2024-27392 @@ -0,0 +1,16 @@ +Description: nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse() +References: +Notes: + carnil> Introduced in a1a825ab6a60 ("nvme: add csi, ms and nuse to sysfs"). Vulnerable + carnil> versions: 6.8-rc1. +Bugs: +upstream: released (6.9-rc1) [8d0d2447394b13fb22a069f0330f9c49b7fff9d3] +6.8-upstream-stable: released (6.8.2) [534f9dc7fe495b3f9cc84363898ac50c5a25fccb] +6.6-upstream-stable: N/A "Vulnerable code not present" +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: needed +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" |