From 2ca0986f9a259576c770519c1968bf4507f4a912 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Mon, 1 Apr 2024 11:45:21 +0200 Subject: Add new set of CVEs --- active/CVE-2024-26653 | 16 ++++++++++++++++ active/CVE-2024-26654 | 16 ++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 active/CVE-2024-26653 create mode 100644 active/CVE-2024-26654 (limited to 'active') diff --git a/active/CVE-2024-26653 b/active/CVE-2024-26653 new file mode 100644 index 00000000..3be12779 --- /dev/null +++ b/active/CVE-2024-26653 @@ -0,0 +1,16 @@ +Description: usb: misc: ljca: Fix double free in error handling path +References: +Notes: + carnil> Introduced in acd6199f195d ("usb: Add support for Intel LJCA device"). + carnil> Vulnerable versions: 6.7-rc1. +Bugs: +upstream: released (6.9-rc2) [7c9631969287a5366bc8e39cd5abff154b35fb80] +6.7-upstream-stable: needed +6.6-upstream-stable: N/A "Vulnerable code not present" +6.1-upstream-stable: N/A "Vulnerable code not present" +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +sid: needed +6.1-bookworm-security: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2024-26654 b/active/CVE-2024-26654 new file mode 100644 index 00000000..db46fe20 --- /dev/null +++ b/active/CVE-2024-26654 @@ -0,0 +1,16 @@ +Description: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs +References: +Notes: + carnil> Introduced in 198de43d758c ("[ALSA] Add ALSA support for the SEGA Dreamcast PCM + carnil> device"). Vulnerable versions: 2.6.23-rc1. +Bugs: +upstream: released (6.9-rc2) [051e0840ffa8ab25554d6b14b62c9ab9e4901457] +6.7-upstream-stable: needed +6.6-upstream-stable: needed +6.1-upstream-stable: needed +5.10-upstream-stable: needed +4.19-upstream-stable: needed +sid: needed +6.1-bookworm-security: needed +5.10-bullseye-security: needed +4.19-buster-security: needed -- cgit v1.2.3