Add new set of CVEs

2 files changed, 32 insertions, 0 deletions

diff --git a/active/CVE-2024-26653 b/active/CVE-2024-26653
new file mode 100644
index 00000000..3be12779
--- /dev/null
+++ b/active/CVE-2024-26653
@@ -0,0 +1,16 @@
+Description: usb: misc: ljca: Fix double free in error handling path
+References:
+Notes:
+ carnil> Introduced in acd6199f195d ("usb: Add support for Intel LJCA device").
+ carnil> Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.9-rc2) [7c9631969287a5366bc8e39cd5abff154b35fb80]
+6.7-upstream-stable: needed
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26654 b/active/CVE-2024-26654
new file mode 100644
index 00000000..db46fe20
--- /dev/null
+++ b/active/CVE-2024-26654
@@ -0,0 +1,16 @@
+Description: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
+References:
+Notes:
+ carnil> Introduced in 198de43d758c ("[ALSA] Add ALSA support for the SEGA Dreamcast PCM
+ carnil> device"). Vulnerable versions: 2.6.23-rc1.
+Bugs:
+upstream: released (6.9-rc2) [051e0840ffa8ab25554d6b14b62c9ab9e4901457]
+6.7-upstream-stable: needed
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed