Add batch of CVEs from CNA

107 files changed, 1812 insertions, 0 deletions

diff --git a/active/CVE-2023-52642 b/active/CVE-2023-52642
new file mode 100644
index 00000000..7da5fab5
--- /dev/null
+++ b/active/CVE-2023-52642
@@ -0,0 +1,16 @@
+Description: media: rc: bpf attach/detach requires write permission
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc5) [6a9d552483d50953320b9d3b57abdee8d436f23f]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [caf2da1d4562de4e35eedec0be2b7f1ee25d83be]
+6.6-upstream-stable: released (6.6.18) [93136132d1b5792bf44151e3494ae3691cd738e8]
+6.1-upstream-stable: released (6.1.79) [9f6087851ec6dce5b15f694aeaf3e8ec8243224e]
+5.10-upstream-stable: released (5.10.210) [93d8109bf182510629bbefc8cd45296d2393987f]
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52643 b/active/CVE-2023-52643
new file mode 100644
index 00000000..633bd7b8
--- /dev/null
+++ b/active/CVE-2023-52643
@@ -0,0 +1,17 @@
+Description: iio: core: fix memleak in iio_device_register_sysfs
+References:
+Notes:
+ carnil> Introduced in 32f171724e5c ("iio: core: rework iio device group creation").
+ carnil> Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (6.8-rc5) [95a0d596bbd0552a78e13ced43f2be1038883c81]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [3db312e06851996e7fb27cb5a8ccab4c0f9cdb93]
+6.6-upstream-stable: released (6.6.18) [b90126c86d83912688501826643ea698f0df1728]
+6.1-upstream-stable: released (6.1.79) [359f220d0e753bba840eac19ffedcdc816b532f2]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-52644 b/active/CVE-2023-52644
new file mode 100644
index 00000000..54adefe0
--- /dev/null
+++ b/active/CVE-2023-52644
@@ -0,0 +1,17 @@
+Description: wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
+References:
+Notes:
+ carnil> Introduced in e6f5b934fba8 ("b43: Add QOS support"). Vulnerable versions:
+ carnil> 2.6.26-rc1.
+Bugs:
+upstream: released (6.9-rc1) [9636951e4468f02c72cc75a82dc65d003077edbc]
+6.8-upstream-stable: released (6.8.2) [f1cf77bb870046a6111a604f7f7fe83d1c8c9610]
+6.7-upstream-stable: released (6.7.11) [4049a9f80513a6739c5677736a4c88f96df1b436]
+6.6-upstream-stable: released (6.6.23) [bc845e2e42cae95172c04bf29807c480f51a2a83]
+6.1-upstream-stable: released (6.1.83) [c67698325c68f8768db858f5c87c34823421746d]
+5.10-upstream-stable: released (5.10.214) [49f067726ab01c87cf57566797a8a719badbbf08]
+4.19-upstream-stable: released (4.19.311) [1824f942527f784a19e01eac2d9679a21623d010]
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52645 b/active/CVE-2023-52645
new file mode 100644
index 00000000..21a17a4e
--- /dev/null
+++ b/active/CVE-2023-52645
@@ -0,0 +1,17 @@
+Description: pmdomain: mediatek: fix race conditions with genpd
+References:
+Notes:
+ carnil> Introduced in 59b644b01cf4 ("soc: mediatek: Add MediaTek SCPSYS power
+ carnil> domains"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (6.8-rc4) [c41336f4d69057cbf88fed47951379b384540df5]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [3cd1d92ee1dbf3e8f988767eb75f26207397792b]
+6.6-upstream-stable: released (6.6.18) [f83b9abee9faa4868a6fac4669b86f4c215dae25]
+6.1-upstream-stable: released (6.1.80) [339ddc983bc1622341d95f244c361cda3da3a4ff]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26818 b/active/CVE-2024-26818
new file mode 100644
index 00000000..722dee94
--- /dev/null
+++ b/active/CVE-2024-26818
@@ -0,0 +1,17 @@
+Description: tools/rtla: Fix clang warning about mount_point var size
+References:
+Notes:
+ carnil> Introduced in a957cbc02531 ("rtla: Add -C cgroup support"). Vulnerable
+ carnil> versions: 6.5-rc1.
+Bugs:
+upstream: released (6.8-rc5) [30369084ac6e27479a347899e74f523e6ca29b89]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [6bdd43f62ab3bb5a306af7f0ab857af45777f5a8]
+6.6-upstream-stable: released (6.6.18) [8a585914c266dc044f53b5c83c170f79b45fcf9a]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26819 b/active/CVE-2024-26819
new file mode 100644
index 00000000..aaeaf9e3
--- /dev/null
+++ b/active/CVE-2024-26819
@@ -0,0 +1,16 @@
+Description: dm: limit the number of targets and parameter size area
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc3) [bd504bcfec41a503b32054da5472904b404341a4]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [cd70175481f63af31901dd463e44386f033c3f4c]
+6.6-upstream-stable: released (6.6.18) [438d19492b7f002334573bae43276297eb234c80]
+6.1-upstream-stable: released (6.1.79) [c5d83ac2bf6ca668a39ffb1a576899a66153ba19]
+5.10-upstream-stable: released (5.10.210) [a891a0621e725e85529985139cada8cb5a74a116]
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26820 b/active/CVE-2024-26820
new file mode 100644
index 00000000..94fa9bf9
--- /dev/null
+++ b/active/CVE-2024-26820
@@ -0,0 +1,18 @@
+Description: hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
+References:
+Notes:
+ carnil> Introduced in 85520856466e ("hv_netvsc: Fix race of register_netdevice_notifier
+ carnil> and VF register"). Vulnerable versions: 4.19.301 5.4.263 5.10.203 5.15.141
+ carnil> 6.1.65 6.6.4 6.7-rc3.
+Bugs:
+upstream: released (6.8-rc4) [9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [4d29a58d96a78728cb01ee29ed70dc4bd642f135]
+6.6-upstream-stable: released (6.6.18) [a71302c8638939c45e4ba5a99ea438185fd3f418]
+6.1-upstream-stable: released (6.1.79) [309ef7de5d840e17607e7d65cbf297c0564433ef]
+5.10-upstream-stable: released (5.10.213) [5b10a88f64c0315cfdef45de0aaaa4eef57de0b7]
+4.19-upstream-stable: released (4.19.310) [bcb7164258d0a9a8aa2e73ddccc2d78f67d2519d]
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26821 b/active/CVE-2024-26821
new file mode 100644
index 00000000..593b2723
--- /dev/null
+++ b/active/CVE-2024-26821
@@ -0,0 +1,16 @@
+Description: fs: relax mount_setattr() permission checks
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc5) [46f5ab762d048dad224436978315cbc2fa79c630]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [2a7a31e1fb9717845d9d5e2a8c6e48848147801e]
+6.6-upstream-stable: released (6.6.18) [31f71f2d7a081fc6c6bdf06865beedf6db5b0ca4]
+6.1-upstream-stable: released (6.1.79) [95de4ad173ca0e61034f3145d66917970961c210]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26822 b/active/CVE-2024-26822
new file mode 100644
index 00000000..57bab0c7
--- /dev/null
+++ b/active/CVE-2024-26822
@@ -0,0 +1,17 @@
+Description: smb: client: set correct id, uid and cruid for multiuser automounts
+References:
+Notes:
+ carnil> Introduced in 9fd29a5bae6e ("cifs: use fs_context for automounts"). Vulnerable
+ carnil> versions: 5.15.124 6.1.54 6.2-rc1.
+Bugs:
+upstream: released (6.8-rc5) [4508ec17357094e2075f334948393ddedbb75157]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [7590ba9057c6d74c66f3b909a383ec47cd2f27fb]
+6.6-upstream-stable: released (6.6.18) [c2aa2718cda2d56b4a551cb40043e9abc9684626]
+6.1-upstream-stable: needed
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26823 b/active/CVE-2024-26823
new file mode 100644
index 00000000..91df8a97
--- /dev/null
+++ b/active/CVE-2024-26823
@@ -0,0 +1,17 @@
+Description: irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems
+References:
+Notes:
+ carnil> Introduced in 9585a495ac93 ("irqchip/gic-v3-its: Split allocation from
+ carnil> initialisation of its_node"). Vulnerable versions: 6.6-rc6.
+Bugs:
+upstream: released (6.8-rc5) [8b02da04ad978827e5ccd675acf170198f747a7a]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [4c60c611441f1f1e5de8e00e98ee5a4970778a00]
+6.6-upstream-stable: released (6.6.18) [91a80fff3eeed928b6fba21271f6a9719b22a5d8]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26824 b/active/CVE-2024-26824
new file mode 100644
index 00000000..f30aef4d
--- /dev/null
+++ b/active/CVE-2024-26824
@@ -0,0 +1,17 @@
+Description: crypto: algif_hash - Remove bogus SGL free on zero-length error path
+References:
+Notes:
+ carnil> Introduced in b6d972f68983 ("crypto: af_alg/hash: Fix recvmsg() after
+ carnil> sendmsg(MSG_MORE)"). Vulnerable versions: 6.5-rc1.
+Bugs:
+upstream: released (6.8-rc4) [24c890dd712f6345e382256cae8c97abb0406b70]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [775f3c1882a493168e08fdb8cde0865c8f3a8a29]
+6.6-upstream-stable: released (6.6.18) [9c82920359b7c1eddaf72069bcfe0ffddf088cd0]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26825 b/active/CVE-2024-26825
new file mode 100644
index 00000000..4bf3fe82
--- /dev/null
+++ b/active/CVE-2024-26825
@@ -0,0 +1,17 @@
+Description: nfc: nci: free rx_data_reassembly skb on NCI device cleanup
+References:
+Notes:
+ carnil> Introduced in 6a2968aaf50c ("NFC: basic NCI protocol implementation").
+ carnil> Vulnerable versions: 3.2-rc1.
+Bugs:
+upstream: released (6.8-rc3) [bfb007aebe6bff451f7f3a4be19f4f286d0d5d9c]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [a3d90fb5c23f29ba59c04005ae76c5228cef2be9]
+6.6-upstream-stable: released (6.6.18) [16d3f507b0fa70453dc54550df093d6e9ac630c1]
+6.1-upstream-stable: released (6.1.79) [5c0c5ffaed73cbae6c317374dc32ba6cacc60895]
+5.10-upstream-stable: released (5.10.210) [2f6d16f0520d6505241629ee2f5c131b547d5f9d]
+4.19-upstream-stable: released (4.19.307) [7e9a8498658b398bf11b8e388005fa54e40aed81]
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26826 b/active/CVE-2024-26826
new file mode 100644
index 00000000..eba87e14
--- /dev/null
+++ b/active/CVE-2024-26826
@@ -0,0 +1,17 @@
+Description: mptcp: fix data re-injection from stale subflow
+References:
+Notes:
+ carnil> Introduced in 1e1d9d6f119c ("mptcp: handle pending data on closed subflow").
+ carnil> Vulnerable versions: 5.15-rc1.
+Bugs:
+upstream: released (6.8-rc3) [b6c620dc43ccb4e802894e54b651cf81495e9598]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [624902eab7abcb8731b333ec73f206d38d839cd8]
+6.6-upstream-stable: released (6.6.18) [b609c783c535493aa3fca22c7e40a120370b1ca5]
+6.1-upstream-stable: released (6.1.79) [6673d9f1c2cd984390550dbdf7d5ae07b20abbf8]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26827 b/active/CVE-2024-26827
new file mode 100644
index 00000000..001696fe
--- /dev/null
+++ b/active/CVE-2024-26827
@@ -0,0 +1,17 @@
+Description: i2c: qcom-geni: Correct I2C TRE sequence
+References:
+Notes:
+ carnil> Introduced in d8703554f4de ("i2c: qcom-geni: Add support for GPI DMA").
+ carnil> Vulnerable versions: 5.18-rc1.
+Bugs:
+upstream: released (6.8-rc5) [83ef106fa732aea8558253641cd98e8a895604d7]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [9318483e99f242ec4059e2fa20887e1d28efd5ae]
+6.6-upstream-stable: released (6.6.18) [0589dff4fbf4a7b88a909a34ecfa7b5d3daf51f5]
+6.1-upstream-stable: released (6.1.79) [083870b029c06da6a9a49340dd78637eec35a1d4]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26828 b/active/CVE-2024-26828
new file mode 100644
index 00000000..9a2b8d7c
--- /dev/null
+++ b/active/CVE-2024-26828
@@ -0,0 +1,17 @@
+Description: cifs: fix underflow in parse_server_interfaces()
+References:
+Notes:
+ carnil> Introduced in fe856be475f7 ("CIFS: parse and store info on iface queries").
+ carnil> Vulnerable versions: 4.18-rc2.
+Bugs:
+upstream: released (6.8-rc5) [cffe487026be13eaf37ea28b783d9638ab147204]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [df2af9fdbc4ddde18a3371c4ca1a86596e8be301]
+6.6-upstream-stable: released (6.6.18) [f7ff1c89fb6e9610d2b01c1821727729e6609308]
+6.1-upstream-stable: released (6.1.79) [7190353835b4a219abb70f90b06cdcae97f11512]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26829 b/active/CVE-2024-26829
new file mode 100644
index 00000000..a1c24cd0
--- /dev/null
+++ b/active/CVE-2024-26829
@@ -0,0 +1,17 @@
+Description: media: ir_toy: fix a memleak in irtoy_tx
+References:
+Notes:
+ carnil> Introduced in 4114978dcd24 ("media: ir_toy: prevent device from hanging during
+ carnil> transmit"). Vulnerable versions: 5.15.54 5.16-rc1.
+Bugs:
+upstream: released (6.8-rc5) [dc9ceb90c4b42c6e5c6757df1d6257110433788e]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [b37259448bbc70af1d0e52a9dd5559a9c29c9621]
+6.6-upstream-stable: released (6.6.18) [7219a692ffc00089015ada33b85b334d1a4b6e8e]
+6.1-upstream-stable: released (6.1.79) [be76ad74a43f90f340f9f479e6b04f02125f6aef]
+5.10-upstream-stable: released (5.10.210) [486a4176bc783df798bce2903824801af8d2c3ae]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26830 b/active/CVE-2024-26830
new file mode 100644
index 00000000..108ec428
--- /dev/null
+++ b/active/CVE-2024-26830
@@ -0,0 +1,18 @@
+Description: i40e: Do not allow untrusted VF to remove administratively set MAC
+References:
+Notes:
+ carnil> Introduced in 700bbf6c1f9e ("i40e: allow VF to remove any MAC filter")
+ carnil> ceb29474bbbc ("i40e: Add support for VF to specify its primary MAC address").
+ carnil> Vulnerable versions: 3.14-rc1.
+Bugs:
+upstream: released (6.8-rc5) [73d9629e1c8c1982f13688c4d1019c3994647ccc]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [d250a81ba813a93563be68072c563aa1e346346d]
+6.6-upstream-stable: released (6.6.18) [be147926140ac48022c9605d7ab0a67387e4b404]
+6.1-upstream-stable: released (6.1.79) [1c981792e4ccbc134b468797acdd7781959e6893]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26831 b/active/CVE-2024-26831
new file mode 100644
index 00000000..d57ef43b
--- /dev/null
+++ b/active/CVE-2024-26831
@@ -0,0 +1,17 @@
+Description: net/handshake: Fix handshake_req_destroy_test1
+References:
+Notes:
+ carnil> Introduced in 4a0f07d71b04 ("net/handshake: Fix memory leak in __sock_create()
+ carnil> and sock_alloc_file()"). Vulnerable versions: 6.5.6 6.6-rc3.
+Bugs:
+upstream: released (6.8-rc5) [4e1d71cabb19ec2586827adfc60d68689c68c194]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [7f97805b8df6e33850e225e6bd3ebd9e246920af]
+6.6-upstream-stable: released (6.6.18) [d74226e03df1bf19848f18344401f254345af912]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26832 b/active/CVE-2024-26832
new file mode 100644
index 00000000..01184caa
--- /dev/null
+++ b/active/CVE-2024-26832
@@ -0,0 +1,17 @@
+Description: mm: zswap: fix missing folio cleanup in writeback race path
+References:
+Notes:
+ carnil> Introduced in 04fc7816089c ("mm: fix zswap writeback race condition").
+ carnil> Vulnerable versions: 6.1.30 6.3.4 6.4-rc3.
+Bugs:
+upstream: released (6.8-rc6) [e3b63e966cac0bf78aaa1efede1827a252815a1d]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.7) [e2891c763aa2cff74dd6b5e978411ccf0cf94abe]
+6.6-upstream-stable: released (6.6.19) [6156277d1b26cb3fdb6fcbf0686ab78268571644]
+6.1-upstream-stable: released (6.1.80) [14f1992430ef9e647b02aa8ca12c5bcb9a1dffea]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26833 b/active/CVE-2024-26833
new file mode 100644
index 00000000..85987cfc
--- /dev/null
+++ b/active/CVE-2024-26833
@@ -0,0 +1,17 @@
+Description: drm/amd/display: Fix memory leak in dm_sw_fini()
+References:
+Notes:
+ carnil> Introduced in 743b9786b14a ("drm/amd/display: Hook up the DMUB service in DM").
+ carnil> Vulnerable versions: 5.6-rc1.
+Bugs:
+upstream: released (6.8-rc6) [bae67893578d608e35691dcdfa90c4957debf1d3]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.7) [541e79265ea7e339a7c4a462feafe9f8f996e04b]
+6.6-upstream-stable: released (6.6.19) [10c6b90e975358c17856a578419dc449887899c2]
+6.1-upstream-stable: released (6.1.80) [58168005337eabef345a872be3f87d0215ff3b30]
+5.10-upstream-stable: released (5.10.211) [b49b022f7dfce85eb77d0d987008fde5c01d7857]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26834 b/active/CVE-2024-26834
new file mode 100644
index 00000000..89c8861e
--- /dev/null
+++ b/active/CVE-2024-26834
@@ -0,0 +1,17 @@
+Description: netfilter: nft_flow_offload: release dst in case direct xmit path is used
+References:
+Notes:
+ carnil> Introduced in fa502c865666 ("netfilter: flowtable: simplify route logic").
+ carnil> Vulnerable versions: 5.15.150 6.1.80 6.5-rc1.
+Bugs:
+upstream: released (6.8-rc6) [8762785f459be1cfe6fcf7285c123aad6a3703f0]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.7) [2d17cf10179a7de6d8f0128168b84ad0b4a1863f]
+6.6-upstream-stable: released (6.6.19) [9256ab9232e35a16af9c30fa4e522e6d1bd3605a]
+6.1-upstream-stable: released (6.1.80) [a6cafdb49a7bbf4a88367db209703eee6941e023]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26835 b/active/CVE-2024-26835
new file mode 100644
index 00000000..a412d87b
--- /dev/null
+++ b/active/CVE-2024-26835
@@ -0,0 +1,17 @@
+Description: netfilter: nf_tables: set dormant flag on hook register failure
+References:
+Notes:
+ carnil> Introduced in 179d9ba5559a ("netfilter: nf_tables: fix table flag updates").
+ carnil> Vulnerable versions: 5.4.262 5.10.202 5.13-rc5.
+Bugs:
+upstream: released (6.8-rc6) [bccebf64701735533c8db37773eeacc6566cc8ec]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.7) [6f2496366426cec18ba53f1c7f6c3ac307ca6a95]
+6.6-upstream-stable: released (6.6.19) [f2135bbf14949687e96cabb13d8a91ae3deb9069]
+6.1-upstream-stable: released (6.1.80) [0c9302a6da262e6ab6a6c1d30f04a6130ed97376]
+5.10-upstream-stable: released (5.10.211) [31ea574aeca1aa488e18716459bde057217637af]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26836 b/active/CVE-2024-26836
new file mode 100644
index 00000000..25b23a95
--- /dev/null
+++ b/active/CVE-2024-26836
@@ -0,0 +1,17 @@
+Description: platform/x86: think-lmi: Fix password opcode ordering for workstations
+References:
+Notes:
+ carnil> Introduced in 640a5fa50a42 ("platform/x86: think-lmi: Opcode support").
+ carnil> Vulnerable versions: 5.17-rc1.
+Bugs:
+upstream: released (6.8-rc6) [6f7d0f5fd8e440c3446560100ac4ff9a55eec340]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.7) [2bfbe1e0aed00ba51d58573c79452fada3f62ed4]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26837 b/active/CVE-2024-26837
new file mode 100644
index 00000000..f59ee9e6
--- /dev/null
+++ b/active/CVE-2024-26837
@@ -0,0 +1,17 @@
+Description: net: bridge: switchdev: Skip MDB replays of deferred events on offload
+References:
+Notes:
+ carnil> Introduced in 4f2673b3a2b6 ("net: bridge: add helper to replay port and
+ carnil> host-joined mdb entries"). Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (6.8-rc6) [dc489f86257cab5056e747344f17a164f63bff4b]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.7) [e0b4c5b1d760008f1dd18c07c35af0442e54f9c8]
+6.6-upstream-stable: released (6.6.19) [603be95437e7fd85ba694e75918067fb9e7754db]
+6.1-upstream-stable: released (6.1.80) [2d5b4b3376fa146a23917b8577064906d643925f]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26838 b/active/CVE-2024-26838
new file mode 100644
index 00000000..37c3434d
--- /dev/null
+++ b/active/CVE-2024-26838
@@ -0,0 +1,17 @@
+Description: RDMA/irdma: Fix KASAN issue with tasklet
+References:
+Notes:
+ carnil> Introduced in 44d9e52977a1 ("RDMA/irdma: Implement device initialization
+ carnil> definitions"). Vulnerable versions: 5.14-rc1.
+Bugs:
+upstream: released (6.8-rc6) [bd97cea7b18a0a553773af806dfbfac27a7c4acb]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.7) [0ae8ad0013978f7471f22bcf45b027393e87f5dc]
+6.6-upstream-stable: released (6.6.19) [c6f1ca235f68b22b3e691b2ea87ac285e5946848]
+6.1-upstream-stable: released (6.1.80) [b2e4a5266e3d133b4c7f0e43bf40d13ce14fd1aa]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26839 b/active/CVE-2024-26839
new file mode 100644
index 00000000..2f3f2bcf
--- /dev/null
+++ b/active/CVE-2024-26839
@@ -0,0 +1,17 @@
+Description: IB/hfi1: Fix a memleak in init_credit_return
+References:
+Notes:
+ carnil> Introduced in 7724105686e7 ("IB/hfi1: add driver files"). Vulnerable versions:
+ carnil> 4.3-rc1.
+Bugs:
+upstream: released (6.8-rc6) [809aa64ebff51eb170ee31a95f83b2d21efa32e2]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.7) [8412c86e89cc78d8b513cb25cf2157a2adf3670a]
+6.6-upstream-stable: released (6.6.19) [b41d0ade0398007fb746213f09903d52a920e896]
+6.1-upstream-stable: released (6.1.80) [f0d857ce31a6bc7a82afcdbadb8f7417d482604b]
+5.10-upstream-stable: released (5.10.211) [3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7]
+4.19-upstream-stable: released (4.19.308) [2e4f9f20b32658ef3724aa46f7aef4908d2609e3]
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26840 b/active/CVE-2024-26840
new file mode 100644
index 00000000..12042bf5
--- /dev/null
+++ b/active/CVE-2024-26840
@@ -0,0 +1,17 @@
+Description: cachefiles: fix memory leak in cachefiles_add_cache()
+References:
+Notes:
+ carnil> Introduced in 9ae326a69004 ("CacheFiles: A cache that backs onto a mounted
+ carnil> filesystem"). Vulnerable versions: 2.6.30-rc1.
+Bugs:
+upstream: released (6.8-rc6) [e21a2f17566cbd64926fb8f16323972f7a064444]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.7) [9cac69912052a4def571fedf1cb9bb4ec590e25a]
+6.6-upstream-stable: released (6.6.19) [38e921616320d159336b0ffadb09e9fb4945c7c3]
+6.1-upstream-stable: released (6.1.80) [8b218e2f0a27a9f09428b1847b4580640b9d1e58]
+5.10-upstream-stable: released (5.10.212) [43eccc5823732ba6daab2511ed32dfc545a666d8]
+4.19-upstream-stable: released (4.19.309) [cb5466783793e66272624cf71925ae1d1ba32083]
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26841 b/active/CVE-2024-26841
new file mode 100644
index 00000000..8b2528c9
--- /dev/null
+++ b/active/CVE-2024-26841
@@ -0,0 +1,16 @@
+Description: LoongArch: Update cpu_sibling_map when disabling nonboot CPUs
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc6) [752cd08da320a667a833803a8fd6bb266114cce5]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.7) [0d862db64d26c2905ba1a6a8561466b215b664c2]
+6.6-upstream-stable: released (6.6.19) [b1ec3d6b86fdd057559a5908e6668279bf770e0e]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26842 b/active/CVE-2024-26842
new file mode 100644
index 00000000..d3e97760
--- /dev/null
+++ b/active/CVE-2024-26842
@@ -0,0 +1,16 @@
+Description: scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc4) [b513d30d59bb383a6a5d6b533afcab2cee99a8f8]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.7) [a992425d18e5f7c48931121993c6c69426f2a8fb]
+6.6-upstream-stable: released (6.6.19) [7ac9e18f5d66087cd22751c5c5bf0090eb0038fe]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26843 b/active/CVE-2024-26843
new file mode 100644
index 00000000..69f84722
--- /dev/null
+++ b/active/CVE-2024-26843
@@ -0,0 +1,16 @@
+Description: efi: runtime: Fix potential overflow of soft-reserved region size
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc4) [de1034b38a346ef6be25fe8792f5d1e0684d5ff4]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.7) [156cb12ffdcf33883304f0db645e1eadae712fe0]
+6.6-upstream-stable: released (6.6.19) [cf3d6813601fe496de7f023435e31bfffa74ae70]
+6.1-upstream-stable: released (6.1.80) [700c3f642c32721f246e09d3a9511acf40ae42be]
+5.10-upstream-stable: released (5.10.211) [4fff3d735baea104017f2e3c245e27cdc79f2426]
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26844 b/active/CVE-2024-26844
new file mode 100644
index 00000000..d069de62
--- /dev/null
+++ b/active/CVE-2024-26844
@@ -0,0 +1,16 @@
+Description: block: Fix WARNING in _copy_from_iter
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc2) [13f3956eb5681a4045a8dfdef48df5dc4d9f58a6]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.7) [cbaf9be337f7da25742acfce325119e3395b1f1b]
+6.6-upstream-stable: released (6.6.19) [0f1bae071de9967602807472921829a54b2e5956]
+6.1-upstream-stable: released (6.1.80) [8fc80874103a5c20aebdc2401361aa01c817f75b]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26845 b/active/CVE-2024-26845
new file mode 100644
index 00000000..4a754369
--- /dev/null
+++ b/active/CVE-2024-26845
@@ -0,0 +1,16 @@
+Description: scsi: target: core: Add TMF to tmr_list handling
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [83ab68168a3d990d5ff39ab030ad5754cbbccb25]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.7) [bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f]
+6.6-upstream-stable: released (6.6.19) [36bc5040c863b44af06094b22f1e50059227b9cb]
+6.1-upstream-stable: released (6.1.80) [e717bd412001495f17400bfc09f606f1b594ef5a]
+5.10-upstream-stable: released (5.10.211) [168ed59170de1fd7274080fe102216162d6826cf]
+4.19-upstream-stable: released (4.19.308) [425a571a7e6fc389954cf2564e1edbba3740e171]
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26846 b/active/CVE-2024-26846
new file mode 100644
index 00000000..ae34b7a8
--- /dev/null
+++ b/active/CVE-2024-26846
@@ -0,0 +1,16 @@
+Description: nvme-fc: do not wait in vain when unloading module
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc3) [70fbfc47a392b98e5f8dba70c6efc6839205c982]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.7) [c0882c366418bf9c19e1ba7f270fe377a9bf5d67]
+6.6-upstream-stable: released (6.6.19) [baa6b7eb8c66486bd64608adc63fe03b30d3c0b9]
+6.1-upstream-stable: released (6.1.80) [085195aa90a924c79e35569bcdad860d764a8e17]
+5.10-upstream-stable: released (5.10.211) [4f2c95015ec2a1899161be6c0bdaecedd5a7bfb2]
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26847 b/active/CVE-2024-26847
new file mode 100644
index 00000000..deeb3770
--- /dev/null
+++ b/active/CVE-2024-26847
@@ -0,0 +1,17 @@
+Description: powerpc/rtas: use correct function name for resetting TCE tables
+References:
+Notes:
+ carnil> Introduced in 8252b88294d2 ("powerpc/rtas: improve function information
+ carnil> lookups"). Vulnerable versions: 6.3-rc1.
+Bugs:
+upstream: released (6.8-rc7) [fad87dbd48156ab940538f052f1820f4b6ed2819]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.9) [dd63817baf334888289877ab1db1d866af2a6479]
+6.6-upstream-stable: released (6.6.21) [6b6282d56b14879124416a23837af9bd52ae2dfb]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.9-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26848 b/active/CVE-2024-26848
new file mode 100644
index 00000000..b30c694d
--- /dev/null
+++ b/active/CVE-2024-26848
@@ -0,0 +1,18 @@
+Description: afs: Fix endless loop in directory parsing
+References:
+Notes:
+ carnil> Introduced in 57e9d49c5452 ("afs: Hide silly-rename files from userspace").
+ carnil> Vulnerable versions: 5.4.269 5.4.273 5.10.210 5.10.214 5.15.149 5.15.153 6.1.76
+ carnil> 6.1.83 6.6.15 6.6.23 6.7.3 6.7.11 6.8-rc2.
+Bugs:
+upstream: released (6.8-rc7) [5f7a07646655fb4108da527565dcdc80124b14c4]
+6.8-upstream-stable: released (6.8.2) [2afdd0cb02329464d77f3ec59468395c791a51a4]
+6.7-upstream-stable: released (6.7.11) [9c41f4935625218a2053a2dce1423c3054169809]
+6.6-upstream-stable: released (6.6.23) [106e14ca55a0acb3236ee98813a1d243f8aa2d05]
+6.1-upstream-stable: released (6.1.83) [76426abf9b980b46983f97de8e5b25047b4c9863]
+5.10-upstream-stable: released (5.10.214) [b94f434fe977689da4291dc21717790b9bd1c064]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26849 b/active/CVE-2024-26849
new file mode 100644
index 00000000..f64668a4
--- /dev/null
+++ b/active/CVE-2024-26849
@@ -0,0 +1,17 @@
+Description: netlink: add nla be16/32 types to minlen array
+References:
+Notes:
+ carnil> Introduced in ecaf75ffd5f5 ("netlink: introduce bigendian integer types").
+ carnil> Vulnerable versions: 6.1-rc4.
+Bugs:
+upstream: released (6.8-rc7) [9a0d18853c280f6a0ee99f91619f2442a17a323a]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.9) [7a9d14c63b35f89563c5ecbadf918ad64979712d]
+6.6-upstream-stable: released (6.6.21) [a2ab028151841cd833cb53eb99427e0cc990112d]
+6.1-upstream-stable: released (6.1.81) [0ac219c4c3ab253f3981f346903458d20bacab32]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.9-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26850 b/active/CVE-2024-26850
new file mode 100644
index 00000000..f7423a3e
--- /dev/null
+++ b/active/CVE-2024-26850
@@ -0,0 +1,17 @@
+Description: mm/debug_vm_pgtable: fix BUG_ON with pud advanced test
+References:
+Notes:
+ carnil> Introduced in 27af67f35631 ("powerpc/book3s64/mm: enable transparent pud
+ carnil> hugepage"). Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.8-rc7) [720da1e593b85a550593b415bf1d79a053133451]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.9) [eeeddf85fc58d48c58ad916e4ca12363ebd8ab21]
+6.6-upstream-stable: released (6.6.21) [d2a9510c0e39d06f5544075c13040407bdbf2803]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.9-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26851 b/active/CVE-2024-26851
new file mode 100644
index 00000000..c901ccfb
--- /dev/null
+++ b/active/CVE-2024-26851
@@ -0,0 +1,17 @@
+Description: netfilter: nf_conntrack_h323: Add protection for bmp length out of range
+References:
+Notes:
+ carnil> Introduced in 5e35941d9901 ("[NETFILTER]: Add H.323 conntrack/NAT helper").
+ carnil> Vulnerable versions: 2.6.17-rc1.
+Bugs:
+upstream: released (6.8) [767146637efc528b5e3d31297df115e85a2fd362]
+6.8-upstream-stable: released (6.8) [767146637efc528b5e3d31297df115e85a2fd362]
+6.7-upstream-stable: released (6.7.10) [80ee5054435a11c87c9a4f30f1ff750080c96416]
+6.6-upstream-stable: released (6.6.22) [014a807f1cc9c9d5173c1cd935835553b00d211c]
+6.1-upstream-stable: released (6.1.82) [39001e3c42000e7c2038717af0d33c32319ad591]
+5.10-upstream-stable: released (5.10.213) [ccd1108b16ab572d9bf635586b0925635dbd6bbc]
+4.19-upstream-stable: released (4.19.310) [98db42191329c679f4ca52bec0b319689e1ad8cb]
+sid: needed
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26852 b/active/CVE-2024-26852
new file mode 100644
index 00000000..2fb7606f
--- /dev/null
+++ b/active/CVE-2024-26852
@@ -0,0 +1,17 @@
+Description: net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
+References:
+Notes:
+ carnil> Introduced in 3b1137fe7482 ("net: ipv6: Change notifications for multipath add
+ carnil> to RTA_MULTIPATH"). Vulnerable versions: 4.11-rc1.
+Bugs:
+upstream: released (6.8) [685f7d531264599b3f167f1e94bbd22f120e5fab]
+6.8-upstream-stable: released (6.8) [685f7d531264599b3f167f1e94bbd22f120e5fab]
+6.7-upstream-stable: released (6.7.10) [61b34f73cdbdb8eaf9ea12e9e2eb3b29716c4dda]
+6.6-upstream-stable: released (6.6.22) [ed883060c38721ed828061f6c0c30e5147326c9a]
+6.1-upstream-stable: released (6.1.82) [394334fe2ae3b9f1e2332b873857e84cb28aac18]
+5.10-upstream-stable: released (5.10.213) [79ce2e54cc0ae366f45516c00bf1b19aa43e9abe]
+4.19-upstream-stable: released (4.19.310) [31ea5bcc7d4cd1423de6be327a2c034725704136]
+sid: needed
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26853 b/active/CVE-2024-26853
new file mode 100644
index 00000000..3dd61e01
--- /dev/null
+++ b/active/CVE-2024-26853
@@ -0,0 +1,17 @@
+Description: igc: avoid returning frame twice in XDP_REDIRECT
+References:
+Notes:
+ carnil> Introduced in 4ff320361092 ("igc: Add support for XDP_REDIRECT action").
+ carnil> Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (6.8) [ef27f655b438bed4c83680e4f01e1cde2739854b]
+6.8-upstream-stable: released (6.8) [ef27f655b438bed4c83680e4f01e1cde2739854b]
+6.7-upstream-stable: released (6.7.10) [1b3b8231386a572bac8cd5b6fd7e944b84f9bb1f]
+6.6-upstream-stable: released (6.6.22) [8df393af9e7e8dfd62e9c41dbaa4d2ff53bf794a]
+6.1-upstream-stable: released (6.1.82) [63a3c1f3c9ecc654d851e7906d05334cd0c236e2]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26854 b/active/CVE-2024-26854
new file mode 100644
index 00000000..c2a4b5df
--- /dev/null
+++ b/active/CVE-2024-26854
@@ -0,0 +1,17 @@
+Description: ice: fix uninitialized dplls mutex usage
+References:
+Notes:
+ carnil> Introduced in d7999f5ea64b ("ice: implement dpll interface to control cgu").
+ carnil> Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8) [9224fc86f1776193650a33a275cac628952f80a9]
+6.8-upstream-stable: released (6.8) [9224fc86f1776193650a33a275cac628952f80a9]
+6.7-upstream-stable: released (6.7.10) [db29ceff3e25c48907016da456a7cbee6310fd83]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26855 b/active/CVE-2024-26855
new file mode 100644
index 00000000..c30f481e
--- /dev/null
+++ b/active/CVE-2024-26855
@@ -0,0 +1,17 @@
+Description: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()
+References:
+Notes:
+ carnil> Introduced in b1edc14a3fbf ("ice: Implement ice_bridge_getlink and
+ carnil> ice_bridge_setlink"). Vulnerable versions: 4.20-rc1.
+Bugs:
+upstream: released (6.8) [06e456a05d669ca30b224b8ed962421770c1496c]
+6.8-upstream-stable: released (6.8) [06e456a05d669ca30b224b8ed962421770c1496c]
+6.7-upstream-stable: released (6.7.10) [0e296067ae0d74a10b4933601f9aa9f0ec8f157f]
+6.6-upstream-stable: released (6.6.22) [1a770927dc1d642b22417c3e668c871689fc58b3]
+6.1-upstream-stable: released (6.1.82) [afdd29726a6de4ba27cd15590661424c888dc596]
+5.10-upstream-stable: released (5.10.213) [37fe99016b12d32100ce670216816dba6c48b309]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26856 b/active/CVE-2024-26856
new file mode 100644
index 00000000..0c41c894
--- /dev/null
+++ b/active/CVE-2024-26856
@@ -0,0 +1,17 @@
+Description: net: sparx5: Fix use after free inside sparx5_del_mact_entry
+References:
+Notes:
+ carnil> Introduced in b37a1bae742f ("net: sparx5: add mactable support"). Vulnerable
+ carnil> versions: 5.14-rc1.
+Bugs:
+upstream: released (6.8) [89d72d4125e94aa3c2140fedd97ce07ba9e37674]
+6.8-upstream-stable: released (6.8) [89d72d4125e94aa3c2140fedd97ce07ba9e37674]
+6.7-upstream-stable: released (6.7.10) [71809805b95052ff551922f11660008fb3666025]
+6.6-upstream-stable: released (6.6.22) [e83bebb718fd1f42549358730e1206164e0861d6]
+6.1-upstream-stable: released (6.1.82) [0de693d68b0a18d5e256556c7c62d92cca35ad52]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26857 b/active/CVE-2024-26857
new file mode 100644
index 00000000..988a1bc3
--- /dev/null
+++ b/active/CVE-2024-26857
@@ -0,0 +1,17 @@
+Description: geneve: make sure to pull inner header in geneve_rx()
+References:
+Notes:
+ carnil> Introduced in 2d07dc79fe04 ("geneve: add initial netdev driver for GENEVE
+ carnil> tunnels"). Vulnerable versions: 4.2-rc1.
+Bugs:
+upstream: released (6.8) [1ca1ba465e55b9460e4e75dec9fff31e708fec74]
+6.8-upstream-stable: released (6.8) [1ca1ba465e55b9460e4e75dec9fff31e708fec74]
+6.7-upstream-stable: released (6.7.10) [048e16dee1fc609c1c85072ccd70bfd4b5fef6ca]
+6.6-upstream-stable: released (6.6.22) [0ece581d2a66e8e488c0d3b3e7b5760dbbfdbdd5]
+6.1-upstream-stable: released (6.1.82) [c0b22568a9d8384fd000cc49acb8f74bde40d1b5]
+5.10-upstream-stable: released (5.10.213) [c7137900691f5692fe3de54566ea7b30bb35d66c]
+4.19-upstream-stable: released (4.19.310) [e431c3227864b5646601c97f5f898d99472f2914]
+sid: needed
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26858 b/active/CVE-2024-26858
new file mode 100644
index 00000000..b4da2764
--- /dev/null
+++ b/active/CVE-2024-26858
@@ -0,0 +1,17 @@
+Description: net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map
+References:
+Notes:
+ carnil> Introduced in 7e3f3ba97e6c ("net/mlx5e: Track xmit submission to PTP WQ after
+ carnil> populating metadata map"). Vulnerable versions: 6.5.13 6.6.3 6.7-rc2.
+Bugs:
+upstream: released (6.8) [b7cf07586c40f926063d4d09f7de28ff82f62b2a]
+6.8-upstream-stable: released (6.8) [b7cf07586c40f926063d4d09f7de28ff82f62b2a]
+6.7-upstream-stable: released (6.7.10) [936ef086161ab89a7f38f7a0761d6a3063c3277e]
+6.6-upstream-stable: released (6.6.22) [d1f71615dbb305f14f3b756cce015d70d8667549]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26859 b/active/CVE-2024-26859
new file mode 100644
index 00000000..0d8961c4
--- /dev/null
+++ b/active/CVE-2024-26859
@@ -0,0 +1,17 @@
+Description: net/bnx2x: Prevent access to a freed page in page_pool
+References:
+Notes:
+ carnil> Introduced in 4cace675d687 ("bnx2x: Alloc 4k fragment for each rx ring buffer
+ carnil> element"). Vulnerable versions: 4.2-rc1.
+Bugs:
+upstream: released (6.9-rc1) [d27e2da94a42655861ca4baea30c8cd65546f25d]
+6.8-upstream-stable: released (6.8.2) [44f9f1abb0ecc43023225ab9539167facbabf0ec]
+6.7-upstream-stable: released (6.7.11) [c51f8b6930db3f259b8820b589f2459d2df3fc68]
+6.6-upstream-stable: released (6.6.23) [3a9f78b297e08ca8e88ae3ecff1f6fe2766dc5eb]
+6.1-upstream-stable: released (6.1.83) [cf7d8cba639ae792a42c2a137b495eac262ac36c]
+5.10-upstream-stable: released (5.10.214) [8eebff95ce9558be66a36aa7cfb43223f3ab4699]
+4.19-upstream-stable: released (4.19.311) [7bcc090c81116c66936a7415f2c6b1483a4bcfd9]
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26860 b/active/CVE-2024-26860
new file mode 100644
index 00000000..579360f7
--- /dev/null
+++ b/active/CVE-2024-26860
@@ -0,0 +1,17 @@
+Description: dm-integrity: fix a memory leak when rechecking the data
+References:
+Notes:
+ carnil> Introduced in c88f5e553fe3 ("dm-integrity: recheck the integrity tag after a
+ carnil> failure"). Vulnerable versions: 6.1.80 6.6.19 6.7.7 6.8-rc6.
+Bugs:
+upstream: released (6.9-rc1) [55e565c42dce81a4e49c13262d5bc4eb4c2e588a]
+6.8-upstream-stable: released (6.8.2) [6d35654f03c35c273240d85ec67e3f2c3596c4e0]
+6.7-upstream-stable: released (6.7.11) [74abc2fe09691f3d836d8a54d599ca71f1e4287b]
+6.6-upstream-stable: released (6.6.23) [338580a7fb9b0930bb38098007e89cc0fc496bf7]
+6.1-upstream-stable: released (6.1.83) [20e21c3c0195d915f33bc7321ee6b362177bf5bf]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26861 b/active/CVE-2024-26861
new file mode 100644
index 00000000..7b9e1084
--- /dev/null
+++ b/active/CVE-2024-26861
@@ -0,0 +1,17 @@
+Description: wireguard: receive: annotate data-race around receiving_counter.counter
+References:
+Notes:
+ carnil> Introduced in a9e90d9931f3 ("wireguard: noise: separate receive counter from
+ carnil> send counter"). Vulnerable versions: 5.6.16 5.7-rc7.
+Bugs:
+upstream: released (6.9-rc1) [bba045dc4d996d03dce6fe45726e78a1a1f6d4c3]
+6.8-upstream-stable: released (6.8.2) [fdf16de078a97bf14bb8ee2b8d47cc3d3ead09ed]
+6.7-upstream-stable: released (6.7.11) [3f94da807fe1668b9830f0eefbbf7e887b0a7bc6]
+6.6-upstream-stable: released (6.6.23) [78739d72f16b2d7d549f713f1dfebd678d32484b]
+6.1-upstream-stable: released (6.1.83) [45a83b220c83e3c326513269afbf69ae6fc65cce]
+5.10-upstream-stable: released (5.10.214) [f87884e0dffd61b47e58bc6e1e2f6843c212b0cc]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26862 b/active/CVE-2024-26862
new file mode 100644
index 00000000..51349046
--- /dev/null
+++ b/active/CVE-2024-26862
@@ -0,0 +1,17 @@
+Description: packet: annotate data-races around ignore_outgoing
+References:
+Notes:
+ carnil> Introduced in fa788d986a3a ("packet: add sockopt to ignore outgoing packets").
+ carnil> Vulnerable versions: 4.20-rc1.
+Bugs:
+upstream: released (6.9-rc1) [6ebfad33161afacb3e1e59ed1c2feefef70f9f97]
+6.8-upstream-stable: released (6.8.2) [8b1e273c6afcf00d3c40a54ada7d6aac1b503b97]
+6.7-upstream-stable: released (6.7.11) [ee413f30ec4fe94a0bdf32c8f042cb06fa913234]
+6.6-upstream-stable: released (6.6.23) [2c02c5059c78a52d170bdee4a369b470de6deb37]
+6.1-upstream-stable: released (6.1.83) [ef7eed7e11d23337310ecc2c014ecaeea52719c5]
+5.10-upstream-stable: released (5.10.214) [68e84120319d4fc298fcdb14cf0bea6a0f64ffbd]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26863 b/active/CVE-2024-26863
new file mode 100644
index 00000000..c8a4bff1
--- /dev/null
+++ b/active/CVE-2024-26863
@@ -0,0 +1,17 @@
+Description: hsr: Fix uninit-value access in hsr_get_node()
+References:
+Notes:
+ carnil> Introduced in f266a683a480 ("net/hsr: Better frame dispatch"). Vulnerable
+ carnil> versions: 3.17-rc1.
+Bugs:
+upstream: released (6.9-rc1) [ddbec99f58571301679addbc022256970ca3eac6]
+6.8-upstream-stable: released (6.8.2) [09e5cdbe2cc88c3c758927644a3eb02fac317209]
+6.7-upstream-stable: released (6.7.11) [97d2148ea435dff4b4e71817c9032eb321bcd37e]
+6.6-upstream-stable: released (6.6.23) [39cc316fb3bc5e7c9dc5eed314fe510d119c6862]
+6.1-upstream-stable: released (6.1.83) [1ed222ca7396938eb1ab2d034f1ba0d8b00a7122]
+5.10-upstream-stable: released (5.10.214) [7fb2d4d6bb1c85f7a23aace0ed6c86a95dea792a]
+4.19-upstream-stable: released (4.19.311) [e3b2bfb8ff1810a537b2aa55ba906a6743ed120c]
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26864 b/active/CVE-2024-26864
new file mode 100644
index 00000000..f87bb040
--- /dev/null
+++ b/active/CVE-2024-26864
@@ -0,0 +1,18 @@
+Description: tcp: Fix refcnt handling in __inet_hash_connect().
+References:
+Notes:
+ carnil> Introduced in 66b60b0c8c4a ("dccp/tcp: Unhash sk from ehash for tb2 alloc
+ carnil> failure after check_estalblished()."). Vulnerable versions: 6.1.80 6.6.19 6.7.7
+ carnil> 6.8-rc6.
+Bugs:
+upstream: released (6.9-rc1) [04d9d1fc428ac9f581d55118d67e0cb546701feb]
+6.8-upstream-stable: released (6.8.2) [ad105cde6b261b8b05ec872fe7d1987417d7fe5a]
+6.7-upstream-stable: released (6.7.11) [1b20e61d36f490319d3fbdedd410155232ab5190]
+6.6-upstream-stable: released (6.6.23) [856baaa100cd288d3685eedae9a129c996e7e755]
+6.1-upstream-stable: released (6.1.83) [86d9b040421bbd26425f5a3edc226f57ecdecbfe]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26865 b/active/CVE-2024-26865
new file mode 100644
index 00000000..beee0a5a
--- /dev/null
+++ b/active/CVE-2024-26865
@@ -0,0 +1,17 @@
+Description: rds: tcp: Fix use-after-free of net in reqsk_timer_handler().
+References:
+Notes:
+ carnil> Introduced in 467fa15356ac ("RDS-TCP: Support multiple RDS-TCP listen
+ carnil> endpoints, one per netns."). Vulnerable versions: 4.3-rc1.
+Bugs:
+upstream: released (6.9-rc1) [2a750d6a5b365265dbda33330a6188547ddb5c24]
+6.8-upstream-stable: released (6.8.2) [1e9fd5cf8d7f487332560f7bb312fc7d416817f3]
+6.7-upstream-stable: released (6.7.11) [9ceac040506a05a30b104b2aa2e9146810704500]
+6.6-upstream-stable: released (6.6.23) [f901ee07853ce97e9f1104c7c898fbbe447f0279]
+6.1-upstream-stable: released (6.1.83) [9905a157048f441f1412e7bd13372f4a971d75c6]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26866 b/active/CVE-2024-26866
new file mode 100644
index 00000000..7f8b8f13
--- /dev/null
+++ b/active/CVE-2024-26866
@@ -0,0 +1,17 @@
+Description: spi: lpspi: Avoid potential use-after-free in probe()
+References:
+Notes:
+ carnil> Introduced in 5314987de5e5 ("spi: imx: add lpspi bus driver"). Vulnerable
+ carnil> versions: 4.10-rc1.
+Bugs:
+upstream: released (6.9-rc1) [2ae0ab0143fcc06190713ed81a6486ed0ad3c861]
+6.8-upstream-stable: released (6.8.2) [996ce839606afd0fef91355627868022aa73eb68]
+6.7-upstream-stable: released (6.7.11) [1543418e82789cc383cd36d41469983c64e3fc7f]
+6.6-upstream-stable: released (6.6.23) [da83ed350e4604b976e94239b08d8e2e7eaee7ea]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26867 b/active/CVE-2024-26867
new file mode 100644
index 00000000..3083a190
--- /dev/null
+++ b/active/CVE-2024-26867
@@ -0,0 +1,17 @@
+Description: comedi: comedi_8255: Correct error in subdevice initialization
+References:
+Notes:
+ carnil> Introduced in 5c57b1ccecc7 ("comedi: comedi_8255: Rework subdevice
+ carnil> initialization functions"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8) [cfa9ba1ae0bef0681833a22d326174fe633caab5]
+6.8-upstream-stable: released (6.8) [cfa9ba1ae0bef0681833a22d326174fe633caab5]
+6.7-upstream-stable: released (6.7.11) [4a825457a45d8debc46ab8cba57d47462411710d]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26868 b/active/CVE-2024-26868
new file mode 100644
index 00000000..ce6fcb91
--- /dev/null
+++ b/active/CVE-2024-26868
@@ -0,0 +1,17 @@
+Description: nfs: fix panic when nfs4_ff_layout_prepare_ds() fails
+References:
+Notes:
+ carnil> Introduced in b739a5bd9d9f ("NFSv4/flexfiles: Cancel I/O if the layout is
+ carnil> recalled or revoked"). Vulnerable versions: 6.1-rc1.
+Bugs:
+upstream: released (6.9-rc1) [719fcafe07c12646691bd62d7f8d94d657fa0766]
+6.8-upstream-stable: released (6.8.2) [dac068f164ad05b35e7c0be13f138c3f6adca58f]
+6.7-upstream-stable: released (6.7.11) [5ada9016b1217498fad876a3d5b07645cc955608]
+6.6-upstream-stable: released (6.6.23) [7ca651b4ec4a049f5a46a0e5ff921b86b91c47c5]
+6.1-upstream-stable: released (6.1.83) [31db25e3141b20e2a76a9f219eeca52e3cab126c]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26869 b/active/CVE-2024-26869
new file mode 100644
index 00000000..94ccde40
--- /dev/null
+++ b/active/CVE-2024-26869
@@ -0,0 +1,18 @@
+Description: f2fs: fix to truncate meta inode pages forcely
+References:
+Notes:
+ carnil> Introduced in 6aa58d8ad20a ("f2fs: readahead encrypted block during GC")
+ carnil> e3b49ea36802 ("f2fs: invalidate META_MAPPING before IPU/DIO write"). Vulnerable
+ carnil> versions: 4.19-rc1.
+Bugs:
+upstream: released (6.9-rc1) [9f0c4a46be1fe9b97dbe66d49204c1371e3ece65]
+6.8-upstream-stable: released (6.8.2) [04226d8e3c4028dc451e9d8777356ec0f7919253]
+6.7-upstream-stable: released (6.7.11) [77bfdb89cc222fc7bfe198eda77bdc427d5ac189]
+6.6-upstream-stable: released (6.6.23) [c92f2927df860a60ba815d3ee610a944b92a8694]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26870 b/active/CVE-2024-26870
new file mode 100644
index 00000000..a027f844
--- /dev/null
+++ b/active/CVE-2024-26870
@@ -0,0 +1,17 @@
+Description: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
+References:
+Notes:
+ carnil> Introduced in 012a211abd5d ("NFSv4.2: hook in the user extended attribute
+ carnil> handlers"). Vulnerable versions: 5.9-rc1.
+Bugs:
+upstream: released (6.9-rc1) [251a658bbfceafb4d58c76b77682c8bf7bcfad65]
+6.8-upstream-stable: released (6.8.2) [23bfecb4d852751d5e403557dd500bb563313baf]
+6.7-upstream-stable: released (6.7.11) [80365c9f96015bbf048fdd6c8705d3f8770132bf]
+6.6-upstream-stable: released (6.6.23) [79cdcc765969d23f4e3d6ea115660c3333498768]
+6.1-upstream-stable: released (6.1.83) [06e828b3f1b206de08ef520fc46a40b22e1869cb]
+5.10-upstream-stable: released (5.10.214) [4403438eaca6e91f02d272211c4d6b045092396b]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26871 b/active/CVE-2024-26871
new file mode 100644
index 00000000..91708129
--- /dev/null
+++ b/active/CVE-2024-26871
@@ -0,0 +1,17 @@
+Description: f2fs: fix NULL pointer dereference in f2fs_submit_page_write()
+References:
+Notes:
+ carnil> Introduced in e067dc3c6b9c ("f2fs: maintain six open zones for zoned devices").
+ carnil> Vulnerable versions: 6.5-rc1.
+Bugs:
+upstream: released (6.9-rc1) [c2034ef6192a65a986a45c2aa2ed05824fdc0e9f]
+6.8-upstream-stable: released (6.8.2) [6d102382a11d5e6035f6c98f6e508a38541f7af3]
+6.7-upstream-stable: released (6.7.11) [4c122a32582b67bdd44ca8d25f894ee2dc54f566]
+6.6-upstream-stable: released (6.6.23) [8e2ea8b04cb8d976110c4568509e67d6a39b2889]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26872 b/active/CVE-2024-26872
new file mode 100644
index 00000000..a9056727
--- /dev/null
+++ b/active/CVE-2024-26872
@@ -0,0 +1,17 @@
+Description: RDMA/srpt: Do not register event handler until srpt device is fully setup
+References:
+Notes:
+ carnil> Introduced in a42d985bd5b2 ("ib_srpt: Initial SRP Target merge for v3.3-rc1").
+ carnil> Vulnerable versions: 3.3-rc1.
+Bugs:
+upstream: released (6.9-rc1) [c21a8870c98611e8f892511825c9607f1e2cd456]
+6.8-upstream-stable: released (6.8.2) [ec77fa12da41260c6bf9e060b89234b980c5130f]
+6.7-upstream-stable: released (6.7.11) [7104a00fa37ae898a827381f1161fa3286c8b346]
+6.6-upstream-stable: released (6.6.23) [85570b91e4820a0db9d9432098778cafafa7d217]
+6.1-upstream-stable: released (6.1.83) [e362d007294955a4fb929e1c8978154a64efdcb6]
+5.10-upstream-stable: released (5.10.214) [bdd895e0190c464f54f84579e7535d80276f0fc5]
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26873 b/active/CVE-2024-26873
new file mode 100644
index 00000000..b91f4d5c
--- /dev/null
+++ b/active/CVE-2024-26873
@@ -0,0 +1,17 @@
+Description: scsi: hisi_sas: Fix a deadlock issue related to automatic dump
+References:
+Notes:
+ carnil> Introduced in 2ff07b5c6fe9 ("scsi: hisi_sas: Directly call register snapshot
+ carnil> instead of using workqueue"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.9-rc1) [3c4f53b2c341ec6428b98cb51a89a09b025d0953]
+6.8-upstream-stable: released (6.8.2) [85c98073ffcfe9e46abfb9c66f3364467119d563]
+6.7-upstream-stable: released (6.7.11) [e022dd3b875315a2d2001a512e98d1dc8c991f4a]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26874 b/active/CVE-2024-26874
new file mode 100644
index 00000000..897f378e
--- /dev/null
+++ b/active/CVE-2024-26874
@@ -0,0 +1,17 @@
+Description: drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip
+References:
+Notes:
+ carnil> Introduced in 119f5173628a ("drm/mediatek: Add DRM Driver for Mediatek SoC
+ carnil> MT8173."). Vulnerable versions: 4.7-rc1.
+Bugs:
+upstream: released (6.9-rc1) [c958e86e9cc1b48cac004a6e245154dfba8e163b]
+6.8-upstream-stable: released (6.8.2) [3fc88b246a2fc16014e374040fc15af1d3752535]
+6.7-upstream-stable: released (6.7.11) [9acee29a38b4d4b70f1f583e5ef9a245db4db710]
+6.6-upstream-stable: released (6.6.23) [a3dd12b64ae8373a41a216a0b621df224210860a]
+6.1-upstream-stable: released (6.1.83) [d2bd30c710475b2e29288827d2c91f9e6e2b91d7]
+5.10-upstream-stable: released (5.10.214) [4688be96d20ffa49d2186523ee84f475f316fd49]
+4.19-upstream-stable: released (4.19.311) [accdac6b71d5a2b84040c3d2234f53a60edc398e]
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26875 b/active/CVE-2024-26875
new file mode 100644
index 00000000..87159ce2
--- /dev/null
+++ b/active/CVE-2024-26875
@@ -0,0 +1,17 @@
+Description: media: pvrusb2: fix uaf in pvr2_context_set_notify
+References:
+Notes:
+ carnil> Introduced in e5be15c63804 ("V4L/DVB (7711): pvrusb2: Fix race on module
+ carnil> unload"). Vulnerable versions: 2.6.26-rc1.
+Bugs:
+upstream: released (6.9-rc1) [0a0b79ea55de8514e1750884e5fec77f9fdd01ee]
+6.8-upstream-stable: released (6.8.2) [eaa410e05bdf562c90b23cdf2d9327f9c4625e16]
+6.7-upstream-stable: released (6.7.11) [40cd818fae875c424a8335009db33c7b5a07de3a]
+6.6-upstream-stable: released (6.6.23) [8e60b99f6b7ccb3badeb512f5eb613ad45904592]
+6.1-upstream-stable: released (6.1.83) [3a1ec89708d2e57e2712f46241282961b1a7a475]
+5.10-upstream-stable: released (5.10.214) [ab896d93fd6a2cd1afeb034c3cc9226cb499209f]
+4.19-upstream-stable: released (4.19.311) [ed8000e1e8e9684ab6c30cf2b526c0cea039929c]
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26876 b/active/CVE-2024-26876
new file mode 100644
index 00000000..bddc25e2
--- /dev/null
+++ b/active/CVE-2024-26876
@@ -0,0 +1,17 @@
+Description: drm/bridge: adv7511: fix crash on irq during probe
+References:
+Notes:
+ carnil> Introduced in 3b1b975003e4 ("drm: adv7511/33: add HDMI CEC support").
+ carnil> Vulnerable versions: 4.15-rc1.
+Bugs:
+upstream: released (6.9-rc1) [aeedaee5ef5468caf59e2bb1265c2116e0c9a924]
+6.8-upstream-stable: released (6.8.2) [28a94271bd50e4cf498df0381f776f8ea40a289e]
+6.7-upstream-stable: released (6.7.11) [955c1252930677762e0db2b6b9e36938c887445c]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26877 b/active/CVE-2024-26877
new file mode 100644
index 00000000..b1f39380
--- /dev/null
+++ b/active/CVE-2024-26877
@@ -0,0 +1,17 @@
+Description: crypto: xilinx - call finalize with bh disabled
+References:
+Notes:
+ carnil> Introduced in 4d96f7d48131 ("crypto: xilinx - Add Xilinx AES driver").
+ carnil> Vulnerable versions: 5.7-rc1.
+Bugs:
+upstream: released (6.9-rc1) [a853450bf4c752e664abab0b2fad395b7ad7701c]
+6.8-upstream-stable: released (6.8.2) [dbf291d8ffffb70f48286176a15c6c54f0bb0743]
+6.7-upstream-stable: released (6.7.11) [9db89b1fb85557892e6681724b367287de5f9f20]
+6.6-upstream-stable: released (6.6.23) [23bc89fdce71124cd2126fc919c7076e7cb489cf]
+6.1-upstream-stable: released (6.1.83) [a71f66bd5f7b9b35a8aaa49e29565eca66299399]
+5.10-upstream-stable: released (5.10.214) [8a01335aedc50a66d04dd39203c89f4bc8042596]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26878 b/active/CVE-2024-26878
new file mode 100644
index 00000000..b30a81d7
--- /dev/null
+++ b/active/CVE-2024-26878
@@ -0,0 +1,16 @@
+Description: quota: Fix potential NULL pointer dereference
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.9-rc1) [d0aa72604fbd80c8aabb46eda00535ed35570f1f]
+6.8-upstream-stable: released (6.8.2) [6afc9f4434fa8063aa768c2bf5bf98583aee0877]
+6.7-upstream-stable: released (6.7.11) [f2649d98aa9ca8623149b3cb8df00c944f5655c7]
+6.6-upstream-stable: released (6.6.23) [40a673b4b07efd6f74ff3ab60f38b26aa91ee5d5]
+6.1-upstream-stable: released (6.1.83) [7f9e833fc0f9b47be503af012eb5903086939754]
+5.10-upstream-stable: released (5.10.214) [61380537aa6dd32d8a723d98b8f1bd1b11d8fee0]
+4.19-upstream-stable: released (4.19.311) [8514899c1a4edf802f03c408db901063aa3f05a1]
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26879 b/active/CVE-2024-26879
new file mode 100644
index 00000000..b9f3b541
--- /dev/null
+++ b/active/CVE-2024-26879
@@ -0,0 +1,17 @@
+Description: clk: meson: Add missing clocks to axg_clk_regmaps
+References:
+Notes:
+ carnil> Introduced in 14ebb3154b8f ("clk: meson: axg: add Video Clocks"). Vulnerable
+ carnil> versions: 5.11-rc1.
+Bugs:
+upstream: released (6.9-rc1) [ba535bce57e71463a86f8b33a0ea88c26e3a6418]
+6.8-upstream-stable: released (6.8.2) [9f3e5df38b4528213449e55b80f0316864f2a1c8]
+6.7-upstream-stable: released (6.7.11) [a860aaebacbc908fa06e2642402058f40bfffe10]
+6.6-upstream-stable: released (6.6.23) [0cbefc7b5bdad86b18a263d837450cdc9a56f8d7]
+6.1-upstream-stable: released (6.1.83) [7ae1b0dc12ec407f12f80b49d22c6ad2308e2202]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26880 b/active/CVE-2024-26880
new file mode 100644
index 00000000..38a9391a
--- /dev/null
+++ b/active/CVE-2024-26880
@@ -0,0 +1,17 @@
+Description: dm: call the resume method on internal suspend
+References:
+Notes:
+ carnil> Introduced in ffcc39364160 ("dm: enhance internal suspend and resume
+ carnil> interface"). Vulnerable versions: 3.19-rc1.
+Bugs:
+upstream: released (6.9-rc1) [65e8fbde64520001abf1c8d0e573561b4746ef38]
+6.8-upstream-stable: released (6.8.2) [360a7d1be8112654f1fb328ed3862be630bca3f4]
+6.7-upstream-stable: released (6.7.11) [ef02d8edf738557af2865c5bfb66a03c4e071be7]
+6.6-upstream-stable: released (6.6.23) [15a3fc5c8774c17589dabfe1d642d40685c985af]
+6.1-upstream-stable: released (6.1.83) [ad10289f68f45649816cc68eb93f45fd5ec48a15]
+5.10-upstream-stable: released (5.10.214) [f89bd27709376d37ff883067193320c58a8c1d5a]
+4.19-upstream-stable: released (4.19.311) [69836d9329f0b4c58faaf3d886a7748ddb5bf718]
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26881 b/active/CVE-2024-26881
new file mode 100644
index 00000000..e5e90f38
--- /dev/null
+++ b/active/CVE-2024-26881
@@ -0,0 +1,17 @@
+Description: net: hns3: fix kernel crash when 1588 is received on HIP08 devices
+References:
+Notes:
+ carnil> Introduced in 0bf5eb788512 ("net: hns3: add support for PTP"). Vulnerable
+ carnil> versions: 5.14-rc1.
+Bugs:
+upstream: released (6.9-rc1) [0fbcf2366ba9888cf02eda23e35fde7f7fcc07c3]
+6.8-upstream-stable: released (6.8.2) [11b998360d96f6c76f04a95f54b49f24d3c858e4]
+6.7-upstream-stable: released (6.7.11) [b2bb19114c079dcfec1ea46e761f510e30505e70]
+6.6-upstream-stable: released (6.6.23) [f0b5225a7dfc1bf53c98215db8c2f0b4efd3f108]
+6.1-upstream-stable: released (6.1.83) [b3cf70472a600bcb2efe24906bc9bc6014d4c6f6]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26882 b/active/CVE-2024-26882
new file mode 100644
index 00000000..7218b3ad
--- /dev/null
+++ b/active/CVE-2024-26882
@@ -0,0 +1,17 @@
+Description: net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
+References:
+Notes:
+ carnil> Introduced in c54419321455 ("GRE: Refactor GRE tunneling code."). Vulnerable
+ carnil> versions: 3.10-rc1.
+Bugs:
+upstream: released (6.9-rc1) [b0ec2abf98267f14d032102551581c833b0659d3]
+6.8-upstream-stable: released (6.8.2) [ca914f1cdee8a85799942c9b0ce5015bbd6844e1]
+6.7-upstream-stable: released (6.7.11) [f6723d8dbfdc10c784a56748f86a9a3cd410dbd5]
+6.6-upstream-stable: released (6.6.23) [c4c857723b37c20651300b3de4ff25059848b4b0]
+6.1-upstream-stable: released (6.1.83) [60044ab84836359534bd7153b92e9c1584140e4a]
+5.10-upstream-stable: released (5.10.214) [77fd5294ea09b21f6772ac954a121b87323cec80]
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26883 b/active/CVE-2024-26883
new file mode 100644
index 00000000..c985dbdf
--- /dev/null
+++ b/active/CVE-2024-26883
@@ -0,0 +1,18 @@
+Description: bpf: Fix stackmap overflow check on 32-bit arches
+References:
+Notes:
+ carnil> Introduced in 6183f4d3a0a2 ("bpf: Check for integer overflow when using
+ carnil> roundup_pow_of_two()"). Vulnerable versions: 4.9.258 4.14.222 4.19.177 5.4.99
+ carnil> 5.10.17 5.11.
+Bugs:
+upstream: released (6.9-rc1) [7a4b21250bf79eef26543d35bd390448646c536b]
+6.8-upstream-stable: released (6.8.2) [0971126c8164abe2004b8536b49690a0d6005b0a]
+6.7-upstream-stable: released (6.7.11) [43f798b9036491fb014b55dd61c4c5c3193267d0]
+6.6-upstream-stable: released (6.6.23) [7070b274c7866a4c5036f8d54fcaf315c64ac33a]
+6.1-upstream-stable: released (6.1.83) [f06899582ccee09bd85d0696290e3eaca9aa042d]
+5.10-upstream-stable: released (5.10.214) [15641007df0f0d35fa28742b25c2a7db9dcd6895]
+4.19-upstream-stable: released (4.19.311) [d0e214acc59145ce25113f617311aa79dda39cb3]
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26884 b/active/CVE-2024-26884
new file mode 100644
index 00000000..fa4b4e66
--- /dev/null
+++ b/active/CVE-2024-26884
@@ -0,0 +1,17 @@
+Description: bpf: Fix hashtab overflow check on 32-bit arches
+References:
+Notes:
+ carnil> Introduced in daaf427c6ab3 ("bpf: fix arraymap NULL deref and missing overflow
+ carnil> and zero size checks"). Vulnerable versions: 3.19-rc1.
+Bugs:
+upstream: released (6.9-rc1) [6787d916c2cf9850c97a0a3f73e08c43e7d973b1]
+6.8-upstream-stable: released (6.8.2) [a6fa75b5096c0f9826a4fabe22d907b0a5bb1016]
+6.7-upstream-stable: released (6.7.11) [d817f0d34d927f2deb17dadbfe212c9a6a32ac3e]
+6.6-upstream-stable: released (6.6.23) [8435f0961bf3dc65e204094349bd9aeaac1f8868]
+6.1-upstream-stable: released (6.1.83) [a83fdaeaea3677b83a53f72ace2d73a19bcd6d93]
+5.10-upstream-stable: released (5.10.214) [64f00b4df0597590b199b62a37a165473bf658a6]
+4.19-upstream-stable: released (4.19.311) [33ec04cadb77605b71d9298311919303d390c4d5]
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26885 b/active/CVE-2024-26885
new file mode 100644
index 00000000..61e3d4f4
--- /dev/null
+++ b/active/CVE-2024-26885
@@ -0,0 +1,17 @@
+Description: bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
+References:
+Notes:
+ carnil> Introduced in 6f9d451ab1a3 ("xdp: Add devmap_hash map type for looking up
+ carnil> devices by hashed index"). Vulnerable versions: 5.4-rc1.
+Bugs:
+upstream: released (6.9-rc1) [281d464a34f540de166cee74b723e97ac2515ec3]
+6.8-upstream-stable: released (6.8.2) [e89386f62ce9a9ab9a94835a9890883c23d9d52c]
+6.7-upstream-stable: released (6.7.11) [22079b3a423382335f47d9ed32114e6c9fe88d7c]
+6.6-upstream-stable: released (6.6.23) [250051acc21f9d4c5c595e4fcb55986ea08c4691]
+6.1-upstream-stable: released (6.1.83) [edf7990baa48de5097daa9ac02e06cb4c798a737]
+5.10-upstream-stable: released (5.10.214) [225da02acdc97af01b6bc6ce1a3e5362bf01d3fb]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26886 b/active/CVE-2024-26886
new file mode 100644
index 00000000..b9deb002
--- /dev/null
+++ b/active/CVE-2024-26886
@@ -0,0 +1,17 @@
+Description: Bluetooth: af_bluetooth: Fix deadlock
+References:
+Notes:
+ carnil> Introduced in 2e07e8348ea4 ("Bluetooth: af_bluetooth: Fix Use-After-Free in
+ carnil> bt_sock_recvmsg"). Vulnerable versions: 5.10.206 5.15.146 6.1.70 6.6.9 6.7-rc7.
+Bugs:
+upstream: released (6.9-rc1) [f7b94bdc1ec107c92262716b073b3e816d4784fb]
+6.8-upstream-stable: released (6.8.2) [2c9e2df022ef8b9d7fac58a04a2ef4ed25288955]
+6.7-upstream-stable: released (6.7.11) [817e8138ce86001b2fa5c63d6ede756e205a01f7]
+6.6-upstream-stable: released (6.6.23) [64be3c6154886200708da0dfe259705fb992416c]
+6.1-upstream-stable: released (6.1.83) [cb8adca52f306563d958a863bb0cbae9c184d1ae]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26887 b/active/CVE-2024-26887
new file mode 100644
index 00000000..7ff43285
--- /dev/null
+++ b/active/CVE-2024-26887
@@ -0,0 +1,17 @@
+Description: Bluetooth: btusb: Fix memory leak
+References:
+Notes:
+ carnil> Introduced in 0b7015132878 ("Bluetooth: btusb: mediatek: add MediaTek
+ carnil> devcoredump support"). Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.9-rc1) [79f4127a502c5905f04da1f20a7bbe07103fb77c]
+6.8-upstream-stable: released (6.8.2) [b08bd8f02a24e2b82fece5ac51dc1c3d9aa6c404]
+6.7-upstream-stable: released (6.7.11) [b10e6f6b160a60b98fb7476028f5a95405bbd725]
+6.6-upstream-stable: released (6.6.23) [620b9e60e4b55fa55540ce852a0f3c9e6091dbbc]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26888 b/active/CVE-2024-26888
new file mode 100644
index 00000000..bdfa4493
--- /dev/null
+++ b/active/CVE-2024-26888
@@ -0,0 +1,17 @@
+Description: Bluetooth: msft: Fix memory leak
+References:
+Notes:
+ carnil> Introduced in 9e14606d8f38 ("Bluetooth: msft: Extended monitor tracking by
+ carnil> address filter"). Vulnerable versions: 6.4.16 6.5.3 6.6-rc1.
+Bugs:
+upstream: released (6.9-rc1) [a6e06258f4c31eba0fcd503e19828b5f8fe7b08b]
+6.8-upstream-stable: released (6.8.2) [5cb93417c93716a5404f762f331f5de3653fd952]
+6.7-upstream-stable: released (6.7.11) [5987b9f7d9314c7411136005b3a52f61a8cc0911]
+6.6-upstream-stable: released (6.6.23) [98e9920c75e0790bff947a00d192d24bf1c724e0]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26889 b/active/CVE-2024-26889
new file mode 100644
index 00000000..4ab80371
--- /dev/null
+++ b/active/CVE-2024-26889
@@ -0,0 +1,18 @@
+Description: Bluetooth: hci_core: Fix possible buffer overflow
+References:
+Notes:
+ carnil> Introduced in dcda165706b9 ("Bluetooth: hci_core: Fix build warnings").
+ carnil> Vulnerable versions: 4.14.328 4.19.297 5.4.259 5.10.199 5.15.137 6.1.60 6.5.9
+ carnil> 6.6-rc5.
+Bugs:
+upstream: released (6.9-rc1) [81137162bfaa7278785b24c1fd2e9e74f082e8e4]
+6.8-upstream-stable: released (6.8.2) [2edce8e9a99dd5e4404259d52e754fdc97fb42c2]
+6.7-upstream-stable: released (6.7.11) [8c28598a2c29201d2ba7fc37539a7d41c264fb10]
+6.6-upstream-stable: released (6.6.23) [a41c8efe659caed0e21422876bbb6b73c15b5244]
+6.1-upstream-stable: released (6.1.83) [68644bf5ec6baaff40fc39b3529c874bfda709bd]
+5.10-upstream-stable: released (5.10.214) [d47e6c1932cee02954ea588c9f09fd5ecefeadfc]
+4.19-upstream-stable: released (4.19.311) [6d5a9d4a7bcbb7534ce45a18a52e7bd23e69d8ac]
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26890 b/active/CVE-2024-26890
new file mode 100644
index 00000000..a6111cdc
--- /dev/null
+++ b/active/CVE-2024-26890
@@ -0,0 +1,18 @@
+Description: Bluetooth: btrtl: fix out of bounds memory access
+References:
+Notes:
+ carnil> Introduced in 5b355944b190 ("Bluetooth: btrtl: Add btrealtek data struct")
+ carnil> 044014ce85a1 ("Bluetooth: btrtl: Add Realtek devcoredump support"). Vulnerable
+ carnil> versions: 6.2-rc1.
+Bugs:
+upstream: released (6.9-rc1) [de4e88ec58c4202efd1f02eebb4939bbf6945358]
+6.8-upstream-stable: released (6.8.2) [0c657e641df1e77d6087688190f632cad9c0439b]
+6.7-upstream-stable: released (6.7.11) [2f232bc389a4f5943c40733582f9edf77b89e499]
+6.6-upstream-stable: released (6.6.23) [dd163fa34c483f1674aa2510accce11a224f649e]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26891 b/active/CVE-2024-26891
new file mode 100644
index 00000000..5637cad4
--- /dev/null
+++ b/active/CVE-2024-26891
@@ -0,0 +1,17 @@
+Description: iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected
+References:
+Notes:
+ carnil> Introduced in 6f7db75e1c46 ("iommu/vt-d: Add second level page table
+ carnil> interface"). Vulnerable versions: 5.0-rc1.
+Bugs:
+upstream: released (6.9-rc1) [4fc82cd907ac075648789cc3a00877778aa1838b]
+6.8-upstream-stable: released (6.8.2) [025bc6b41e020aeb1e71f84ae3ffce945026de05]
+6.7-upstream-stable: released (6.7.11) [c04f2780919f20e2cc4846764221f5e802555868]
+6.6-upstream-stable: released (6.6.23) [2b74b2a92e524d7c8dec8e02e95ecf18b667c062]
+6.1-upstream-stable: released (6.1.83) [34a7b30f56d30114bf4d436e4dc793afe326fbcf]
+5.10-upstream-stable: released (5.10.214) [f873b85ec762c5a6abe94a7ddb31df5d3ba07d85]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26892 b/active/CVE-2024-26892
new file mode 100644
index 00000000..bae2a999
--- /dev/null
+++ b/active/CVE-2024-26892
@@ -0,0 +1,17 @@
+Description: wifi: mt76: mt7921e: fix use-after-free in free_irq()
+References:
+Notes:
+ carnil> Introduced in 9270270d6219 ("wifi: mt76: mt7921: fix PCI DMA hang after
+ carnil> reboot"). Vulnerable versions: 6.2.15 6.3.2 6.4-rc1.
+Bugs:
+upstream: released (6.9-rc1) [c957280ef6ab6bdf559a91ae693a6b34310697e3]
+6.8-upstream-stable: released (6.8.2) [bfeaef901194c5923ce3330272786eff2fac513a]
+6.7-upstream-stable: released (6.7.11) [bfe1adf1606f76c180324e53b130f0e76d5cc6c3]
+6.6-upstream-stable: released (6.6.23) [c7dd42fbebcfb02bef070fd48f774d6412d0b49d]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26893 b/active/CVE-2024-26893
new file mode 100644
index 00000000..bca03d1c
--- /dev/null
+++ b/active/CVE-2024-26893
@@ -0,0 +1,17 @@
+Description: firmware: arm_scmi: Fix double free in SMC transport cleanup path
+References:
+Notes:
+ carnil> Introduced in 1dc6558062da ("firmware: arm_scmi: Add smc/hvc transport").
+ carnil> Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (6.9-rc1) [f1d71576d2c9ec8fdb822173fa7f3de79475e9bd]
+6.8-upstream-stable: released (6.8.2) [ead445dd3d681020af333649a27306160eee761d]
+6.7-upstream-stable: released (6.7.11) [8ffaa17ccb1eb1b65cf85db63225a3581c303773]
+6.6-upstream-stable: released (6.6.23) [857f56db8c3a71f9871922b6984ff74ad588cb2c]
+6.1-upstream-stable: released (6.1.83) [0d276d9f335f41d6524258d58c0c0241ef9a83a4]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26894 b/active/CVE-2024-26894
new file mode 100644
index 00000000..73e7b008
--- /dev/null
+++ b/active/CVE-2024-26894
@@ -0,0 +1,17 @@
+Description: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
+References:
+Notes:
+ carnil> Introduced in 3d339dcbb56d ("cpuidle / ACPI : move cpuidle_device field out of
+ carnil> the acpi_processor_power structure"). Vulnerable versions: 3.7-rc1.
+Bugs:
+upstream: released (6.9-rc1) [e18afcb7b2a12b635ac10081f943fcf84ddacc51]
+6.8-upstream-stable: released (6.8.2) [cd5c2d0b09d5b6d3f0a7bbabe6761a4997e9dee9]
+6.7-upstream-stable: released (6.7.11) [8d14a4d0afb49a5b8535d414c782bb334860e73e]
+6.6-upstream-stable: released (6.6.23) [3d48e5be107429ff5d824e7f2a00d1b610d36fbc]
+6.1-upstream-stable: released (6.1.83) [fad9bcd4d754cc689c19dc04d2c44b82c1a5d6c8]
+5.10-upstream-stable: released (5.10.214) [c2a30c81bf3cb9033fa9f5305baf7c377075e2e5]
+4.19-upstream-stable: released (4.19.311) [d351bcadab6caa6d8ce7159ff4b77e2da35c09fa]
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26895 b/active/CVE-2024-26895
new file mode 100644
index 00000000..1a186319
--- /dev/null
+++ b/active/CVE-2024-26895
@@ -0,0 +1,17 @@
+Description: wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces
+References:
+Notes:
+ carnil> Introduced in 8399918f3056 ("staging: wilc1000: use RCU list to maintain vif
+ carnil> interfaces list"). Vulnerable versions: 5.5-rc1.
+Bugs:
+upstream: released (6.9-rc1) [cb5942b77c05d54310a0420cac12935e9b6aa21c]
+6.8-upstream-stable: released (6.8.2) [73a2aa0aef86c2c07be5a2f42c9e6047e1a2f7bb]
+6.7-upstream-stable: released (6.7.11) [24228dcf1d30c2231caa332be7d3090ac59fbfe9]
+6.6-upstream-stable: released (6.6.23) [3da9d32b7f4a1a9f7e4bb15bb82f2b2dd6719447]
+6.1-upstream-stable: released (6.1.83) [a9545af2a533739ffb64d6c9a6fec6f13e2b505f]
+5.10-upstream-stable: released (5.10.214) [5956f4203b6cdd0755bbdd21b45f3933c7026208]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26896 b/active/CVE-2024-26896
new file mode 100644
index 00000000..54bea2f9
--- /dev/null
+++ b/active/CVE-2024-26896
@@ -0,0 +1,17 @@
+Description: wifi: wfx: fix memory leak when starting AP
+References:
+Notes:
+ carnil> Introduced in 268bceec1684 ("staging: wfx: fix BA when device is AP and MFP is
+ carnil> enabled"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (6.9-rc1) [b8cfb7c819dd39965136a66fe3a7fde688d976fc]
+6.8-upstream-stable: released (6.8.2) [dadbb5d29d6c5f571a50272fce8c1505a9559487]
+6.7-upstream-stable: released (6.7.11) [12f00a367b2b62756e0396f14b54c2c15524e1c3]
+6.6-upstream-stable: released (6.6.23) [3a71ec74e5e3478d202a1874f085ca3ef40be49b]
+6.1-upstream-stable: released (6.1.83) [a1f57a0127b89a6b6620514564aa7eaec16d9af3]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26897 b/active/CVE-2024-26897
new file mode 100644
index 00000000..9bc39458
--- /dev/null
+++ b/active/CVE-2024-26897
@@ -0,0 +1,18 @@
+Description: wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
+References:
+Notes:
+ carnil> Introduced in 8b3046abc99e ("ath9k_htc: fix NULL pointer dereference at
+ carnil> ath9k_htc_tx_get_packet()"). Vulnerable versions: 5.10.136 5.15.17 5.16.3
+ carnil> 5.17-rc1.
+Bugs:
+upstream: released (6.9-rc1) [24355fcb0d4cbcb6ddda262596558e8cfba70f11]
+6.8-upstream-stable: released (6.8.2) [4afa0246656d5680c8a4c3fb37ba6570c4ab819b]
+6.7-upstream-stable: released (6.7.11) [ac90e22e735bac44f74b5161fb096fbeb0ff8bc2]
+6.6-upstream-stable: released (6.6.23) [a015fbf698c8957aa5fbeefc5c59dd2cf3107298]
+6.1-upstream-stable: released (6.1.83) [74d0639261dd795dce958d1b14815bdcbb48a715]
+5.10-upstream-stable: released (5.10.214) [1bc5461a21c56a36e2a7d81e152b90ce019a3905]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26898 b/active/CVE-2024-26898
new file mode 100644
index 00000000..c48192d4
--- /dev/null
+++ b/active/CVE-2024-26898
@@ -0,0 +1,17 @@
+Description: aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
+References:
+Notes:
+ carnil> Introduced in 7562f876cd93 ("[NET]: Rework dev_base via list_head (v3)").
+ carnil> Vulnerable versions: 2.6.22-rc1.
+Bugs:
+upstream: released (6.9-rc1) [f98364e926626c678fb4b9004b75cacf92ff0662]
+6.8-upstream-stable: released (6.8.2) [a16fbb80064634b254520a46395e36b87ca4731e]
+6.7-upstream-stable: released (6.7.11) [079cba4f4e307c69878226fdf5228c20aa1c969c]
+6.6-upstream-stable: released (6.6.23) [eb48680b0255a9e8a9bdc93d6a55b11c31262e62]
+6.1-upstream-stable: released (6.1.83) [74ca3ef68d2f449bc848c0a814cefc487bf755fa]
+5.10-upstream-stable: released (5.10.214) [faf0b4c5e00bb680e8e43ac936df24d3f48c8e65]
+4.19-upstream-stable: released (4.19.311) [ad80c34944d7175fa1f5c7a55066020002921a99]
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26899 b/active/CVE-2024-26899
new file mode 100644
index 00000000..5589d28a
--- /dev/null
+++ b/active/CVE-2024-26899
@@ -0,0 +1,17 @@
+Description: block: fix deadlock between bd_link_disk_holder and partition scan
+References:
+Notes:
+ carnil> Introduced in 1b0a2d950ee2 ("md: use new apis to suspend array for ioctls
+ carnil> involed array reconfiguration"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.9-rc1) [03f12122b20b6e6028e9ed69030a49f9cffcbb75]
+6.8-upstream-stable: released (6.8.2) [5a87c1f7993bc8ac358a3766bac5dc7126e01e98]
+6.7-upstream-stable: released (6.7.11) [1e5c5b0abaee7b62a10b9707a62083b71ad21f62]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26900 b/active/CVE-2024-26900
new file mode 100644
index 00000000..c3a17f0f
--- /dev/null
+++ b/active/CVE-2024-26900
@@ -0,0 +1,17 @@
+Description: md: fix kmemleak of rdev->serial
+References:
+Notes:
+ carnil> Introduced in 963c555e75b0 ("md: introduce mddev_create/destroy_wb_pool for the
+ carnil> change of member device"). Vulnerable versions: 5.3-rc1.
+Bugs:
+upstream: released (6.9-rc1) [6cf350658736681b9d6b0b6e58c5c76b235bb4c4]
+6.8-upstream-stable: released (6.8.2) [4c1021ce46fc2fb6115f7e79d353941e6dcad366]
+6.7-upstream-stable: released (6.7.11) [6d32c832a88513f65c2c2c9c75954ee8b387adea]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26901 b/active/CVE-2024-26901
new file mode 100644
index 00000000..11480221
--- /dev/null
+++ b/active/CVE-2024-26901
@@ -0,0 +1,17 @@
+Description: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
+References:
+Notes:
+ carnil> Introduced in 990d6c2d7aee ("vfs: Add name to file handle conversion support").
+ carnil> Vulnerable versions: 2.6.39-rc1.
+Bugs:
+upstream: released (6.9-rc1) [3948abaa4e2be938ccdfc289385a27342fb13d43]
+6.8-upstream-stable: released (6.8.2) [bf9ec1b24ab4e94345aa1c60811dd329f069c38b]
+6.7-upstream-stable: released (6.7.11) [cba138f1ef37ec6f961baeab62f312dedc7cf730]
+6.6-upstream-stable: released (6.6.23) [c1362eae861db28b1608b9dc23e49634fe87b63b]
+6.1-upstream-stable: released (6.1.83) [e6450d5e46a737a008b4885aa223486113bf0ad6]
+5.10-upstream-stable: released (5.10.214) [cde76b3af247f615447bcfecf610bb76c3529126]
+4.19-upstream-stable: released (4.19.311) [4bac28f441e3cc9d3f1a84c8d023228a68d8a7c1]
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26902 b/active/CVE-2024-26902
new file mode 100644
index 00000000..74c85871
--- /dev/null
+++ b/active/CVE-2024-26902
@@ -0,0 +1,16 @@
+Description: perf: RISCV: Fix panic on pmu overflow handler
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc7) [34b567868777e9fd39ec5333969728a7f0cf179c]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.11) [9f599ba3b9cc4bdb8ec1e3f0feddd41bf9d296d6]
+6.6-upstream-stable: released (6.6.23) [3ede8e94de6b834b48b0643385e66363e7a04be9]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26903 b/active/CVE-2024-26903
new file mode 100644
index 00000000..f95f67b7
--- /dev/null
+++ b/active/CVE-2024-26903
@@ -0,0 +1,16 @@
+Description: Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc7) [2535b848fa0f42ddff3e5255cf5e742c9b77bb26]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.11) [5f9fe302dd3a9bbc50f4888464c1773f45166bfd]
+6.6-upstream-stable: released (6.6.23) [3ead59bafad05f2967ae2438c0528d53244cfde5]
+6.1-upstream-stable: released (6.1.83) [567c0411dc3b424fc7bd1e6109726d7ba32d4f73]
+5.10-upstream-stable: released (5.10.214) [81d7d920a22fd58ef9aedb1bd0a68ee32bd23e96]
+4.19-upstream-stable: released (4.19.311) [369f419c097e82407dd429a202cde9a73d3ae29b]
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26904 b/active/CVE-2024-26904
new file mode 100644
index 00000000..da8b9b27
--- /dev/null
+++ b/active/CVE-2024-26904
@@ -0,0 +1,16 @@
+Description: btrfs: fix data race at btrfs_use_block_rsv() when accessing block reserve
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc7) [c7bb26b847e5b97814f522686068c5628e2b3646]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.11) [7e9422d35d574b646269ca46010a835ca074b310]
+6.6-upstream-stable: released (6.6.23) [f6d4d29a12655b42a13cec038c2902bb7efc50ed]
+6.1-upstream-stable: released (6.1.83) [ab1be3f1aa7799f99155488c28eacaef65eb68fb]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26905 b/active/CVE-2024-26905
new file mode 100644
index 00000000..44942d47
--- /dev/null
+++ b/active/CVE-2024-26905
@@ -0,0 +1,16 @@
+Description: btrfs: fix data races when accessing the reserved amount of block reserves
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc7) [e06cc89475eddc1f3a7a4d471524256152c68166]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.11) [c44542093525699a30c307dae1ea5a1b03b3302f]
+6.6-upstream-stable: released (6.6.23) [82220b1835baaebf4ae2e490f56353a341a09bd2]
+6.1-upstream-stable: released (6.1.83) [995e91c9556c8fc6028b474145a36e947d1eb6b6]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26906 b/active/CVE-2024-26906
new file mode 100644
index 00000000..6be72723
--- /dev/null
+++ b/active/CVE-2024-26906
@@ -0,0 +1,16 @@
+Description: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc6) [32019c659ecfe1d92e3bf9fcdfbb11a7c70acd58]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.11) [29bd6f86904682adafe9affbc7f79b14defcaff8]
+6.6-upstream-stable: released (6.6.23) [57f78c46f08198e1be08ffe99c4c1ccc12855bf5]
+6.1-upstream-stable: released (6.1.83) [f175de546a3eb77614d94d4c02550181c0a8493e]
+5.10-upstream-stable: released (5.10.214) [6e4694e65b6db4c3de125115dd4f55848cc48381]
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26907 b/active/CVE-2024-26907
new file mode 100644
index 00000000..1852f4d3
--- /dev/null
+++ b/active/CVE-2024-26907
@@ -0,0 +1,16 @@
+Description: RDMA/mlx5: Fix fortify source warning while accessing Eth segment
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc6) [4d5e86a56615cc387d21c629f9af8fb0e958d350]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.11) [185fa07000e0a81d54cf8c05414cebff14469a5c]
+6.6-upstream-stable: released (6.6.23) [9a624a5f95733bac4648ecadb320ca83aa9c08fd]
+6.1-upstream-stable: released (6.1.83) [cad82f1671e41094acd3b9a60cd27d67a3c64a21]
+5.10-upstream-stable: released (5.10.214) [d27c48dc309da72c3b46351a1205d89687272baa]
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26908 b/active/CVE-2024-26908
new file mode 100644
index 00000000..a69dae53
--- /dev/null
+++ b/active/CVE-2024-26908
@@ -0,0 +1,16 @@
+Description: x86/xen: Add some null pointer checking to smp.c
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc5) [3693bb4465e6e32a204a5b86d3ec7e6b9f7e67c2]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.11) [d211e8128c0e2122512fa5e859316540349b54af]
+6.6-upstream-stable: released (6.6.23) [a9bbb05c0c04b49a1f7f05fd03826321dca2b8d4]
+6.1-upstream-stable: released (6.1.83) [f49c513f46dc19bf01ffad2aaaf234d7f37f6799]
+5.10-upstream-stable: released (5.10.214) [eb279074badac0bbe28749906562d648ca4bc750]
+4.19-upstream-stable: released (4.19.311) [70a33a629090130d731fc1e1ad498bb672eea165]
+sid: needed
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26909 b/active/CVE-2024-26909
new file mode 100644
index 00000000..164f66d6
--- /dev/null
+++ b/active/CVE-2024-26909
@@ -0,0 +1,18 @@
+Description: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free
+References:
+Notes:
+ carnil> Introduced in 080b4e24852b ("soc: qcom: pmic_glink: Introduce altmode support")
+ carnil> 2bcca96abfbf ("soc: qcom: pmic-glink: switch to DRM_AUX_HPD_BRIDGE").
+ carnil> Vulnerable versions: 6.3-rc1.
+Bugs:
+upstream: released (6.8-rc7) [b979f2d50a099f3402418d7ff5f26c3952fb08bb]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.11) [ef45aa2841e15b649e5417fe3d4de395fe462781]
+6.6-upstream-stable: released (6.6.23) [2bbd65c6ca567ed8dbbfc4fb945f57ce64bef342]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26910 b/active/CVE-2024-26910
new file mode 100644
index 00000000..0d84cac1
--- /dev/null
+++ b/active/CVE-2024-26910
@@ -0,0 +1,18 @@
+Description: netfilter: ipset: fix performance regression in swap operation
+References:
+Notes:
+ carnil> Introduced in 28628fa952fe ("netfilter: ipset: fix race condition between
+ carnil> swap/destroy and kernel side add/del/test"). Vulnerable versions: 4.19.302
+ carnil> 5.4.264 5.10.204 5.15.143 6.1.68 6.6.7 6.7-rc2.
+Bugs:
+upstream: released (6.8-rc3) [97f7cf1cd80eeed3b7c808b7c12463295c751001]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [970709a67696b100a57b33af1a3d75fc34b747eb]
+6.6-upstream-stable: released (6.6.18) [b93a6756a01f4fd2f329a39216f9824c56a66397]
+6.1-upstream-stable: released (6.1.79) [653bc5e6d9995d7d5f497c665b321875a626161c]
+5.10-upstream-stable: released (5.10.210) [a24d5f2ac8ef702a58e55ec276aad29b4bd97e05]
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26911 b/active/CVE-2024-26911
new file mode 100644
index 00000000..57f0da04
--- /dev/null
+++ b/active/CVE-2024-26911
@@ -0,0 +1,17 @@
+Description: drm/buddy: Fix alloc_range() error handling code
+References:
+Notes:
+ carnil> Introduced in 0a1844bf0b53 ("drm/buddy: Improve contiguous memory allocation").
+ carnil> Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc5) [8746c6c9dfa31d269c65dd52ab42fde0720b7d91]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [4b59c3fada06e5e8010ef7700689c71986e667a2]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26912 b/active/CVE-2024-26912
new file mode 100644
index 00000000..50e2a47e
--- /dev/null
+++ b/active/CVE-2024-26912
@@ -0,0 +1,17 @@
+Description: drm/nouveau: fix several DMA buffer leaks
+References:
+Notes:
+ carnil> Introduced in 176fdcbddfd2 ("drm/nouveau/gsp/r535: add support for booting
+ carnil> GSP-RM"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc4) [042b5f83841fbf7ce39474412db3b5e4765a7ea7]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [6190d4c08897d748dd25f0b78267a90aa1694e15]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26913 b/active/CVE-2024-26913
new file mode 100644
index 00000000..74f5ce80
--- /dev/null
+++ b/active/CVE-2024-26913
@@ -0,0 +1,16 @@
+Description: drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc3) [faf51b201bc42adf500945732abb6220c707d6f3]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [cdbe0be8874c63bca85b8c38e5b1eecbdd18df31]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26914 b/active/CVE-2024-26914
new file mode 100644
index 00000000..b6c051ac
--- /dev/null
+++ b/active/CVE-2024-26914
@@ -0,0 +1,16 @@
+Description: drm/amd/display: fix incorrect mpc_combine array size
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc3) [39079fe8e660851abbafa90cd55cbf029210661f]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [0bd8ef618a42d7e6ea3f701065264e15678025e3]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26915 b/active/CVE-2024-26915
new file mode 100644
index 00000000..2baa8610
--- /dev/null
+++ b/active/CVE-2024-26915
@@ -0,0 +1,16 @@
+Description: drm/amdgpu: Reset IH OVERFLOW_CLEAR bit
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc3) [7330256268664ea0a7dd5b07a3fed363093477dd]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [2827633c9dab6304ec4cdbf369363219832e605d]
+6.6-upstream-stable: released (6.6.18) [8983397951b4b0bd51bb4b4ba9749424e1ccbb70]
+6.1-upstream-stable: released (6.1.82) [a28f4d1e0bed85943d309ac243fd1c200f8af9a2]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26916 b/active/CVE-2024-26916
new file mode 100644
index 00000000..b9bb7373
--- /dev/null
+++ b/active/CVE-2024-26916
@@ -0,0 +1,17 @@
+Description: Revert "drm/amd: flush any delayed gfxoff on suspend entry"
+References:
+Notes:
+ carnil> Introduced in ab4750332dbe ("drm/amdgpu/sdma5.2: add begin/end_use ring
+ carnil> callbacks"). Vulnerable versions: 5.15.144 6.1.69 6.6.8 6.7-rc6.
+Bugs:
+upstream: released (6.8-rc5) [916361685319098f696b798ef1560f69ed96e934]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [d855ceb6a5fde668c5431156bc60fae0cc52b764]
+6.6-upstream-stable: released (6.6.18) [caa2565a2e13899be31f7b1e069e6465d3e2adb0]
+6.1-upstream-stable: released (6.1.79) [ff70e6ff6fc2413caf33410af7462d1f584d927e]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26917 b/active/CVE-2024-26917
new file mode 100644
index 00000000..84c86aa2
--- /dev/null
+++ b/active/CVE-2024-26917
@@ -0,0 +1,18 @@
+Description: scsi: Revert "scsi: fcoe: Fix potential deadlock on Description:fip->ctlr_lock"
+References:
+Notes:
+ carnil> Introduced in 1a1975551943 ("scsi: fcoe: Fix potential deadlock on
+ carnil> &fip->ctlr_lock"). Vulnerable versions: 4.14.326 4.19.295 4.19.307 5.4.257
+ carnil> 5.4.269 5.10.195 5.10.210 5.15.132 5.15.149 6.1.53 6.1.79 6.4.16 6.5.3 6.6-rc1.
+Bugs:
+upstream: released (6.8-rc5) [977fe773dcc7098d8eaf4ee6382cb51e13e784cb]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [25675159040bffc7992d5163f3f33ba7d0142f21]
+6.6-upstream-stable: released (6.6.18) [2996c7e97ea7cf4c1838a1b1dbc0885934113783]
+6.1-upstream-stable: released (6.1.79) [6bb22ac1d11d7d20f91e7fd2e657a9e5f6db65e0]
+5.10-upstream-stable: released (5.10.210) [7d4e19f7ff644c5b79e8271df8ac2e549b436a5b]
+4.19-upstream-stable: released (4.19.307) [94a600226b6d0ef065ee84024b450b566c5a87d6]
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26918 b/active/CVE-2024-26918
new file mode 100644
index 00000000..155ba252
--- /dev/null
+++ b/active/CVE-2024-26918
@@ -0,0 +1,17 @@
+Description: PCI: Fix active state requirement in PME polling
+References:
+Notes:
+ carnil> Introduced in d3fcd7360338 ("PCI: Fix runtime PM race with PME polling").
+ carnil> Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.8-rc5) [41044d5360685e78a869d40a168491a70cdb7e73]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [a4f12e5cbac2865c151d1e97e36eb24205afb23b]
+6.6-upstream-stable: released (6.6.18) [63b1a3d9dd3b3f6d67f524e76270e66767090583]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26919 b/active/CVE-2024-26919
new file mode 100644
index 00000000..21d9e476
--- /dev/null
+++ b/active/CVE-2024-26919
@@ -0,0 +1,17 @@
+Description: usb: ulpi: Fix debugfs directory leak
+References:
+Notes:
+ carnil> Introduced in bd0a0a024f2a ("usb: ulpi: Add debugfs support"). Vulnerable
+ carnil> versions: 5.18-rc1.
+Bugs:
+upstream: released (6.8-rc3) [3caf2b2ad7334ef35f55b95f3e1b138c6f77b368]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [33713945cc92ea9c4a1a9479d5c1b7acb7fc4df3]
+6.6-upstream-stable: released (6.6.18) [330d22aba17a4d30a56f007d0f51291d7e00862b]
+6.1-upstream-stable: released (6.1.79) [d31b886ed6a5095214062ee4fb55037eb930adb6]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26920 b/active/CVE-2024-26920
new file mode 100644
index 00000000..07bbfce4
--- /dev/null
+++ b/active/CVE-2024-26920
@@ -0,0 +1,18 @@
+Description: tracing/trigger: Fix to return error if failed to alloc snapshot
+References:
+Notes:
+ carnil> Introduced in 0bbe7f719985 ("tracing: Fix the race between registering
+ carnil> 'snapshot' event trigger and triggering 'snapshot' operation"). Vulnerable
+ carnil> versions: 4.4.220 4.9.220 4.14.177 4.19.117 5.4.34 5.5.19 5.6.6 5.7-rc2.
+Bugs:
+upstream: released (6.8-rc3) [0958b33ef5a04ed91f61cef4760ac412080c4e08]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: released (6.7.6) [4b001ef14baab16b553a002cb9979e31b8fc0c6b]
+6.6-upstream-stable: released (6.6.18) [6022c065c9ec465d84cebff8f480db083e4ee06b]
+6.1-upstream-stable: released (6.1.79) [36be97e9eb535fe3008a5cb040b1e56f29f2e398]
+5.10-upstream-stable: released (5.10.210) [56cfbe60710772916a5ba092c99542332b48e870]
+4.19-upstream-stable: released (4.19.307) [bcf4a115a5068f3331fafb8c176c1af0da3d8b19]
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed