Add new batch of CVEs from Linux kernel CNA

author: Salvatore Bonaccorso <carnil@debian.org> 2024-04-10 21:52:07 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-04-10 21:52:07 +0200
commit: 688f5248fc745b1897b7d556a57760a334f7ad42 (patch)
tree: 80c15d9c5ced63feab788e85a0ca7d7931647232
parent: d831c9001a8a1601b7475b4a87f10261f10ad11d (diff)
38 files changed, 629 insertions, 0 deletions
diff --git a/active/CVE-2021-47181 b/active/CVE-2021-47181
new file mode 100644
index 00000000..2df2af3c
--- /dev/null
+++ b/active/CVE-2021-47181
@@ -0,0 +1,16 @@
+Description: usb: musb: tusb6010: check return value after calling platform_get_resource()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [14651496a3de6807a17c310f63c894ea0c5d858e]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [679eee466d0f9ffa60a2b0c6ec19be5128927f04]
+4.19-upstream-stable: released (4.19.218) [f87a79c04a33ab4e5be598c7b0867e6ef193d702]
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/active/CVE-2021-47182 b/active/CVE-2021-47182
new file mode 100644
index 00000000..26f2183a
--- /dev/null
+++ b/active/CVE-2021-47182
@@ -0,0 +1,16 @@
+Description: scsi: core: Fix scsi_mode_sense() buffer length handling
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [17b49bcbf8351d3dbe57204468ac34f033ed60bc]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47183 b/active/CVE-2021-47183
new file mode 100644
index 00000000..0e43f52e
--- /dev/null
+++ b/active/CVE-2021-47183
@@ -0,0 +1,16 @@
+Description: scsi: lpfc: Fix link down processing to address NULL pointer dereference
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [1854f53ccd88ad4e7568ddfafafffe71f1ceb0a6]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47184 b/active/CVE-2021-47184
new file mode 100644
index 00000000..20645aad
--- /dev/null
+++ b/active/CVE-2021-47184
@@ -0,0 +1,17 @@
+Description: i40e: Fix NULL ptr dereference on VSI filter sync
+References:
+Notes:
+ carnil> Introduced in 41c445ff0f48 ("i40e: main driver core"). Vulnerable versions:
+ carnil> 3.12-rc1.
+Bugs:
+upstream: released (5.16-rc2) [37d9e304acd903a445df8208b8a13d707902dea6]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [f866513ead4370402428ef724b03c3312295c178]
+4.19-upstream-stable: released (4.19.218) [87c421ab4a43433cb009fea44bbbc77f46913e1d]
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/active/CVE-2021-47185 b/active/CVE-2021-47185
new file mode 100644
index 00000000..4fc16d9f
--- /dev/null
+++ b/active/CVE-2021-47185
@@ -0,0 +1,16 @@
+Description: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [3968ddcf05fb4b9409cd1859feb06a5b0550a1c1]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [77e9fed33056f2a88eba9dd4d2d5412f0c7d1f41]
+4.19-upstream-stable: released (4.19.218) [4f300f47dbcf9c3d4b2ea76c8554c8f360400725]
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/active/CVE-2021-47186 b/active/CVE-2021-47186
new file mode 100644
index 00000000..8240d515
--- /dev/null
+++ b/active/CVE-2021-47186
@@ -0,0 +1,16 @@
+Description: tipc: check for null after calling kmemdup
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc2) [3e6db079751afd527bf3db32314ae938dc571916]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [a7d91625863d4ffed63b993b5e6dc1298b6430c9]
+4.19-upstream-stable: needed
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47187 b/active/CVE-2021-47187
new file mode 100644
index 00000000..12bff168
--- /dev/null
+++ b/active/CVE-2021-47187
@@ -0,0 +1,16 @@
+Description: arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [3f1dcaff642e75c1d2ad03f783fa8a3b1f56dd50]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [e52fecdd0c142b95c720683885b06ee3f0e065c8]
+4.19-upstream-stable: needed
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47188 b/active/CVE-2021-47188
new file mode 100644
index 00000000..e31ad9c1
--- /dev/null
+++ b/active/CVE-2021-47188
@@ -0,0 +1,17 @@
+Description: scsi: ufs: core: Improve SCSI abort handling
+References:
+Notes:
+ carnil> Introduced in 7a3e97b0dc4b ("[SCSI] ufshcd: UFS Host controller driver").
+ carnil> Vulnerable versions: 3.4-rc1.
+Bugs:
+upstream: released (5.16-rc2) [3ff1f6b6ba6f97f50862aa50e79959cc8ddc2566]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47189 b/active/CVE-2021-47189
new file mode 100644
index 00000000..3318156e
--- /dev/null
+++ b/active/CVE-2021-47189
@@ -0,0 +1,17 @@
+Description: btrfs: fix memory ordering between normal and ordered work functions
+References:
+Notes:
+ carnil> Introduced in 08a9ff326418 ("btrfs: Added btrfs_workqueue_struct implemented
+ carnil> ordered execution based on kernel workqueue"). Vulnerable versions: 3.15-rc1.
+Bugs:
+upstream: released (5.16-rc2) [45da9c1767ac31857df572f0a909fbe88fd5a7e9]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [6adbc07ebcaf8bead08b21687d49e0fc94400987]
+4.19-upstream-stable: released (4.19.218) [ed058d735a70f4b063323f1a7bb33cda0f987513]
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/active/CVE-2021-47190 b/active/CVE-2021-47190
new file mode 100644
index 00000000..94d0f85e
--- /dev/null
+++ b/active/CVE-2021-47190
@@ -0,0 +1,17 @@
+Description: perf bpf: Avoid memory leak from perf_env__insert_btf()
+References:
+Notes:
+ carnil> Introduced in 3792cb2ff43b1b19 ("perf bpf: Save BTF in a rbtree in perf_env").
+ carnil> Vulnerable versions: 5.1-rc2.
+Bugs:
+upstream: released (5.16-rc1) [4924b1f7c46711762fd0e65c135ccfbcfd6ded1f]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [11589d3144bc4e272e0aae46ce8156162e99babc]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47191 b/active/CVE-2021-47191
new file mode 100644
index 00000000..e152e514
--- /dev/null
+++ b/active/CVE-2021-47191
@@ -0,0 +1,16 @@
+Description: scsi: scsi_debug: Fix out-of-bound read in resp_readcap16()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [4e3ace0051e7e504b55d239daab8789dd89b863c]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [3e20cb072679bdb47747ccc8bee3233a4cf0765a]
+4.19-upstream-stable: needed
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47192 b/active/CVE-2021-47192
new file mode 100644
index 00000000..2687b952
--- /dev/null
+++ b/active/CVE-2021-47192
@@ -0,0 +1,17 @@
+Description: scsi: core: sysfs: Fix hang when device state is set via sysfs
+References:
+Notes:
+ carnil> Introduced in f0f82e2476f6 ("scsi: core: Fix capacity set to zero after
+ carnil> offlinining device"). Vulnerable versions: 5.4.143 5.10.61 5.13.13 5.14-rc5.
+Bugs:
+upstream: released (5.16-rc2) [4edd8cd4e86dd3047e5294bbefcc0a08f66a430f]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [a792e0128d232251edb5fdf42fb0f9fbb0b44a73]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47193 b/active/CVE-2021-47193
new file mode 100644
index 00000000..f0473774
--- /dev/null
+++ b/active/CVE-2021-47193
@@ -0,0 +1,16 @@
+Description: scsi: pm80xx: Fix memory leak during rmmod
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [51e6ed83bb4ade7c360551fa4ae55c4eacea354b]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47194 b/active/CVE-2021-47194
new file mode 100644
index 00000000..671ea959
--- /dev/null
+++ b/active/CVE-2021-47194
@@ -0,0 +1,17 @@
+Description: cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
+References:
+Notes:
+ carnil> Introduced in ac800140c20e ("cfg80211: .stop_ap when interface is going down").
+ carnil> Vulnerable versions: 3.6-rc1.
+Bugs:
+upstream: released (5.16-rc2) [563fbefed46ae4c1f70cffb8eb54c02df480b2c2]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [7b97b5776daa0b39dbdadfea176f9cc0646d4a66]
+4.19-upstream-stable: released (4.19.218) [b8a045e2a9b234cfbc06cf36923886164358ddec]
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/active/CVE-2021-47195 b/active/CVE-2021-47195
new file mode 100644
index 00000000..7c14bc83
--- /dev/null
+++ b/active/CVE-2021-47195
@@ -0,0 +1,17 @@
+Description: spi: fix use-after-free of the add_lock mutex
+References:
+Notes:
+ carnil> Introduced in 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers on
+ carnil> SPI buses"). Vulnerable versions: 5.14.15 5.15-rc6.
+Bugs:
+upstream: released (5.16-rc2) [6c53b45c71b4920b5e62f0ea8079a1da382b9434]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47196 b/active/CVE-2021-47196
new file mode 100644
index 00000000..a99a1a99
--- /dev/null
+++ b/active/CVE-2021-47196
@@ -0,0 +1,17 @@
+Description: RDMA/core: Set send and receive CQ before forwarding to the driver
+References:
+Notes:
+ carnil> Introduced in 514aee660df4 ("RDMA: Globally allocate and release QP memory").
+ carnil> Vulnerable versions: 5.15-rc1.
+Bugs:
+upstream: released (5.16-rc2) [6cd7397d01c4a3e09757840299e4f114f0aa5fa0]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47197 b/active/CVE-2021-47197
new file mode 100644
index 00000000..08d5f4aa
--- /dev/null
+++ b/active/CVE-2021-47197
@@ -0,0 +1,18 @@
+Description: net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove()
+References:
+Notes:
+ carnil> Introduced in 94b960b9deff ("net/mlx5e: Fix memory leak in
+ carnil> mlx5_core_destroy_cq() error path"). Vulnerable versions: 5.10.75 5.14.14
+ carnil> 5.15-rc6.
+Bugs:
+upstream: released (5.16-rc2) [76ded29d3fcda4928da8849ffc446ea46871c1c2]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [471c492890557bd58f73314bb4ad85d5a8fd5026]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47198 b/active/CVE-2021-47198
new file mode 100644
index 00000000..683f3459
--- /dev/null
+++ b/active/CVE-2021-47198
@@ -0,0 +1,16 @@
+Description: scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [79b20beccea3a3938a8500acef4e6b9d7c66142f]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47199 b/active/CVE-2021-47199
new file mode 100644
index 00000000..81a4521a
--- /dev/null
+++ b/active/CVE-2021-47199
@@ -0,0 +1,17 @@
+Description: net/mlx5e: CT, Fix multiple allocations and memleak of mod acts
+References:
+Notes:
+ carnil> Introduced in 1ef3018f5af3 ("net/mlx5e: CT: Support clear action"). Vulnerable
+ carnil> versions: 5.7-rc1.
+Bugs:
+upstream: released (5.16-rc2) [806401c20a0f9c51b6c8fd7035671e6ca841f6c2]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47200 b/active/CVE-2021-47200
new file mode 100644
index 00000000..81939c7d
--- /dev/null
+++ b/active/CVE-2021-47200
@@ -0,0 +1,17 @@
+Description: drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap
+References:
+Notes:
+ carnil> Introduced in 9786b65bc61a ("drm/ttm: fix mmap refcounting"). Vulnerable
+ carnil> versions: 5.5-rc1.
+Bugs:
+upstream: released (5.16-rc1) [8244a3bc27b3efd057da154b8d7e414670d5044f]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47201 b/active/CVE-2021-47201
new file mode 100644
index 00000000..bacb9b53
--- /dev/null
+++ b/active/CVE-2021-47201
@@ -0,0 +1,17 @@
+Description: iavf: free q_vectors before queues in iavf_disable_vf
+References:
+Notes:
+ carnil> Introduced in 65c7006f234c ("i40evf: assign num_active_queues inside
+ carnil> i40evf_alloc_queues"). Vulnerable versions: 4.13-rc1.
+Bugs:
+upstream: released (5.16-rc2) [89f22f129696ab53cfbc608e0a2184d0fea46ac1]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [78638b47132244e3934dc5dc79f6372d5ce8e98c]
+4.19-upstream-stable: needed
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47202 b/active/CVE-2021-47202
new file mode 100644
index 00000000..e0753887
--- /dev/null
+++ b/active/CVE-2021-47202
@@ -0,0 +1,16 @@
+Description: thermal: Fix NULL pointer dereferences in of_thermal_ functions
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [96cfe05051fd8543cdedd6807ec59a0e6c409195]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.81) [6a315471cb6a07f651e1d3adc8962730f4fcccac]
+4.19-upstream-stable: needed
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47203 b/active/CVE-2021-47203
new file mode 100644
index 00000000..6c4e03d6
--- /dev/null
+++ b/active/CVE-2021-47203
@@ -0,0 +1,16 @@
+Description: scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [99154581b05c8fb22607afb7c3d66c1bace6aa5d]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [c097bd5a59162156d9c2077a2f58732ffbaa9fca]
+4.19-upstream-stable: released (4.19.218) [b291d147d0268e93ad866f8bc820ea14497abc9b]
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/active/CVE-2021-47204 b/active/CVE-2021-47204
new file mode 100644
index 00000000..25e2c4c2
--- /dev/null
+++ b/active/CVE-2021-47204
@@ -0,0 +1,17 @@
+Description: net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove
+References:
+Notes:
+ carnil> Introduced in 7472dd9f6499 ("staging: fsl-dpaa2/eth: Move print message").
+ carnil> Vulnerable versions: 4.17-rc1.
+Bugs:
+upstream: released (5.16-rc2) [9b5a333272a48c2f8b30add7a874e46e8b26129c]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [1c4099dc0d6a01e76e4f7dd98e4b3e0d55d80ad9]
+4.19-upstream-stable: needed
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47205 b/active/CVE-2021-47205
new file mode 100644
index 00000000..1bf26a93
--- /dev/null
+++ b/active/CVE-2021-47205
@@ -0,0 +1,16 @@
+Description: clk: sunxi-ng: Unregister clocks/resets when unbinding
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [9bec2b9c6134052994115d2d3374e96f2ccb9b9d]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47206 b/active/CVE-2021-47206
new file mode 100644
index 00000000..4e6412c2
--- /dev/null
+++ b/active/CVE-2021-47206
@@ -0,0 +1,16 @@
+Description: usb: host: ohci-tmio: check return value after calling platform_get_resource()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [9eff2b2e59fda25051ab36cd1cb5014661df657b]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [2474eb7fc3bfbce10f7b8ea431fcffe5dd5f5100]
+4.19-upstream-stable: released (4.19.218) [951b8239fd24678b56c995c5c0456ab12e059d19]
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/active/CVE-2021-47207 b/active/CVE-2021-47207
new file mode 100644
index 00000000..d14bf7fc
--- /dev/null
+++ b/active/CVE-2021-47207
@@ -0,0 +1,16 @@
+Description: ALSA: gus: fix null pointer dereference on pointer block
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [a0d21bb3279476c777434c40d969ea88ca64f9aa]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [1ac6cd87d8ddd36c43620f82c4d65b058f725f0f]
+4.19-upstream-stable: released (4.19.218) [ab4c1ebc40f699f48346f634d7b72b9c5193f315]
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/active/CVE-2021-47209 b/active/CVE-2021-47209
new file mode 100644
index 00000000..c78e1f34
--- /dev/null
+++ b/active/CVE-2021-47209
@@ -0,0 +1,17 @@
+Description: sched/fair: Prevent dead task groups from regaining cfs_rq's
+References:
+Notes:
+ carnil> Introduced in a7b359fc6a37 ("sched/fair: Correctly insert cfs_rq's to list on
+ carnil> unthrottle"). Vulnerable versions: 5.13-rc7.
+Bugs:
+upstream: released (5.16-rc1) [b027789e5e50494c2325cc70c8642e7fd6059479]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47210 b/active/CVE-2021-47210
new file mode 100644
index 00000000..0ec158c1
--- /dev/null
+++ b/active/CVE-2021-47210
@@ -0,0 +1,16 @@
+Description: usb: typec: tipd: Remove WARN_ON in tps6598x_block_read
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [b7a0a63f3fed57d413bb857de164ea9c3984bc4e]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [eff8b7628410cb2eb562ca0d5d1f12e27063733e]
+4.19-upstream-stable: released (4.19.218) [2a897d384513ba7f7ef05611338b9a6ec6aeac00]
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/active/CVE-2021-47211 b/active/CVE-2021-47211
new file mode 100644
index 00000000..e2d1e5d1
--- /dev/null
+++ b/active/CVE-2021-47211
@@ -0,0 +1,16 @@
+Description: ALSA: usb-audio: fix null pointer dereference on pointer cs_desc
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [b97053df0f04747c3c1e021ecbe99db675342954]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2021-47212 b/active/CVE-2021-47212
new file mode 100644
index 00000000..8e2c6518
--- /dev/null
+++ b/active/CVE-2021-47212
@@ -0,0 +1,17 @@
+Description: net/mlx5: Update error handler for UCTX and UMEM
+References:
+Notes:
+ carnil> Introduced in 6a6fabbfa3e8 ("net/mlx5: Update pci error handler entries and
+ carnil> command translation"). Vulnerable versions: 5.2-rc6.
+Bugs:
+upstream: released (5.16-rc2) [ba50cd9451f6c49cf0841c0a4a146ff6a2822699]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47213 b/active/CVE-2021-47213
new file mode 100644
index 00000000..5a8a8ff9
--- /dev/null
+++ b/active/CVE-2021-47213
@@ -0,0 +1,17 @@
+Description: NFSD: Fix exposure in nfsd4_decode_bitmap()
+References:
+Notes:
+ carnil> Introduced in d1c263a031e8 ("NFSD: Replace READ* macros in
+ carnil> nfsd4_decode_fattr()"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (5.16-rc2) [c0019b7db1d7ac62c711cda6b357a659d46428fe]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47214 b/active/CVE-2021-47214
new file mode 100644
index 00000000..9ab08fd4
--- /dev/null
+++ b/active/CVE-2021-47214
@@ -0,0 +1,17 @@
+Description: hugetlb, userfaultfd: fix reservation restore on userfaultfd error
+References:
+Notes:
+ carnil> Introduced in c7b1850dfb41 ("hugetlb: don't pass page cache pages to
+ carnil> restore_reserve_on_error"). Vulnerable versions: 5.13.13 5.14-rc7.
+Bugs:
+upstream: released (5.16-rc2) [cc30042df6fcc82ea18acf0dace831503e60a0b7]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47215 b/active/CVE-2021-47215
new file mode 100644
index 00000000..41588e26
--- /dev/null
+++ b/active/CVE-2021-47215
@@ -0,0 +1,17 @@
+Description: net/mlx5e: kTLS, Fix crash in RX resync flow
+References:
+Notes:
+ carnil> Introduced in e9ce991bce5b ("net/mlx5e: kTLS, Add resiliency to RX resync
+ carnil> failures"). Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (5.16-rc2) [cc4a9cc03faa6d8db1a6954bb536f2c1e63bdff6]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47216 b/active/CVE-2021-47216
new file mode 100644
index 00000000..28b20595
--- /dev/null
+++ b/active/CVE-2021-47216
@@ -0,0 +1,16 @@
+Description: scsi: advansys: Fix kernel pointer leak
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [d4996c6eac4c81b8872043e9391563f67f13e406]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [055eced3edf5b675d12189081303f6285ef26511]
+4.19-upstream-stable: released (4.19.218) [f5a0ba4a9b5e70e7b2f767636d26523f9d1ac59d]
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/active/CVE-2021-47217 b/active/CVE-2021-47217
new file mode 100644
index 00000000..c6daf117
--- /dev/null
+++ b/active/CVE-2021-47217
@@ -0,0 +1,17 @@
+Description: x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails
+References:
+Notes:
+ carnil> Introduced in 93286261de1b ("x86/hyperv: Reenlightenment notifications
+ carnil> support"). Vulnerable versions: 4.16-rc1.
+Bugs:
+upstream: released (5.16-rc2) [daf972118c517b91f74ff1731417feb4270625a4]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [9c177eee116cf888276d3748cb176e72562cfd5c]
+4.19-upstream-stable: released (4.19.218) [b20ec58f8a6f4fef32cc71480ddf824584e24743]
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: released (4.19.232-1)
diff --git a/active/CVE-2021-47218 b/active/CVE-2021-47218
new file mode 100644
index 00000000..985bb306
--- /dev/null
+++ b/active/CVE-2021-47218
@@ -0,0 +1,17 @@
+Description: selinux: fix NULL-pointer dereference when hashtab allocation fails
+References:
+Notes:
+ carnil> Introduced in 03414a49ad5f ("selinux: do not allocate hashtabs dynamically").
+ carnil> Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (5.16-rc3) [dc27f3c5d10c58069672215787a96b4fae01818b]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [b17dd53cac769dd13031b0ca34f90cc65e523fab]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-47219 b/active/CVE-2021-47219
new file mode 100644
index 00000000..74dd2877
--- /dev/null
+++ b/active/CVE-2021-47219
@@ -0,0 +1,16 @@
+Description: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (5.16-rc1) [f347c26836c270199de1599c3cd466bb7747caa9]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.7-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: N/A "Fixed before branching point"
+6.1-upstream-stable: N/A "Fixed before branching point"
+5.10-upstream-stable: released (5.10.82) [8440377e1a5644779b4c8d013aa2a917f5fc83c3]
+4.19-upstream-stable: needed
+sid: released (5.15.5-1)
+6.1-bookworm-security: N/A "Fixed before branching point"
+5.10-bullseye-security: released (5.10.84-1)
+4.19-buster-security: needed
author	Salvatore Bonaccorso <carnil@debian.org>	2024-04-10 21:52:07 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-04-10 21:52:07 +0200
commit	688f5248fc745b1897b7d556a57760a334f7ad42 (patch)
tree	80c15d9c5ced63feab788e85a0ca7d7931647232
parent	d831c9001a8a1601b7475b4a87f10261f10ad11d (diff)