Add tempoarary tracking for second bpf issue

author: Salvatore Bonaccorso <carnil@debian.org> 2022-01-13 22:41:26 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-01-13 22:41:26 +0100
commit: acb9ac528f970711d2ecd0a1827b59a7f5b44575 (patch)
tree: d90ededc4ae2b3c8da5a79e0ee664ffc89439233
parent: 48a64abf7be2e19f3a352cee4836a83a6b258a59 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/active/CVE-2022-oob-invalid_OR_NULL-type-verification b/active/CVE-2022-oob-invalid_OR_NULL-type-verification
new file mode 100644
index 00000000..b102da25
--- /dev/null
+++ b/active/CVE-2022-oob-invalid_OR_NULL-type-verification
@@ -0,0 +1,18 @@
+Description: bpf: Fix out of bounds access from invalid *_or_null type verification
+References:
+ https://www.openwall.com/lists/oss-security/2022/01/13/1
+Notes:
+ carnil> For stable series in 5.10.y, 5.15.y and 5.16.y the commit "bpf:
+ carnil> Fix out of bounds access from invalid *_or_null type
+ carnil> verification" was backported for fixing the issue as the issue
+ carnil> was fixed in mainline through the larger refactoring in
+ carnil> c25b2ae136039ffa820c26138ed4a5e5f3ab3841.
+Bugs:
+upstream: pending [c25b2ae136039ffa820c26138ed4a5e5f3ab3841]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2022-01-13 22:41:26 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-01-13 22:41:26 +0100
commit	acb9ac528f970711d2ecd0a1827b59a7f5b44575 (patch)
tree	d90ededc4ae2b3c8da5a79e0ee664ffc89439233
parent	48a64abf7be2e19f3a352cee4836a83a6b258a59 (diff)