Add new batch of CVEs assigned for Linux

96 files changed, 1522 insertions, 0 deletions

diff --git a/active/CVE-2023-52637 b/active/CVE-2023-52637
new file mode 100644
index 00000000..44f89bb3
--- /dev/null
+++ b/active/CVE-2023-52637
@@ -0,0 +1,16 @@
+Description: can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)
+References:
+Notes:
+ carnil> Introduced in 9d71dd0c70099 ("can: add support of SAE J1939 protocol").
+ carnil> Vulnerable versions: 5.4-rc1.
+Bugs:
+upstream: released (6.8-rc5) [efe7cf828039aedb297c1f9920b638fffee6aabc]
+6.7-upstream-stable: released (6.7.6) [fc74b9cb789cae061bbca7b203a3842e059f6b5d]
+6.6-upstream-stable: released (6.6.18) [f84e7534457dcd7835be743517c35378bb4e7c50]
+6.1-upstream-stable: released (6.1.79) [4dd684d4bb3cd5454e0bf6e2a1bdfbd5c9c872ed]
+5.10-upstream-stable: released (5.10.210) [978e50ef8c38dc71bd14d1b0143d554ff5d188ba]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-52638 b/active/CVE-2023-52638
new file mode 100644
index 00000000..5d6dd77c
--- /dev/null
+++ b/active/CVE-2023-52638
@@ -0,0 +1,15 @@
+Description: can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc5) [6cdedc18ba7b9dacc36466e27e3267d201948c8d]
+6.7-upstream-stable: released (6.7.6) [559b6322f9480bff68cfa98d108991e945a4f284]
+6.6-upstream-stable: released (6.6.18) [26dfe112ec2e95fe0099681f6aec33da13c2dd8e]
+6.1-upstream-stable: released (6.1.79) [aedda066d717a0b4335d7e0a00b2e3a61e40afcf]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52639 b/active/CVE-2023-52639
new file mode 100644
index 00000000..2f8a093f
--- /dev/null
+++ b/active/CVE-2023-52639
@@ -0,0 +1,16 @@
+Description: KVM: s390: vsie: fix race during shadow creation
+References:
+Notes:
+ carnil> Introduced in a3508fbe9dc6 ("KVM: s390: vsie: initial support for nested
+ carnil> virtualization"). Vulnerable versions: 4.8-rc1.
+Bugs:
+upstream: released (6.8-rc4) [fe752331d4b361d43cfd0b89534b4b2176057c32]
+6.7-upstream-stable: released (6.7.6) [28bb27824f25f36e5f80229a358d66ee09244082]
+6.6-upstream-stable: released (6.6.22) [f5572c0323cf8b4f1f0618178648a25b8fb8a380]
+6.1-upstream-stable: released (6.1.82) [5df3b81a567eb565029563f26f374ae3803a1dfc]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52640 b/active/CVE-2023-52640
new file mode 100644
index 00000000..57aa438e
--- /dev/null
+++ b/active/CVE-2023-52640
@@ -0,0 +1,15 @@
+Description: fs/ntfs3: Fix oob in ntfs_listxattr
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc4) [731ab1f9828800df871c5a7ab9ffe965317d3f15]
+6.7-upstream-stable: released (6.7.7) [0830c5cf19bdec50d0ede4755ddc463663deb21c]
+6.6-upstream-stable: released (6.6.19) [52fff5799e3d1b5803ecd2f5f19c13c65f4f7b23]
+6.1-upstream-stable: released (6.1.80) [6ed6cdbe88334ca3430c5aee7754dc4597498dfb]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52641 b/active/CVE-2023-52641
new file mode 100644
index 00000000..795d4690
--- /dev/null
+++ b/active/CVE-2023-52641
@@ -0,0 +1,15 @@
+Description: fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc4) [aaab47f204aaf47838241d57bf8662c8840de60a]
+6.7-upstream-stable: released (6.7.7) [847b68f58c212f0439c5a8101b3841f32caffccd]
+6.6-upstream-stable: released (6.6.19) [947c3f3d31ea185ddc8e7f198873f17d36deb24c]
+6.1-upstream-stable: released (6.1.80) [50545eb6cd5f7ff852a01fa29b7372524ef948cc]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26685 b/active/CVE-2024-26685
new file mode 100644
index 00000000..0823870d
--- /dev/null
+++ b/active/CVE-2024-26685
@@ -0,0 +1,17 @@
+Description: nilfs2: fix potential bug in end_buffer_async_write
+References:
+Notes:
+ carnil> Introduced in 7f42ec394156 ("nilfs2: fix issue with race condition of
+ carnil> competition between segments for dirty blocks"). Vulnerable versions: 3.2.52
+ carnil> 3.4.83 3.10.16 3.11.5 3.12-rc4.
+Bugs:
+upstream: released (6.8-rc4) [5bc09b397cbf1221f8a8aacb1152650c9195b02b]
+6.7-upstream-stable: released (6.7.6) [626daab3811b772086aef1bf8eed3ffe6f523eff]
+6.6-upstream-stable: released (6.6.18) [2c3bdba00283a6c7a5b19481a59a730f46063803]
+6.1-upstream-stable: released (6.1.79) [6589f0f72f8edd1fa11adce4eedbd3615f2e78ab]
+5.10-upstream-stable: released (5.10.210) [f3e4963566f58726d3265a727116a42b591f6596]
+4.19-upstream-stable: released (4.19.307) [c4a09fdac625e64abe478dcf88bfa20406616928]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26686 b/active/CVE-2024-26686
new file mode 100644
index 00000000..2f85ad54
--- /dev/null
+++ b/active/CVE-2024-26686
@@ -0,0 +1,15 @@
+Description: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc4) [7601df8031fd67310af891897ef6cc0df4209305]
+6.7-upstream-stable: released (6.7.6) [27978243f165b44e342f28f449b91327944ea071]
+6.6-upstream-stable: needed
+6.1-upstream-stable: released (6.1.82) [cf4b8c39b9a0bd81c47afc7ef62914a62dd5ec4d]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26687 b/active/CVE-2024-26687
new file mode 100644
index 00000000..899acdf0
--- /dev/null
+++ b/active/CVE-2024-26687
@@ -0,0 +1,16 @@
+Description: xen/events: close evtchn after mapping cleanup
+References:
+Notes:
+ carnil> Introduced in d46a78b05c0e ("xen: implement pirq type event channels").
+ carnil> Vulnerable versions: 2.6.37-rc1.
+Bugs:
+upstream: released (6.8-rc5) [fa765c4b4aed2d64266b694520ecb025c862c5a9]
+6.7-upstream-stable: released (6.7.6) [9be71aa12afa91dfe457b3fb4a444c42b1ee036b]
+6.6-upstream-stable: released (6.6.19) [20980195ec8d2e41653800c45c8c367fa1b1f2b4]
+6.1-upstream-stable: released (6.1.81) [585a344af6bcac222608a158fc2830ff02712af5]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26688 b/active/CVE-2024-26688
new file mode 100644
index 00000000..698763ce
--- /dev/null
+++ b/active/CVE-2024-26688
@@ -0,0 +1,16 @@
+Description: fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
+References:
+Notes:
+ carnil> Introduced in 32021982a324 ("hugetlbfs: Convert to fs_context"). Vulnerable
+ carnil> versions: 5.1-rc1.
+Bugs:
+upstream: released (6.8-rc4) [79d72c68c58784a3e1cd2378669d51bfd0cb7498]
+6.7-upstream-stable: released (6.7.6) [ec78418801ef7b0c22cd6a30145ec480dd48db39]
+6.6-upstream-stable: released (6.6.18) [13c5a9fb07105557a1fa9efdb4f23d7ef30b7274]
+6.1-upstream-stable: released (6.1.79) [2e2c07104b4904aed1389a59b25799b95a85b5b9]
+5.10-upstream-stable: released (5.10.212) [80d852299987a8037be145a94f41874228f1a773]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26689 b/active/CVE-2024-26689
new file mode 100644
index 00000000..453d685a
--- /dev/null
+++ b/active/CVE-2024-26689
@@ -0,0 +1,15 @@
+Description: ceph: prevent use-after-free in encode_cap_msg()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc4) [cda4672da1c26835dcbd7aec2bfed954eda9b5ef]
+6.7-upstream-stable: released (6.7.6) [7958c1bf5b03c6f1f58e724dbdec93f8f60b96fc]
+6.6-upstream-stable: released (6.6.18) [ae20db45e482303a20e56f2db667a9d9c54ac7e7]
+6.1-upstream-stable: released (6.1.79) [f3f98d7d84b31828004545e29fd7262b9f444139]
+5.10-upstream-stable: released (5.10.210) [8180d0c27b93a6eb60da1b08ea079e3926328214]
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26690 b/active/CVE-2024-26690
new file mode 100644
index 00000000..cc209b98
--- /dev/null
+++ b/active/CVE-2024-26690
@@ -0,0 +1,16 @@
+Description: net: stmmac: protect updates of 64-bit statistics counters
+References:
+Notes:
+ carnil> Introduced in 133466c3bbe1 ("net: stmmac: use per-queue 64 bit statistics where
+ carnil> necessary"). Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.8-rc4) [38cc3c6dcc09dc3a1800b5ec22aef643ca11eab8]
+6.7-upstream-stable: released (6.7.6) [e6af0f082a4b87b99ad033003be2a904a1791b3f]
+6.6-upstream-stable: released (6.6.18) [9680b2ab54ba8d72581100e8c45471306101836e]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26691 b/active/CVE-2024-26691
new file mode 100644
index 00000000..4343b5ec
--- /dev/null
+++ b/active/CVE-2024-26691
@@ -0,0 +1,15 @@
+Description: KVM: arm64: Fix circular locking dependency
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc5) [10c02aad111df02088d1a81792a709f6a7eca6cc]
+6.7-upstream-stable: released (6.7.6) [3ab1c40a1e915e350d9181a4603af393141970cc]
+6.6-upstream-stable: released (6.6.18) [3d16cebf01127f459dcfeb79ed77bd68b124c228]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26692 b/active/CVE-2024-26692
new file mode 100644
index 00000000..62deb7d5
--- /dev/null
+++ b/active/CVE-2024-26692
@@ -0,0 +1,16 @@
+Description: smb: Fix regression in writes when non-standard maximum write size negotiated
+References:
+Notes:
+ carnil> Introduced in d08089f649a0 ("cifs: Change the I/O paths to use an iterator
+ carnil> rather than a page list"). Vulnerable versions: 6.3-rc1.
+Bugs:
+upstream: released (6.8-rc5) [4860abb91f3d7fbaf8147d54782149bb1fc45892]
+6.7-upstream-stable: released (6.7.6) [63c35afd50e28b49c5b75542045a8c42b696dab9]
+6.6-upstream-stable: released (6.6.18) [4145ccff546ea868428b3e0fe6818c6261b574a9]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26693 b/active/CVE-2024-26693
new file mode 100644
index 00000000..f696d570
--- /dev/null
+++ b/active/CVE-2024-26693
@@ -0,0 +1,16 @@
+Description: wifi: iwlwifi: mvm: fix a crash when we run out of stations
+References:
+Notes:
+ carnil> Introduced in 57974a55d995 ("wifi: iwlwifi: mvm: refactor
+ carnil> iwl_mvm_mac_sta_state_common()"). Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.8-rc5) [b7198383ef2debe748118996f627452281cf27d7]
+6.7-upstream-stable: released (6.7.6) [c12f0f4d4caf23b1bfdc2602b6b70d56bdcd6aa7]
+6.6-upstream-stable: released (6.6.18) [00f4eb31b8193f6070ce24df636883f9c104ca95]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26694 b/active/CVE-2024-26694
new file mode 100644
index 00000000..d5926976
--- /dev/null
+++ b/active/CVE-2024-26694
@@ -0,0 +1,16 @@
+Description: wifi: iwlwifi: fix double-free bug
+References:
+Notes:
+ carnil> Introduced in 5e31b3df86ec ("wifi: iwlwifi: dbg: print pc register data once fw
+ carnil> dump occurred"). Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.8-rc4) [353d321f63f7dbfc9ef58498cc732c9fe886a596]
+6.7-upstream-stable: released (6.7.6) [d24eb9a27bea8fe5237fa71be274391d9d51eff2]
+6.6-upstream-stable: released (6.6.18) [ab9d4bb9a1892439b3123fc52b19e32b9cdf80ad]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26695 b/active/CVE-2024-26695
new file mode 100644
index 00000000..c20f1c9f
--- /dev/null
+++ b/active/CVE-2024-26695
@@ -0,0 +1,17 @@
+Description: crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked
+References:
+Notes:
+ carnil> Introduced in 1b05ece0c931 ("crypto: ccp - During shutdown, check SEV data
+ carnil> pointer before using"). Vulnerable versions: 5.10.137 5.15.61 5.18.18 5.19.2
+ carnil> 6.0-rc1.
+Bugs:
+upstream: released (6.8-rc4) [ccb88e9549e7cfd8bcd511c538f437e20026e983]
+6.7-upstream-stable: released (6.7.6) [b5909f197f3b26aebedca7d8ac7b688fd993a266]
+6.6-upstream-stable: released (6.6.18) [88aa493f393d2ee38ac140e1f6ac1881346e85d4]
+6.1-upstream-stable: released (6.1.79) [8731fe001a60581794ed9cf65da8cd304846a6fb]
+5.10-upstream-stable: released (5.10.210) [58054faf3bd29cd0b949b77efcb6157f66f401ed]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26696 b/active/CVE-2024-26696
new file mode 100644
index 00000000..ab0daf5c
--- /dev/null
+++ b/active/CVE-2024-26696
@@ -0,0 +1,17 @@
+Description: nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
+References:
+Notes:
+ carnil> Introduced in 1d1d1a767206 ("mm: only enforce stable page writes if the backing
+ carnil> device requires it"). Vulnerable versions: 3.9-rc1 3.10.93 3.12.51 3.14.57
+ carnil> 3.16.35 3.18.25 4.1.13 4.2.6.
+Bugs:
+upstream: released (6.8-rc4) [38296afe3c6ee07319e01bb249aa4bb47c07b534]
+6.7-upstream-stable: released (6.7.6) [e38585401d464578d30f5868ff4ca54475c34f7d]
+6.6-upstream-stable: released (6.6.18) [ea5ddbc11613b55e5128c85f57b08f907abd9b28]
+6.1-upstream-stable: released (6.1.79) [8494ba2c9ea00a54d5b50e69b22c55a8958bce32]
+5.10-upstream-stable: released (5.10.210) [98a4026b22ff440c7f47056481bcbbe442f607d6]
+4.19-upstream-stable: released (4.19.307) [228742b2ddfb99dfd71e5a307e6088ab6836272e]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26697 b/active/CVE-2024-26697
new file mode 100644
index 00000000..0e8cbfa2
--- /dev/null
+++ b/active/CVE-2024-26697
@@ -0,0 +1,15 @@
+Description: nilfs2: fix data corruption in dsync block recovery for small block sizes
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc4) [67b8bcbaed4777871bb0dcc888fb02a614a98ab1]
+6.7-upstream-stable: released (6.7.6) [2000016bab499074e6248ea85aeea7dd762355d9]
+6.6-upstream-stable: released (6.6.18) [2e1480538ef60bfee5473dfe02b1ecbaf1a4aa0d]
+6.1-upstream-stable: released (6.1.79) [9c9c68d64fd3284f7097ed6ae057c8441f39fcd3]
+5.10-upstream-stable: released (5.10.210) [364a66be2abdcd4fd426ffa44d9b8f40aafb3caa]
+4.19-upstream-stable: released (4.19.307) [5278c3eb6bf5896417572b52adb6be9d26e92f65]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26698 b/active/CVE-2024-26698
new file mode 100644
index 00000000..474d7a45
--- /dev/null
+++ b/active/CVE-2024-26698
@@ -0,0 +1,16 @@
+Description: hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove
+References:
+Notes:
+ carnil> Introduced in ac5047671758 ("hv_netvsc: Disable NAPI before closing the VMBus
+ carnil> channel"). Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (6.8-rc3) [e0526ec5360a48ad3ab2e26e802b0532302a7e11]
+6.7-upstream-stable: released (6.7.6) [0e8875de9dad12805ff66e92cd5edea6a421f1cd]
+6.6-upstream-stable: released (6.6.18) [22a77c0f5b8233237731df3288d067af51a2fd7b]
+6.1-upstream-stable: released (6.1.79) [48a8ccccffbae10c91d31fc872db5c31aba07518]
+5.10-upstream-stable: released (5.10.210) [9ec807e7b6f5fcf9499f3baa69f254bb239a847f]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26699 b/active/CVE-2024-26699
new file mode 100644
index 00000000..16bc77fe
--- /dev/null
+++ b/active/CVE-2024-26699
@@ -0,0 +1,15 @@
+Description: drm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc5) [46806e59a87790760870d216f54951a5b4d545bc]
+6.7-upstream-stable: released (6.7.6) [ca400d8e0c1c9d79c08dfb6b7f966e26c8cae7fb]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26700 b/active/CVE-2024-26700
new file mode 100644
index 00000000..40352a9a
--- /dev/null
+++ b/active/CVE-2024-26700
@@ -0,0 +1,15 @@
+Description: drm/amd/display: Fix MST Null Ptr for RV
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc4) [e6a7df96facdcf5b1f71eb3ec26f2f9f6ad61e57]
+6.7-upstream-stable: released (6.7.6) [5cd7185d2db76c42a9b7e69adad9591d9fca093f]
+6.6-upstream-stable: released (6.6.18) [7407c61f43b66e90ad127d0cdd13cbc9d87141a5]
+6.1-upstream-stable: released (6.1.82) [01d992088dce3945f70f49f34b0b911c5213c238]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26702 b/active/CVE-2024-26702
new file mode 100644
index 00000000..52281681
--- /dev/null
+++ b/active/CVE-2024-26702
@@ -0,0 +1,16 @@
+Description: iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC
+References:
+Notes:
+ carnil> Introduced in 121354b2eceb ("iio: magnetometer: Add driver support for PNI
+ carnil> RM3100"). Vulnerable versions: 5.0-rc1.
+Bugs:
+upstream: released (6.8-rc5) [792595bab4925aa06532a14dd256db523eb4fa5e]
+6.7-upstream-stable: released (6.7.6) [57d05dbbcd0b3dc0c252103b43012eef5d6430d1]
+6.6-upstream-stable: released (6.6.18) [1d8c67e94e9e977603473a543d4f322cf2c4aa01]
+6.1-upstream-stable: released (6.1.79) [176256ff8abff29335ecff905a09fb49e8dcf513]
+5.10-upstream-stable: released (5.10.210) [36a49290d7e6d554020057a409747a092b1d3b56]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26703 b/active/CVE-2024-26703
new file mode 100644
index 00000000..6e1bbae5
--- /dev/null
+++ b/active/CVE-2024-26703
@@ -0,0 +1,16 @@
+Description: tracing/timerlat: Move hrtimer_init to timerlat_fd open()
+References:
+Notes:
+ carnil> Introduced in e88ed227f639 ("tracing/timerlat: Add user-space interface").
+ carnil> Vulnerable versions: 6.5-rc1.
+Bugs:
+upstream: released (6.8-rc3) [1389358bb008e7625942846e9f03554319b7fecc]
+6.7-upstream-stable: released (6.7.6) [2354d29986ebd138f89c2b73fecf8237e0a4ad6b]
+6.6-upstream-stable: released (6.6.18) [5f703935fdb559642d85b2088442ee55a557ae6d]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26704 b/active/CVE-2024-26704
new file mode 100644
index 00000000..ba2e3363
--- /dev/null
+++ b/active/CVE-2024-26704
@@ -0,0 +1,16 @@
+Description: ext4: fix double-free of blocks due to wrong extents moved_len
+References:
+Notes:
+ carnil> Introduced in fcf6b1b729bc ("ext4: refactor ext4_move_extents code base").
+ carnil> Vulnerable versions: 3.18-rc2.
+Bugs:
+upstream: released (6.8-rc3) [55583e899a5357308274601364741a83e78d6ac4]
+6.7-upstream-stable: released (6.7.6) [559ddacb90da1d8786dd8ec4fd76bbfa404eaef6]
+6.6-upstream-stable: released (6.6.18) [2883940b19c38d5884c8626483811acf4d7e148f]
+6.1-upstream-stable: released (6.1.79) [185eab30486ba3e7bf8b9c2e049c79a06ffd2bc1]
+5.10-upstream-stable: released (5.10.210) [d033a555d9a1cf53dbf3301af7199cc4a4c8f537]
+4.19-upstream-stable: released (4.19.307) [b4fbb89d722cbb16beaaea234b7230faaaf68c71]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26705 b/active/CVE-2024-26705
new file mode 100644
index 00000000..8818f6bf
--- /dev/null
+++ b/active/CVE-2024-26705
@@ -0,0 +1,16 @@
+Description: parisc: BTLB: Fix crash when setting up BTLB at CPU bringup
+References:
+Notes:
+ carnil> Introduced in e5ef93d02d6c ("parisc: BTLB: Initialize BTLB tables at CPU
+ carnil> startup"). Vulnerable versions: 6.6-rc2.
+Bugs:
+upstream: released (6.8-rc3) [913b9d443a0180cf0de3548f1ab3149378998486]
+6.7-upstream-stable: released (6.7.6) [aa52be55276614d33f22fbe7da36c40d6432d10b]
+6.6-upstream-stable: released (6.6.18) [54944f45470af5965fb9c28cf962ec30f38a8f5b]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26706 b/active/CVE-2024-26706
new file mode 100644
index 00000000..60d4b032
--- /dev/null
+++ b/active/CVE-2024-26706
@@ -0,0 +1,15 @@
+Description: parisc: Fix random data corruption from exception handler
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc3) [8b1d72395635af45410b66cc4c4ab37a12c4a831]
+6.7-upstream-stable: released (6.7.6) [ce31d79aa1f13a2345791f84935281a2c194e003]
+6.6-upstream-stable: released (6.6.18) [fa69a8063f8b27f3c7434a0d4f464a76a62f24d2]
+6.1-upstream-stable: released (6.1.79) [23027309b099ffc4efca5477009a11dccbdae592]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26707 b/active/CVE-2024-26707
new file mode 100644
index 00000000..96ce3e96
--- /dev/null
+++ b/active/CVE-2024-26707
@@ -0,0 +1,16 @@
+Description: net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
+References:
+Notes:
+ carnil> Introduced in 121c33b07b31 ("net: hsr: introduce common code for skb
+ carnil> initialization"). Vulnerable versions: 5.9-rc1.
+Bugs:
+upstream: released (6.8-rc3) [37e8c97e539015637cb920d3e6f1e404f707a06e]
+6.7-upstream-stable: released (6.7.6) [547545e50c913861219947ce490c68a1776b9b51]
+6.6-upstream-stable: released (6.6.18) [923dea2a7ea9e1ef5ac4031fba461c1cc92e32b8]
+6.1-upstream-stable: released (6.1.79) [56440799fc4621c279df16176f83a995d056023a]
+5.10-upstream-stable: released (5.10.210) [0d8011a878fdf96123bc0d6a12e2fe7ced5fddfb]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26708 b/active/CVE-2024-26708
new file mode 100644
index 00000000..bd6e39ea
--- /dev/null
+++ b/active/CVE-2024-26708
@@ -0,0 +1,17 @@
+Description: mptcp: really cope with fastopen race
+References:
+Notes:
+ carnil> Introduced in 1e777f39b4d7 ("mptcp: add MSG_FASTOPEN sendmsg flag support")
+ carnil> 4fd19a307016 ("mptcp: fix inconsistent state on fastopen race"). Vulnerable
+ carnil> versions: 6.2-rc1 6.6.10 6.7-rc7.
+Bugs:
+upstream: released (6.8-rc5) [337cebbd850f94147cee05252778f8f78b8c337f]
+6.7-upstream-stable: released (6.7.6) [e158fb9679d15a2317ec13b4f6301bd26265df2f]
+6.6-upstream-stable: released (6.6.18) [4bfe217e075d04e63c092df9d40c608e598c2ef2]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26709 b/active/CVE-2024-26709
new file mode 100644
index 00000000..4bd0840a
--- /dev/null
+++ b/active/CVE-2024-26709
@@ -0,0 +1,16 @@
+Description: powerpc/iommu: Fix the missing iommu_group_put() during platform domain attach
+References:
+Notes:
+ carnil> Introduced in a8ca9fc9134c ("powerpc/iommu: Do not do platform domain attach
+ carnil> atctions after probe"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc5) [0846dd77c8349ec92ca0079c9c71d130f34cb192]
+6.7-upstream-stable: released (6.7.6) [c90fdea9cac9eb419fc266e75d625cb60c8f7f6c]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26710 b/active/CVE-2024-26710
new file mode 100644
index 00000000..203b031c
--- /dev/null
+++ b/active/CVE-2024-26710
@@ -0,0 +1,16 @@
+Description: powerpc/kasan: Limit KASAN thread size increase to 32KB
+References:
+Notes:
+ carnil> Introduced in 18f14afe2816 ("powerpc/64s: Increase default stack size to
+ carnil> 32KB"). Vulnerable versions: 6.1.75 6.1.76 6.6.14 6.7.2 6.8-rc1.
+Bugs:
+upstream: released (6.8-rc5) [f1acb109505d983779bbb7e20a1ee6244d2b5736]
+6.7-upstream-stable: released (6.7.6) [b29b16bd836a838b7690f80e37f8376414c74cbe]
+6.6-upstream-stable: released (6.6.18) [4cc31fa07445879a13750cb061bb8c2654975fcb]
+6.1-upstream-stable: released (6.1.79) [4297217bcf1f0948a19c2bacc6b68d92e7778ad9]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26711 b/active/CVE-2024-26711
new file mode 100644
index 00000000..f4dd309a
--- /dev/null
+++ b/active/CVE-2024-26711
@@ -0,0 +1,16 @@
+Description: iio: adc: ad4130: zero-initialize clock init data
+References:
+Notes:
+ carnil> Introduced in 62094060cf3a ("iio: adc: ad4130: add AD4130 driver"). Vulnerable
+ carnil> versions: 6.2-rc1.
+Bugs:
+upstream: released (6.8-rc5) [a22b0a2be69a36511cb5b37d948b651ddf7debf3]
+6.7-upstream-stable: released (6.7.6) [02876e2df02f8b17a593d77a0a7879a8109b27e1]
+6.6-upstream-stable: released (6.6.18) [0e0dab37750926d4fb0144edb1c1ea0612fea273]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26712 b/active/CVE-2024-26712
new file mode 100644
index 00000000..0fee3b5a
--- /dev/null
+++ b/active/CVE-2024-26712
@@ -0,0 +1,16 @@
+Description: powerpc/kasan: Fix addr error caused by page alignment
+References:
+Notes:
+ carnil> Introduced in 663c0c9496a6 ("powerpc/kasan: Fix shadow area set up for
+ carnil> modules."). Vulnerable versions: 5.3.6 5.4-rc1.
+Bugs:
+upstream: released (6.8-rc5) [4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0]
+6.7-upstream-stable: released (6.7.6) [70ef2ba1f4286b2b73675aeb424b590c92d57b25]
+6.6-upstream-stable: released (6.6.18) [0516c06b19dc64807c10e01bb99b552bdf2d7dbe]
+6.1-upstream-stable: released (6.1.79) [0c09912dd8387e228afcc5e34ac5d79b1e3a1058]
+5.10-upstream-stable: released (5.10.210) [230e89b5ad0a33f530a2a976b3e5e4385cb27882]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26713 b/active/CVE-2024-26713
new file mode 100644
index 00000000..f8fea6f1
--- /dev/null
+++ b/active/CVE-2024-26713
@@ -0,0 +1,16 @@
+Description: powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add
+References:
+Notes:
+ carnil> Introduced in a940904443e4 ("powerpc/iommu: Add iommu_ops to report
+ carnil> capabilities and allow blocking domains"). Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.8-rc5) [ed8b94f6e0acd652ce69bd69d678a0c769172df8]
+6.7-upstream-stable: released (6.7.6) [d4f762d6403f7419de90d7749fa83dd92ffb0e1d]
+6.6-upstream-stable: released (6.6.18) [9978d5b744e0227afe19e3bcb4c5f75442dde753]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26714 b/active/CVE-2024-26714
new file mode 100644
index 00000000..9f965989
--- /dev/null
+++ b/active/CVE-2024-26714
@@ -0,0 +1,16 @@
+Description: interconnect: qcom: sc8180x: Mark CO0 BCM keepalive
+References:
+Notes:
+ carnil> Introduced in 9c8c6bac1ae8 ("interconnect: qcom: Add SC8180x providers").
+ carnil> Vulnerable versions: 5.15-rc1.
+Bugs:
+upstream: released (6.8-rc5) [85e985a4f46e462a37f1875cb74ed380e7c0c2e0]
+6.7-upstream-stable: released (6.7.6) [7a3a70dd08e4b7dffc2f86f2c68fc3812804b9d0]
+6.6-upstream-stable: released (6.6.18) [d8e36ff40cf9dadb135f3a97341c02c9a7afcc43]
+6.1-upstream-stable: released (6.1.79) [6616d3c4f8284a7b3ef978c916566bd240cea1c7]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26715 b/active/CVE-2024-26715
new file mode 100644
index 00000000..7bb7a9db
--- /dev/null
+++ b/active/CVE-2024-26715
@@ -0,0 +1,16 @@
+Description: usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend
+References:
+Notes:
+ carnil> Introduced in 9772b47a4c29 ("usb: dwc3: gadget: Fix suspend/resume during
+ carnil> device mode"). Vulnerable versions: 3.16.81 4.4.178 4.6-rc5.
+Bugs:
+upstream: released (6.8-rc3) [61a348857e869432e6a920ad8ea9132e8d44c316]
+6.7-upstream-stable: released (6.7.6) [36695d5eeeefe5a64b47d0336e7c8fc144e78182]
+6.6-upstream-stable: released (6.6.18) [c7ebd8149ee519d27232e6e4940e9c02071b568b]
+6.1-upstream-stable: released (6.1.79) [57e2e42ccd3cd6183228269715ed032f44536751]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26716 b/active/CVE-2024-26716
new file mode 100644
index 00000000..f5338e59
--- /dev/null
+++ b/active/CVE-2024-26716
@@ -0,0 +1,16 @@
+Description: usb: core: Prevent null pointer dereference in update_port_device_state
+References:
+Notes:
+ carnil> Introduced in 83cb2604f641 ("usb: core: add sysfs entry for usb device state").
+ carnil> Vulnerable versions: 6.5-rc1.
+Bugs:
+upstream: released (6.8-rc3) [12783c0b9e2c7915a50d5ec829630ff2da50472c]
+6.7-upstream-stable: released (6.7.6) [465b545d1d7ef282192ddd4439b08279bdb13f6f]
+6.6-upstream-stable: released (6.6.18) [ed85777c640cf9e6920bb1b60ed8cd48e1f4d873]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26717 b/active/CVE-2024-26717
new file mode 100644
index 00000000..24c639a6
--- /dev/null
+++ b/active/CVE-2024-26717
@@ -0,0 +1,16 @@
+Description: HID: i2c-hid-of: fix NULL-deref on failed power up
+References:
+Notes:
+ carnil> Introduced in b33752c30023 ("HID: i2c-hid: Reorganize so ACPI and OF are
+ carnil> separate modules"). Vulnerable versions: 5.12-rc1.
+Bugs:
+upstream: released (6.8-rc3) [00aab7dcb2267f2aef59447602f34501efe1a07f]
+6.7-upstream-stable: released (6.7.6) [e28d6b63aeecbda450935fb58db0e682ea8212d3]
+6.6-upstream-stable: released (6.6.18) [4cad91344a62536a2949873bad6365fbb6232776]
+6.1-upstream-stable: released (6.1.79) [d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26718 b/active/CVE-2024-26718
new file mode 100644
index 00000000..62659871
--- /dev/null
+++ b/active/CVE-2024-26718
@@ -0,0 +1,18 @@
+Description: dm-crypt, dm-verity: disable tasklets
+References:
+Notes:
+ carnil> Introduced in 39d42fa96ba1b ("dm crypt: add flags to optionally bypass kcryptd
+ carnil> workqueues")
+ carnil> 5721d4e5a9cdb ("dm verity: Add optional "try_verify_in_tasklet" feature").
+ carnil> Vulnerable versions: 5.9-rc1 6.0-rc1.
+Bugs:
+upstream: released (6.8-rc3) [0a9bab391e336489169b95cb0d4553d921302189]
+6.7-upstream-stable: released (6.7.6) [0c45a20cbe68bc4d681734f5c03891124a274257]
+6.6-upstream-stable: released (6.6.18) [5735a2671ffb70ea29ca83969fe01316ee2ed6fc]
+6.1-upstream-stable: released (6.1.79) [30884a44e0cedc3dfda8c22432f3ba4078ec2d94]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26719 b/active/CVE-2024-26719
new file mode 100644
index 00000000..8d2c1930
--- /dev/null
+++ b/active/CVE-2024-26719
@@ -0,0 +1,15 @@
+Description: nouveau: offload fence uevents work to workqueue
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc3) [39126abc5e20611579602f03b66627d7cd1422f0]
+6.7-upstream-stable: released (6.7.6) [985d053f7633d8b539ab1531738d538efac678a9]
+6.6-upstream-stable: released (6.6.18) [cc0037fa592d56e4abb9c7d1c52c4d2dc25cd906]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26720 b/active/CVE-2024-26720
new file mode 100644
index 00000000..f4f1e3ee
--- /dev/null
+++ b/active/CVE-2024-26720
@@ -0,0 +1,16 @@
+Description: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
+References:
+Notes:
+ carnil> Introduced in f6789593d5ce ("mm/page-writeback.c: fix divide by zero in
+ carnil> bdi_dirty_limits()"). Vulnerable versions: 3.12.27 3.14.16 3.15.9 3.16.
+Bugs:
+upstream: released (6.8-rc3) [9319b647902cbd5cc884ac08a8a6d54ce111fc78]
+6.7-upstream-stable: released (6.7.6) [65977bed167a92e87085e757fffa5798f7314c9f]
+6.6-upstream-stable: released (6.6.18) [ec18ec230301583395576915d274b407743d8f6c]
+6.1-upstream-stable: released (6.1.79) [16b1025eaa8fc223ab4273ece20d1c3a4211a95d]
+5.10-upstream-stable: released (5.10.210) [81e7d2530d458548b90a5c5e76b77ad5e5d1c0df]
+4.19-upstream-stable: released (4.19.307) [c593d26fb5d577ef31b6e49a31e08ae3ebc1bc1e]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26721 b/active/CVE-2024-26721
new file mode 100644
index 00000000..f5b5d06d
--- /dev/null
+++ b/active/CVE-2024-26721
@@ -0,0 +1,16 @@
+Description: drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address
+References:
+Notes:
+ carnil> Introduced in bd077259d0a9 ("drm/i915/vdsc: Add function to read any PPS
+ carnil> register"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc5) [962ac2dce56bb3aad1f82a4bbe3ada57a020287c]
+6.7-upstream-stable: released (6.7.6) [ff5999fb03f467e1e7159f0ddb199c787f7512b9]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26722 b/active/CVE-2024-26722
new file mode 100644
index 00000000..7686f9b6
--- /dev/null
+++ b/active/CVE-2024-26722
@@ -0,0 +1,17 @@
+Description: ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
+References:
+Notes:
+ carnil> Introduced in cdba4301adda ("ASoC: rt5650: add mutex to avoid the jack
+ carnil> detection failure"). Vulnerable versions: 4.19.306 5.4.268 5.10.209 5.15.148
+ carnil> 6.1.74 6.6.13 6.7-rc5.
+Bugs:
+upstream: released (6.8-rc5) [6ef5d5b92f7117b324efaac72b3db27ae8bb3082]
+6.7-upstream-stable: released (6.7.6) [ed5b8b735369b40d6c1f8ef3e62d369f74b4c491]
+6.6-upstream-stable: released (6.6.18) [050ad2ca0ac169dd9e552075d2c6af1bbb46534c]
+6.1-upstream-stable: released (6.1.79) [1f0d7792e9023e8658e901b7b76a555f6aa052ec]
+5.10-upstream-stable: released (5.10.210) [4a98bc739d0753a5810ce5630943cd7614c7717e]
+4.19-upstream-stable: released (4.19.307) [3dd2d99e2352903d0e0b8769e6c9b8293c7454b2]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26723 b/active/CVE-2024-26723
new file mode 100644
index 00000000..437358b6
--- /dev/null
+++ b/active/CVE-2024-26723
@@ -0,0 +1,16 @@
+Description: lan966x: Fix crash when adding interface under a lag
+References:
+Notes:
+ carnil> Introduced in cabc9d49333d ("net: lan966x: Add lag support for lan966x").
+ carnil> Vulnerable versions: 6.1-rc1.
+Bugs:
+upstream: released (6.8-rc5) [15faa1f67ab405d47789d4702f587ec7df7ef03e]
+6.7-upstream-stable: released (6.7.6) [2a492f01228b7d091dfe38974ef40dccf8f9f2f1]
+6.6-upstream-stable: released (6.6.18) [48fae67d837488c87379f0c9f27df7391718477c]
+6.1-upstream-stable: released (6.1.79) [b9357489c46c7a43999964628db8b47d3a1f8672]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26724 b/active/CVE-2024-26724
new file mode 100644
index 00000000..5fab05ee
--- /dev/null
+++ b/active/CVE-2024-26724
@@ -0,0 +1,16 @@
+Description: net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers
+References:
+Notes:
+ carnil> Introduced in 496fd0a26bbf ("mlx5: Implement SyncE support using DPLL
+ carnil> infrastructure"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc5) [aa1eec2f546f2afa8c98ec41e5d8ee488165d685]
+6.7-upstream-stable: released (6.7.6) [1596126ea50228f0ed96697bae4e9368fda02c56]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26725 b/active/CVE-2024-26725
new file mode 100644
index 00000000..5697928c
--- /dev/null
+++ b/active/CVE-2024-26725
@@ -0,0 +1,16 @@
+Description: dpll: fix possible deadlock during netlink dump operation
+References:
+Notes:
+ carnil> Introduced in 9d71b54b65b1 ("dpll: netlink: Add DPLL framework base
+ carnil> functions"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc5) [53c0441dd2c44ee93fddb5473885fd41e4bc2361]
+6.7-upstream-stable: released (6.7.6) [087739cbd0d0b87b6cec2c0799436ac66e24acc8]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26726 b/active/CVE-2024-26726
new file mode 100644
index 00000000..4b006c8c
--- /dev/null
+++ b/active/CVE-2024-26726
@@ -0,0 +1,15 @@
+Description: btrfs: don't drop extent_map for free space inode on write error
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc5) [5571e41ec6e56e35f34ae9f5b3a335ef510e0ade]
+6.7-upstream-stable: released (6.7.6) [a4b7741c8302e28073bfc6dd1c2e73598e5e535e]
+6.6-upstream-stable: released (6.6.18) [7bddf18f474f166c19f91b2baf67bf7c5eda03f7]
+6.1-upstream-stable: released (6.1.79) [02f2b95b00bf57d20320ee168b30fb7f3db8e555]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26727 b/active/CVE-2024-26727
new file mode 100644
index 00000000..a8be3527
--- /dev/null
+++ b/active/CVE-2024-26727
@@ -0,0 +1,16 @@
+Description: btrfs: do not ASSERT() if the newly created subvolume already got read
+References:
+Notes:
+ carnil> Introduced in 2dfb1e43f57d ("btrfs: preallocate anon block device at first
+ carnil> phase of snapshot creation"). Vulnerable versions: 5.8.3 5.9-rc1.
+Bugs:
+upstream: released (6.8-rc4) [e03ee2fe873eb68c1f9ba5112fee70303ebf9dfb]
+6.7-upstream-stable: released (6.7.6) [5a172344bfdabb46458e03708735d7b1a918c468]
+6.6-upstream-stable: released (6.6.18) [833775656d447c545133a744a0ed1e189ce61430]
+6.1-upstream-stable: released (6.1.79) [66b317a2fc45b2ef66527ee3f8fa08fb5beab88d]
+5.10-upstream-stable: released (5.10.210) [3f5d47eb163bceb1b9e613c9003bae5fefc0046f]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26728 b/active/CVE-2024-26728
new file mode 100644
index 00000000..a26b153a
--- /dev/null
+++ b/active/CVE-2024-26728
@@ -0,0 +1,16 @@
+Description: drm/amd/display: fix null-pointer dereference on edid reading
+References:
+Notes:
+ carnil> Introduced in 0e859faf8670 ("drm/amd/display: Remove unwanted drm edid
+ carnil> references"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc6) [9671761792156f2339627918bafcd713a8a6f777]
+6.7-upstream-stable: released (6.7.7) [2d392f7268a1a9bfbd98c831f0f4c964e59aa145]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26729 b/active/CVE-2024-26729
new file mode 100644
index 00000000..10445ddb
--- /dev/null
+++ b/active/CVE-2024-26729
@@ -0,0 +1,17 @@
+Description: drm/amd/display: Fix potential null pointer dereference in dc_dmub_srv
+References:
+Notes:
+ carnil> Introduced in 028bac583449 ("drm/amd/display: decouple dmcub execution to
+ carnil> reduce lock granularity")
+ carnil> 65138eb72e1f ("drm/amd/display: Add DCN35 DMUB"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc6) [d2b48f340d9e4a8fbeb1cdc84cd8da6ad143a907]
+6.7-upstream-stable: released (6.7.7) [351080ba3414c96afff0f1338b4aeb2983195b80]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26730 b/active/CVE-2024-26730
new file mode 100644
index 00000000..b4da1117
--- /dev/null
+++ b/active/CVE-2024-26730
@@ -0,0 +1,16 @@
+Description: hwmon: (nct6775) Fix access to temperature configuration registers
+References:
+Notes:
+ carnil> Introduced in b7f1f7b2523a ("hwmon: (nct6775) Additional TEMP registers for
+ carnil> nct6799"). Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.8-rc6) [d56e460e19ea8382f813eb489730248ec8d7eb73]
+6.7-upstream-stable: released (6.7.7) [c196387820c9214c5ceaff56d77303c82514b8b1]
+6.6-upstream-stable: released (6.6.19) [f006c45a3ea424f8f6c8e4b9283bc245ce2a4d0f]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26731 b/active/CVE-2024-26731
new file mode 100644
index 00000000..0f6ef1e2
--- /dev/null
+++ b/active/CVE-2024-26731
@@ -0,0 +1,16 @@
+Description: bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()
+References:
+Notes:
+ carnil> Introduced in 6df7f764cd3c ("bpf, sockmap: Wake up polling after data copy").
+ carnil> Vulnerable versions: 6.1.32 6.3.6 6.4-rc4.
+Bugs:
+upstream: released (6.8-rc6) [4cd12c6065dfcdeba10f49949bffcf383b3952d8]
+6.7-upstream-stable: released (6.7.7) [d61608a4e394f23e0dca099df9eb8e555453d949]
+6.6-upstream-stable: released (6.6.19) [9b099ed46dcaf1403c531ff02c3d7400fa37fa26]
+6.1-upstream-stable: released (6.1.80) [4588b13abcbd561ec67f5b3c1cb2eff690990a54]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26732 b/active/CVE-2024-26732
new file mode 100644
index 00000000..e022b501
--- /dev/null
+++ b/active/CVE-2024-26732
@@ -0,0 +1,16 @@
+Description: net: implement lockless setsockopt(SO_PEEK_OFF)
+References:
+Notes:
+ carnil> Introduced in 859051dd165e ("bpf: Implement cgroup sockaddr hooks for unix
+ carnil> sockets"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc6) [56667da7399eb19af857e30f41bea89aa6fa812c]
+6.7-upstream-stable: released (6.7.7) [897f75e2cde8a5f9f7529b55249af1fa4248c83b]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26733 b/active/CVE-2024-26733
new file mode 100644
index 00000000..7e0ac2c2
--- /dev/null
+++ b/active/CVE-2024-26733
@@ -0,0 +1,16 @@
+Description: arp: Prevent overflow in arp_req_get().
+References:
+Notes:
+ carnil> Introduced in 1da177e4c3f4 ("Linux-2.6.12-rc2"). Vulnerable versions:
+ carnil> 2.6.12-rc2^0.
+Bugs:
+upstream: released (6.8-rc6) [a7d6027790acea24446ddd6632d394096c0f4667]
+6.7-upstream-stable: released (6.7.7) [3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a]
+6.6-upstream-stable: released (6.6.19) [a3f2c083cb575d80a7627baf3339e78fedccbb91]
+6.1-upstream-stable: released (6.1.80) [f119f2325ba70cbfdec701000dcad4d88805d5b0]
+5.10-upstream-stable: released (5.10.211) [dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587]
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26734 b/active/CVE-2024-26734
new file mode 100644
index 00000000..05dcf1e4
--- /dev/null
+++ b/active/CVE-2024-26734
@@ -0,0 +1,16 @@
+Description: devlink: fix possible use-after-free and memory leaks in devlink_init()
+References:
+Notes:
+ carnil> Introduced in 687125b5799c ("devlink: split out core code"). Vulnerable
+ carnil> versions: 6.3-rc1.
+Bugs:
+upstream: released (6.8-rc6) [def689fc26b9a9622d2e2cb0c4933dd3b1c8071c]
+6.7-upstream-stable: released (6.7.7) [e91d3561e28d7665f4f837880501dc8755f635a9]
+6.6-upstream-stable: released (6.6.19) [919092bd5482b7070ae66d1daef73b600738f3a2]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26735 b/active/CVE-2024-26735
new file mode 100644
index 00000000..ae056f3a
--- /dev/null
+++ b/active/CVE-2024-26735
@@ -0,0 +1,16 @@
+Description: ipv6: sr: fix possible use-after-free and null-ptr-deref
+References:
+Notes:
+ carnil> Introduced in 915d7e5e5930 ("ipv6: sr: add code base for control plane support
+ carnil> of SR-IPv6"). Vulnerable versions: 4.10-rc1.
+Bugs:
+upstream: released (6.8-rc6) [5559cea2d5aa3018a5f00dd2aca3427ba09b386b]
+6.7-upstream-stable: released (6.7.7) [02b08db594e8218cfbc0e4680d4331b457968a9b]
+6.6-upstream-stable: released (6.6.19) [9e02973dbc6a91e40aa4f5d87b8c47446fbfce44]
+6.1-upstream-stable: released (6.1.80) [8391b9b651cfdf80ab0f1dc4a489f9d67386e197]
+5.10-upstream-stable: released (5.10.211) [65c38f23d10ff79feea1e5d50b76dc7af383c1e6]
+4.19-upstream-stable: released (4.19.308) [953f42934533c151f440cd32390044d2396b87aa]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26736 b/active/CVE-2024-26736
new file mode 100644
index 00000000..d4ad1130
--- /dev/null
+++ b/active/CVE-2024-26736
@@ -0,0 +1,16 @@
+Description: afs: Increase buffer size in afs_update_volume_status()
+References:
+Notes:
+ carnil> Introduced in d2ddc776a458 ("afs: Overhaul volume and server record caching and
+ carnil> fileserver rotation"). Vulnerable versions: 4.15-rc1.
+Bugs:
+upstream: released (6.8-rc6) [6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d]
+6.7-upstream-stable: released (6.7.7) [d34a5e57632bb5ff825196ddd9a48ca403626dfa]
+6.6-upstream-stable: released (6.6.19) [6e6065dd25b661420fac19c34282b6c626fcd35e]
+6.1-upstream-stable: released (6.1.80) [e8530b170e464017203e3b8c6c49af6e916aece1]
+5.10-upstream-stable: released (5.10.211) [d9b5e2b7a8196850383c70d099bfd39e81ab6637]
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26737 b/active/CVE-2024-26737
new file mode 100644
index 00000000..de9711f7
--- /dev/null
+++ b/active/CVE-2024-26737
@@ -0,0 +1,16 @@
+Description: bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel
+References:
+Notes:
+ carnil> Introduced in b00628b1c7d5 ("bpf: Introduce bpf timers."). Vulnerable versions:
+ carnil> 5.15-rc1.
+Bugs:
+upstream: released (6.8-rc6) [0281b919e175bb9c3128bd3872ac2903e9436e3f]
+6.7-upstream-stable: released (6.7.7) [7d80a9e745fa5b47da3bca001f186c02485c7c33]
+6.6-upstream-stable: released (6.6.19) [8327ed12e8ebc5436bfaa1786c49988894f9c8a6]
+6.1-upstream-stable: released (6.1.80) [addf5e297e6cbf5341f9c07720693ca9ba0057b5]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26738 b/active/CVE-2024-26738
new file mode 100644
index 00000000..4c8b8f93
--- /dev/null
+++ b/active/CVE-2024-26738
@@ -0,0 +1,16 @@
+Description: powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller
+References:
+Notes:
+ carnil> Introduced in a940904443e4 ("powerpc/iommu: Add iommu_ops to report
+ carnil> capabilities and allow blocking domains"). Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.8-rc6) [a5c57fd2e9bd1c8ea8613a8f94fd0be5eccbf321]
+6.7-upstream-stable: released (6.7.7) [46e36ebd5e00a148b67ed77c1d31675996f77c25]
+6.6-upstream-stable: released (6.6.19) [b8315b2e25b4e68e42fcb74630f824b9a5067765]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26739 b/active/CVE-2024-26739
new file mode 100644
index 00000000..162a4994
--- /dev/null
+++ b/active/CVE-2024-26739
@@ -0,0 +1,16 @@
+Description: net/sched: act_mirred: don't override retval if we already lost the skb
+References:
+Notes:
+ carnil> Introduced in e5cf1baf92cb ("act_mirred: use TC_ACT_REINSERT when possible").
+ carnil> Vulnerable versions: 4.19-rc1.
+Bugs:
+upstream: released (6.8-rc6) [166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210]
+6.7-upstream-stable: released (6.7.7) [f4e294bbdca8ac8757db436fc82214f3882fc7e7]
+6.6-upstream-stable: released (6.6.19) [28cdbbd38a4413b8eff53399b3f872fd4e80db9d]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26740 b/active/CVE-2024-26740
new file mode 100644
index 00000000..431590e6
--- /dev/null
+++ b/active/CVE-2024-26740
@@ -0,0 +1,16 @@
+Description: net/sched: act_mirred: use the backlog for mirred ingress
+References:
+Notes:
+ carnil> Introduced in 53592b364001 ("net/sched: act_mirred: Implement ingress
+ carnil> actions"). Vulnerable versions: 4.10-rc1.
+Bugs:
+upstream: released (6.8-rc6) [52f671db18823089a02f07efc04efdb2272ddc17]
+6.7-upstream-stable: released (6.7.7) [60ddea1600bc476e0f5e02bce0e29a460ccbf0be]
+6.6-upstream-stable: released (6.6.19) [7c787888d164689da8b1b115f3ef562c1e843af4]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26741 b/active/CVE-2024-26741
new file mode 100644
index 00000000..b359fd13
--- /dev/null
+++ b/active/CVE-2024-26741
@@ -0,0 +1,16 @@
+Description: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished().
+References:
+Notes:
+ carnil> Introduced in 28044fc1d495 ("net: Add a bhash2 table hashed by port and
+ carnil> address"). Vulnerable versions: 6.1-rc1.
+Bugs:
+upstream: released (6.8-rc6) [66b60b0c8c4a163b022a9f0ad6769b0fd3dc662f]
+6.7-upstream-stable: released (6.7.7) [f8c4a6b850882bc47aaa864b720c7a2ee3102f39]
+6.6-upstream-stable: released (6.6.19) [334a8348b2df26526f3298848ad6864285592caf]
+6.1-upstream-stable: released (6.1.80) [729bc77af438a6e67914c97f6f3d3af8f72c0131]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26742 b/active/CVE-2024-26742
new file mode 100644
index 00000000..70d981e1
--- /dev/null
+++ b/active/CVE-2024-26742
@@ -0,0 +1,16 @@
+Description: scsi: smartpqi: Fix disable_managed_interrupts
+References:
+Notes:
+ carnil> Introduced in cf15c3e734e8 ("scsi: smartpqi: Add module param to disable
+ carnil> managed ints"). Vulnerable versions: 6.0-rc1.
+Bugs:
+upstream: released (6.8-rc6) [5761eb9761d2d5fe8248a9b719efc4d8baf1f24a]
+6.7-upstream-stable: released (6.7.7) [b9433b25cb06c415c9cb24782599649a406c8d6d]
+6.6-upstream-stable: released (6.6.19) [4f5b15c15e6016efb3e14582d02cc4ddf57227df]
+6.1-upstream-stable: released (6.1.80) [3c31b18a8dd8b7bf36af1cd723d455853b8f94fe]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26743 b/active/CVE-2024-26743
new file mode 100644
index 00000000..78da085c
--- /dev/null
+++ b/active/CVE-2024-26743
@@ -0,0 +1,16 @@
+Description: RDMA/qedr: Fix qedr_create_user_qp error flow
+References:
+Notes:
+ carnil> Introduced in df15856132bc ("RDMA/qedr: restructure functions that
+ carnil> create/destroy QPs"). Vulnerable versions: 4.11-rc1.
+Bugs:
+upstream: released (6.8-rc6) [5ba4e6d5863c53e937f49932dee0ecb004c65928]
+6.7-upstream-stable: released (6.7.7) [bab8875c06ebda5e01c5c4cab30022aed85c14e6]
+6.6-upstream-stable: released (6.6.19) [95175dda017cd4982cd47960536fa1de003d3298]
+6.1-upstream-stable: released (6.1.80) [7f31a244c753aacf40b71d01f03ca6742f81bbbc]
+5.10-upstream-stable: released (5.10.211) [5639414a52a29336ffa1ede80a67c6d927acbc5a]
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26744 b/active/CVE-2024-26744
new file mode 100644
index 00000000..eeab8cce
--- /dev/null
+++ b/active/CVE-2024-26744
@@ -0,0 +1,16 @@
+Description: RDMA/srpt: Support specifying the srpt_service_guid parameter
+References:
+Notes:
+ carnil> Introduced in a42d985bd5b2 ("ib_srpt: Initial SRP Target merge for v3.3-rc1").
+ carnil> Vulnerable versions: 3.3-rc1.
+Bugs:
+upstream: released (6.8-rc6) [fdfa083549de5d50ebf7f6811f33757781e838c0]
+6.7-upstream-stable: released (6.7.7) [c99a827d3cff9f84e1cb997b7cc6386d107aa74d]
+6.6-upstream-stable: released (6.6.19) [fe2a73d57319feab4b3b175945671ce43492172f]
+6.1-upstream-stable: released (6.1.80) [aee4dcfe17219fe60f2821923adea98549060af8]
+5.10-upstream-stable: released (5.10.211) [5a5c039dac1b1b7ba3e91c791f4421052bf79b82]
+4.19-upstream-stable: released (4.19.308) [84f1dac960cfa210a3b7a7522e6c2320ae91932b]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26747 b/active/CVE-2024-26747
new file mode 100644
index 00000000..41f17169
--- /dev/null
+++ b/active/CVE-2024-26747
@@ -0,0 +1,16 @@
+Description: usb: roles: fix NULL pointer issue when put module's reference
+References:
+Notes:
+ carnil> Introduced in 5c54fcac9a9d ("usb: roles: Take care of driver module reference
+ carnil> counting"). Vulnerable versions: 4.18.12 4.19-rc6.
+Bugs:
+upstream: released (6.8-rc6) [1c9be13846c0b2abc2480602f8ef421360e1ad9e]
+6.7-upstream-stable: released (6.7.7) [01f82de440f2ab07c259b7573371e1c42e5565db]
+6.6-upstream-stable: released (6.6.19) [4b45829440b1b208948b39cc71f77a37a2536734]
+6.1-upstream-stable: released (6.1.80) [0158216805ca7e498d07de38840d2732166ae5fa]
+5.10-upstream-stable: released (5.10.211) [e279bf8e51893e1fe160b3d8126ef2dd00f661e1]
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26748 b/active/CVE-2024-26748
new file mode 100644
index 00000000..4e0d7809
--- /dev/null
+++ b/active/CVE-2024-26748
@@ -0,0 +1,16 @@
+Description: usb: cdns3: fix memory double free when handle zero packet
+References:
+Notes:
+ carnil> Introduced in 7733f6c32e36 ("usb: cdns3: Add Cadence USB3 DRD Driver").
+ carnil> Vulnerable versions: 5.4-rc1.
+Bugs:
+upstream: released (6.8-rc6) [5fd9e45f1ebcd57181358af28506e8a661a260b3]
+6.7-upstream-stable: released (6.7.7) [92d20406a3d4ff3e8be667c79209dc9ed31df5b3]
+6.6-upstream-stable: released (6.6.19) [70e8038813f9d3e72df966748ebbc40efe466019]
+6.1-upstream-stable: released (6.1.80) [9a52b694b066f299d8b9800854a8503457a8b64c]
+5.10-upstream-stable: released (5.10.211) [1e204a8e9eb514e22a6567fb340ebb47df3f3a48]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26749 b/active/CVE-2024-26749
new file mode 100644
index 00000000..4d721117
--- /dev/null
+++ b/active/CVE-2024-26749
@@ -0,0 +1,16 @@
+Description: usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()
+References:
+Notes:
+ carnil> Introduced in 7733f6c32e36 ("usb: cdns3: Add Cadence USB3 DRD Driver").
+ carnil> Vulnerable versions: 5.4-rc1.
+Bugs:
+upstream: released (6.8-rc6) [cd45f99034b0c8c9cb346dd0d6407a95ca3d36f6]
+6.7-upstream-stable: released (6.7.7) [9a07244f614bc417de527b799da779dcae780b5d]
+6.6-upstream-stable: released (6.6.19) [29e42e1578a10c611b3f1a38f3229b2d664b5d16]
+6.1-upstream-stable: released (6.1.80) [2134e9906e17b1e5284300fab547869ebacfd7d9]
+5.10-upstream-stable: released (5.10.211) [b40328eea93c75a5645891408010141a0159f643]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26751 b/active/CVE-2024-26751
new file mode 100644
index 00000000..6cc664fd
--- /dev/null
+++ b/active/CVE-2024-26751
@@ -0,0 +1,16 @@
+Description: ARM: ep93xx: Add terminator to gpiod_lookup_table
+References:
+Notes:
+ carnil> Introduced in b2e63555592f ("i2c: gpio: Convert to use descriptors").
+ carnil> Vulnerable versions: 4.15-rc1.
+Bugs:
+upstream: released (6.8-rc6) [fdf87a0dc26d0550c60edc911cda42f9afec3557]
+6.7-upstream-stable: released (6.7.7) [6abe0895b63c20de06685c8544b908c7e413efa8]
+6.6-upstream-stable: released (6.6.19) [97ba7c1f9c0a2401e644760d857b2386aa895997]
+6.1-upstream-stable: released (6.1.80) [786f089086b505372fb3f4f008d57e7845fff0d8]
+5.10-upstream-stable: released (5.10.211) [70d92abbe29692a3de8697ae082c60f2d21ab482]
+4.19-upstream-stable: released (4.19.308) [9e200a06ae2abb321939693008290af32b33dd6e]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26752 b/active/CVE-2024-26752
new file mode 100644
index 00000000..3ca05a9a
--- /dev/null
+++ b/active/CVE-2024-26752
@@ -0,0 +1,17 @@
+Description: l2tp: pass correct message length to ip6_append_data
+References:
+Notes:
+ carnil> Introduced in 9d4c75800f61 ("ipv4, ipv6: Fix handling of transhdrlen in
+ carnil> __ip{,6}_append_data()"). Vulnerable versions: 4.14.327 4.19.296 5.4.258
+ carnil> 5.10.198 5.15.135 6.1.57 6.5.7 6.6-rc5.
+Bugs:
+upstream: released (6.8-rc6) [359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79]
+6.7-upstream-stable: released (6.7.7) [83340c66b498e49353530e41542500fc8a4782d6]
+6.6-upstream-stable: released (6.6.19) [804bd8650a3a2bf3432375f8c97d5049d845ce56]
+6.1-upstream-stable: released (6.1.80) [13cd1daeea848614e585b2c6ecc11ca9c8ab2500]
+5.10-upstream-stable: released (5.10.211) [dcb4d14268595065c85dc5528056713928e17243]
+4.19-upstream-stable: released (4.19.308) [4c3ce64bc9d36ca9164dd6c77ff144c121011aae]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26753 b/active/CVE-2024-26753
new file mode 100644
index 00000000..82c4f760
--- /dev/null
+++ b/active/CVE-2024-26753
@@ -0,0 +1,16 @@
+Description: crypto: virtio/akcipher - Fix stack overflow on memcpy
+References:
+Notes:
+ carnil> Introduced in 59ca6c93387d ("virtio-crypto: implement RSA algorithm").
+ carnil> Vulnerable versions: 5.10.209 5.18-rc1.
+Bugs:
+upstream: released (6.8-rc6) [c0ec2a712daf133d9996a8a1b7ee2d4996080363]
+6.7-upstream-stable: released (6.7.7) [ef1e47d50324e232d2da484fe55a54274eeb9bc1]
+6.6-upstream-stable: released (6.6.19) [b0365460e945e1117b47cf7329d86de752daff63]
+6.1-upstream-stable: released (6.1.80) [62f361bfea60c6afc3df09c1ad4152e6507f6f47]
+5.10-upstream-stable: released (5.10.212) [37077ed16c7793e21b005979d33f8a61565b7e86]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26754 b/active/CVE-2024-26754
new file mode 100644
index 00000000..d0c95597
--- /dev/null
+++ b/active/CVE-2024-26754
@@ -0,0 +1,16 @@
+Description: gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
+References:
+Notes:
+ carnil> Introduced in 459aa660eb1d ("gtp: add initial driver for datapath of GPRS
+ carnil> Tunneling Protocol (GTP-U)"). Vulnerable versions: 4.7-rc1.
+Bugs:
+upstream: released (6.8-rc6) [136cfaca22567a03bbb3bf53a43d8cb5748b80ec]
+6.7-upstream-stable: released (6.7.7) [5013bd54d283eda5262c9ae3bcc966d01daf8576]
+6.6-upstream-stable: released (6.6.19) [ba6b8b02a3314e62571a540efa96560888c5f03e]
+6.1-upstream-stable: released (6.1.80) [3963f16cc7643b461271989b712329520374ad2a]
+5.10-upstream-stable: released (5.10.211) [2e534fd15e5c2ca15821c897352cf0e8a3e30dca]
+4.19-upstream-stable: released (4.19.308) [f0ecdfa679189d26aedfe24212d4e69e42c2c861]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26755 b/active/CVE-2024-26755
new file mode 100644
index 00000000..16908f87
--- /dev/null
+++ b/active/CVE-2024-26755
@@ -0,0 +1,16 @@
+Description: md: Don't suspend the array for interrupted reshape
+References:
+Notes:
+ carnil> Introduced in bc08041b32ab ("md: suspend array in md_start_sync() if array need
+ carnil> reconfiguration"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc6) [9e46c70e829bddc24e04f963471e9983a11598b7]
+6.7-upstream-stable: released (6.7.7) [60d6130d0ac1d883ed93c2a1e10aadb60967fd48]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26756 b/active/CVE-2024-26756
new file mode 100644
index 00000000..903d86a8
--- /dev/null
+++ b/active/CVE-2024-26756
@@ -0,0 +1,18 @@
+Description: md: Don't register sync_thread for reshape directly
+References:
+Notes:
+ carnil> Introduced in f67055780caa ("[PATCH] md: Checkpoint and allow restart of raid5
+ carnil> reshape")
+ carnil> f52f5c71f3d4 ("md: fix stopping sync thread"). Vulnerable versions: 2.6.17-rc1
+ carnil> 6.7-rc5.
+Bugs:
+upstream: released (6.8-rc6) [ad39c08186f8a0f221337985036ba86731d6aafe]
+6.7-upstream-stable: released (6.7.7) [13b520fb62b772e408f9b79c5fe18ad414e90417]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26757 b/active/CVE-2024-26757
new file mode 100644
index 00000000..13db185d
--- /dev/null
+++ b/active/CVE-2024-26757
@@ -0,0 +1,17 @@
+Description: md: Don't ignore read-only array in md_check_recovery()
+References:
+Notes:
+ carnil> Introduced in ecbfb9f118bc ("dm raid: add raid level takeover support")
+ carnil> f52f5c71f3d4 ("md: fix stopping sync thread"). Vulnerable versions: 4.8-rc1
+ carnil> 6.7-rc5.
+Bugs:
+upstream: released (6.8-rc6) [55a48ad2db64737f7ffc0407634218cc6e4c513b]
+6.7-upstream-stable: released (6.7.7) [2ea169c5a0b1134d573d07fc27a16f327ad0e7d3]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26758 b/active/CVE-2024-26758
new file mode 100644
index 00000000..fcc3e177
--- /dev/null
+++ b/active/CVE-2024-26758
@@ -0,0 +1,17 @@
+Description: md: Don't ignore suspended array in md_check_recovery()
+References:
+Notes:
+ carnil> Introduced in 68866e425be2 ("MD: no sync IO while suspended")
+ carnil> f52f5c71f3d4 ("md: fix stopping sync thread"). Vulnerable versions: 3.0-rc4
+ carnil> 6.7-rc5.
+Bugs:
+upstream: released (6.8-rc6) [1baae052cccd08daf9a9d64c3f959d8cdb689757]
+6.7-upstream-stable: released (6.7.7) [a55f0d6179a19c6b982e2dc344d58c98647a3be0]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26759 b/active/CVE-2024-26759
new file mode 100644
index 00000000..7b2c2569
--- /dev/null
+++ b/active/CVE-2024-26759
@@ -0,0 +1,16 @@
+Description: mm/swap: fix race when skipping swapcache
+References:
+Notes:
+ carnil> Introduced in 0bcac06f27d7 ("mm, swap: skip swapcache for swapin of synchronous
+ carnil> device"). Vulnerable versions: 4.15-rc1.
+Bugs:
+upstream: released (6.8-rc6) [13ddaf26be324a7f951891ecd9ccd04466d27458]
+6.7-upstream-stable: released (6.7.7) [d183a4631acfc7af955c02a02e739cec15f5234d]
+6.6-upstream-stable: released (6.6.19) [305152314df82b22cf9b181f3dc5fc411002079a]
+6.1-upstream-stable: released (6.1.80) [2dedda77d4493f3e92e414b272bfa60f1f51ed95]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26760 b/active/CVE-2024-26760
new file mode 100644
index 00000000..f10b7297
--- /dev/null
+++ b/active/CVE-2024-26760
@@ -0,0 +1,16 @@
+Description: scsi: target: pscsi: Fix bio_put() for error case
+References:
+Notes:
+ carnil> Introduced in 066ff571011d ("block: turn bio_kmalloc into a simple kmalloc
+ carnil> wrapper"). Vulnerable versions: 5.19-rc1.
+Bugs:
+upstream: released (6.8-rc6) [de959094eb2197636f7c803af0943cb9d3b35804]
+6.7-upstream-stable: released (6.7.7) [1cfe9489fb563e9a0c9cdc5ca68257a44428c2ec]
+6.6-upstream-stable: released (6.6.19) [4ebc079f0c7dcda1270843ab0f38ab4edb8f7921]
+6.1-upstream-stable: released (6.1.80) [f49b20fd0134da84a6bd8108f9e73c077b7d6231]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26761 b/active/CVE-2024-26761
new file mode 100644
index 00000000..bfb120f1
--- /dev/null
+++ b/active/CVE-2024-26761
@@ -0,0 +1,16 @@
+Description: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window
+References:
+Notes:
+ carnil> Introduced in 34e37b4c432c ("cxl/port: Enable HDM Capability after validating
+ carnil> DVSEC Ranges"). Vulnerable versions: 5.19-rc1.
+Bugs:
+upstream: released (6.8-rc6) [0cab687205986491302cd2e440ef1d253031c221]
+6.7-upstream-stable: released (6.7.7) [3a3181a71935774bda2398451256d7441426420b]
+6.6-upstream-stable: released (6.6.19) [2cc1a530ab31c65b52daf3cb5d0883c8b614ea69]
+6.1-upstream-stable: released (6.1.80) [031217128990d7f0ab8c46db1afb3cf1e075fd29]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26762 b/active/CVE-2024-26762
new file mode 100644
index 00000000..0ffef89e
--- /dev/null
+++ b/active/CVE-2024-26762
@@ -0,0 +1,16 @@
+Description: cxl/pci: Skip to handle RAS errors if CXL.mem device is detached
+References:
+Notes:
+ carnil> Introduced in 6ac07883dbb5 ("cxl/pci: Add RCH downstream port error logging").
+ carnil> Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc6) [eef5c7b28dbecd6b141987a96db6c54e49828102]
+6.7-upstream-stable: released (6.7.7) [21e5e84f3f63fdf44e49642a6e45cd895e921a84]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26763 b/active/CVE-2024-26763
new file mode 100644
index 00000000..490e4ada
--- /dev/null
+++ b/active/CVE-2024-26763
@@ -0,0 +1,15 @@
+Description: dm-crypt: don't modify the data when using authenticated encryption
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc6) [50c70240097ce41fe6bce6478b80478281e4d0f7]
+6.7-upstream-stable: released (6.7.7) [d9e3763a505e50ba3bd22846f2a8db99429fb857]
+6.6-upstream-stable: released (6.6.19) [64ba01a365980755732972523600a961c4266b75]
+6.1-upstream-stable: released (6.1.80) [e08c2a8d27e989f0f5b0888792643027d7e691e6]
+5.10-upstream-stable: released (5.10.211) [3c652f6fa1e1f9f02c3fbf359d260ad153ec5f90]
+4.19-upstream-stable: released (4.19.308) [43a202bd552976497474ae144942e32cc5f34d7e]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26764 b/active/CVE-2024-26764
new file mode 100644
index 00000000..92530a27
--- /dev/null
+++ b/active/CVE-2024-26764
@@ -0,0 +1,15 @@
+Description: fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc6) [b820de741ae48ccf50dd95e297889c286ff4f760]
+6.7-upstream-stable: released (6.7.7) [1dc7d74fe456944a9b1c57bd776280249f441ac6]
+6.6-upstream-stable: released (6.6.19) [e7e23fc5d5fe422827c9a43ecb579448f73876c7]
+6.1-upstream-stable: released (6.1.80) [18f614369def2a11a52f569fe0f910b199d13487]
+5.10-upstream-stable: released (5.10.211) [ea1cd64d59f22d6d13f367d62ec6e27b9344695f]
+4.19-upstream-stable: released (4.19.308) [337b543e274fe7a8f47df3c8293cc6686ffa620f]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26765 b/active/CVE-2024-26765
new file mode 100644
index 00000000..72591c67
--- /dev/null
+++ b/active/CVE-2024-26765
@@ -0,0 +1,15 @@
+Description: LoongArch: Disable IRQ before init_fn() for nonboot CPUs
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc6) [1001db6c42e4012b55e5ee19405490f23e033b5a]
+6.7-upstream-stable: released (6.7.7) [8bf2ca8c60712af288b88ba80f8e4df4573d923f]
+6.6-upstream-stable: released (6.6.19) [dffdf7c783ef291eef38a5a0037584fd1a7fa464]
+6.1-upstream-stable: released (6.1.80) [a262b78dd085dbe9b3c75dc1d9c4cd102b110b53]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26766 b/active/CVE-2024-26766
new file mode 100644
index 00000000..4353c834
--- /dev/null
+++ b/active/CVE-2024-26766
@@ -0,0 +1,17 @@
+Description: IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
+References:
+Notes:
+ carnil> Introduced in fd8958efe877 ("IB/hfi1: Fix sdma.h tx->num_descs off-by-one
+ carnil> errors"). Vulnerable versions: 4.19.291 5.4.251 5.10.188 5.15.99 6.1.16 6.2.3
+ carnil> 6.3-rc1.
+Bugs:
+upstream: released (6.8-rc6) [e6f57c6881916df39db7d95981a8ad2b9c3458d6]
+6.7-upstream-stable: released (6.7.7) [9034a1bec35e9f725315a3bb6002ef39666114d9]
+6.6-upstream-stable: released (6.6.19) [a2fef1d81becf4ff60e1a249477464eae3c3bc2a]
+6.1-upstream-stable: released (6.1.80) [52dc9a7a573dbf778625a0efca0fca55489f084b]
+5.10-upstream-stable: released (5.10.211) [3f38d22e645e2e994979426ea5a35186102ff3c2]
+4.19-upstream-stable: released (4.19.308) [115b7f3bc1dce590a6851a2dcf23dc1100c49790]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26767 b/active/CVE-2024-26767
new file mode 100644
index 00000000..80295317
--- /dev/null
+++ b/active/CVE-2024-26767
@@ -0,0 +1,15 @@
+Description: drm/amd/display: fixed integer types and null check locations
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc5) [0484e05d048b66d01d1f3c1d2306010bb57d8738]
+6.7-upstream-stable: released (6.7.7) [beea9ab9080cd2ef46296070bb327af066ee09d7]
+6.6-upstream-stable: released (6.6.19) [71783d1ff65204d69207fd156d4b2eb1d3882375]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26768 b/active/CVE-2024-26768
new file mode 100644
index 00000000..390b1e5b
--- /dev/null
+++ b/active/CVE-2024-26768
@@ -0,0 +1,15 @@
+Description: LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC]
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc4) [4551b30525cf3d2f026b92401ffe241eb04dfebe]
+6.7-upstream-stable: released (6.7.7) [0f6810e39898af2d2cabd9313e4dbc945fb5dfdd]
+6.6-upstream-stable: released (6.6.19) [88e189bd16e5889e44a41b3309558ebab78b9280]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26769 b/active/CVE-2024-26769
new file mode 100644
index 00000000..cd391411
--- /dev/null
+++ b/active/CVE-2024-26769
@@ -0,0 +1,15 @@
+Description: nvmet-fc: avoid deadlock on delete association path
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc3) [710c69dbaccdac312e32931abcb8499c1525d397]
+6.7-upstream-stable: released (6.7.7) [1d86f79287206deec36d63b89c741cf542b6cadd]
+6.6-upstream-stable: released (6.6.19) [eaf0971fdabf2a93c1429dc6bedf3bbe85dffa30]
+6.1-upstream-stable: released (6.1.80) [9e6987f8937a7bd7516aa52f25cb7e12c0c92ee8]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26770 b/active/CVE-2024-26770
new file mode 100644
index 00000000..48ddb9ff
--- /dev/null
+++ b/active/CVE-2024-26770
@@ -0,0 +1,15 @@
+Description: HID: nvidia-shield: Add missing null pointer checks to LED initialization
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc3) [b6eda11c44dc89a681e1c105f0f4660e69b1e183]
+6.7-upstream-stable: released (6.7.7) [e71cc4a1e584293deafff1a7dea614b0210d0443]
+6.6-upstream-stable: released (6.6.19) [83527a13740f57b45f162e3af4c7db4b88521100]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26771 b/active/CVE-2024-26771
new file mode 100644
index 00000000..00eec975
--- /dev/null
+++ b/active/CVE-2024-26771
@@ -0,0 +1,15 @@
+Description: dmaengine: ti: edma: Add some null pointer checks to the edma_probe
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc3) [6e2276203ac9ff10fc76917ec9813c660f627369]
+6.7-upstream-stable: released (6.7.7) [f2a5e30d1e9a629de6179fa23923a318d5feb29e]
+6.6-upstream-stable: released (6.6.19) [7b24760f3a3c7ae1a176d343136b6c25174b7b27]
+6.1-upstream-stable: released (6.1.80) [9d508c897153ae8dd79303f7f035f078139f6b49]
+5.10-upstream-stable: released (5.10.211) [c432094aa7c9970f2fa10d2305d550d3810657ce]
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26772 b/active/CVE-2024-26772
new file mode 100644
index 00000000..a1642f33
--- /dev/null
+++ b/active/CVE-2024-26772
@@ -0,0 +1,15 @@
+Description: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc3) [832698373a25950942c04a512daa652c18a9b513]
+6.7-upstream-stable: released (6.7.7) [21dbe20589c7f48e9c5d336ce6402bcebfa6d76a]
+6.6-upstream-stable: released (6.6.19) [d3bbe77a76bc52e9d4d0a120f1509be36e25c916]
+6.1-upstream-stable: released (6.1.80) [d639102f4cbd4cb65d1225dba3b9265596aab586]
+5.10-upstream-stable: released (5.10.211) [ffeb72a80a82aba59a6774b0611f792e0ed3b0b7]
+4.19-upstream-stable: released (4.19.308) [5a6dcc4ad0f7f7fa8e8d127b5526e7c5f2d38a43]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26773 b/active/CVE-2024-26773
new file mode 100644
index 00000000..71d68458
--- /dev/null
+++ b/active/CVE-2024-26773
@@ -0,0 +1,15 @@
+Description: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc3) [4530b3660d396a646aad91a787b6ab37cf604b53]
+6.7-upstream-stable: released (6.7.7) [a2576ae9a35c078e488f2c573e9e6821d651fbbe]
+6.6-upstream-stable: released (6.6.19) [0184747b552d6b5a14db3b7fcc3b792ce64dedd1]
+6.1-upstream-stable: released (6.1.80) [f97e75fa4e12b0aa0224e83fcbda8853ac2adf36]
+5.10-upstream-stable: released (5.10.211) [927794a02169778c9c2e7b25c768ab3ea8c1dc03]
+4.19-upstream-stable: released (4.19.308) [21f8cfe79f776287459343e9cfa6055af61328ea]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26774 b/active/CVE-2024-26774
new file mode 100644
index 00000000..d1b2645d
--- /dev/null
+++ b/active/CVE-2024-26774
@@ -0,0 +1,15 @@
+Description: ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc3) [993bf0f4c393b3667830918f9247438a8f6fdb5b]
+6.7-upstream-stable: released (6.7.7) [8cf9cc602cfb40085967c0d140e32691c8b71cf3]
+6.6-upstream-stable: released (6.6.19) [f32d2a745b02123258026e105a008f474f896d6a]
+6.1-upstream-stable: released (6.1.80) [8b40eb2e716b503f7a4e1090815a17b1341b2150]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26775 b/active/CVE-2024-26775
new file mode 100644
index 00000000..fc4b6472
--- /dev/null
+++ b/active/CVE-2024-26775
@@ -0,0 +1,15 @@
+Description: aoe: avoid potential deadlock at set_capacity
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc2) [e169bd4fb2b36c4b2bee63c35c740c85daeb2e86]
+6.7-upstream-stable: released (6.7.7) [19a77b27163820f793b4d022979ffdca8f659b77]
+6.6-upstream-stable: released (6.6.19) [673629018ba04906899dcb631beec34d871f709c]
+6.1-upstream-stable: released (6.1.80) [2d623c94fbba3554f4446ba6f3c764994e8b0d26]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26776 b/active/CVE-2024-26776
new file mode 100644
index 00000000..2eac4eb9
--- /dev/null
+++ b/active/CVE-2024-26776
@@ -0,0 +1,15 @@
+Description: spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc2) [de8b6e1c231a95abf95ad097b993d34b31458ec9]
+6.7-upstream-stable: released (6.7.7) [e4168ac25b4bd378bd7dda322d589482a136c1fd]
+6.6-upstream-stable: released (6.6.19) [d637b5118274701e8448f35953877daf04df18b4]
+6.1-upstream-stable: released (6.1.80) [f19361d570c67e7e014896fa2dacd7d721bf0aa8]
+5.10-upstream-stable: released (5.10.211) [e94da8aca2e78ef9ecca02eb211869eacd5504e5]
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26777 b/active/CVE-2024-26777
new file mode 100644
index 00000000..4fd7d6d2
--- /dev/null
+++ b/active/CVE-2024-26777
@@ -0,0 +1,15 @@
+Description: fbdev: sis: Error out if pixclock equals zero
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc2) [e421946be7d9bf545147bea8419ef8239cb7ca52]
+6.7-upstream-stable: released (6.7.7) [1d11dd3ea5d039c7da089f309f39c4cd363b924b]
+6.6-upstream-stable: released (6.6.19) [99f1abc34a6dde248d2219d64aa493c76bbdd9eb]
+6.1-upstream-stable: released (6.1.80) [f329523f6a65c3bbce913ad35473d83a319d5d99]
+5.10-upstream-stable: released (5.10.211) [cd36da760bd1f78c63c7078407baf01dd724f313]
+4.19-upstream-stable: released (4.19.308) [84246c35ca34207114055a87552a1c4289c8fd7e]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26778 b/active/CVE-2024-26778
new file mode 100644
index 00000000..68a6bfde
--- /dev/null
+++ b/active/CVE-2024-26778
@@ -0,0 +1,15 @@
+Description: fbdev: savage: Error out if pixclock equals zero
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc2) [04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288]
+6.7-upstream-stable: released (6.7.7) [a9ca4e80d23474f90841251f4ac0d941fa337a01]
+6.6-upstream-stable: released (6.6.19) [bc3c2e58d73b28b9a8789fca84778ee165a72d13]
+6.1-upstream-stable: released (6.1.80) [070398d32c5f3ab0e890374904ad94551c76aec4]
+5.10-upstream-stable: released (5.10.211) [512ee6d6041e007ef5bf200c6e388e172a2c5b24]
+4.19-upstream-stable: released (4.19.308) [224453de8505aede1890f007be973925a3edf6a1]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26779 b/active/CVE-2024-26779
new file mode 100644
index 00000000..6a148f8d
--- /dev/null
+++ b/active/CVE-2024-26779
@@ -0,0 +1,15 @@
+Description: wifi: mac80211: fix race condition on enabling fast-xmit
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc2) [bcbc84af1183c8cf3d1ca9b78540c2185cd85e7f]
+6.7-upstream-stable: released (6.7.7) [281280276b70c822f55ce15b661f6d1d3228aaa9]
+6.6-upstream-stable: released (6.6.19) [54b79d8786964e2f840e8a2ec4a9f9a50f3d4954]
+6.1-upstream-stable: released (6.1.80) [eb39bb548bf974acad7bd6780fe11f9e6652d696]
+5.10-upstream-stable: released (5.10.211) [5ffab99e070b9f8ae0cf60c3c3602b84eee818dd]
+4.19-upstream-stable: released (4.19.308) [76fad1174a0cae6fc857b9f88b261a2e4f07d587]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed