diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2020-10-13 23:02:12 +0200 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-10-13 23:04:08 +0200 |
| commit | f30642f0517d6aee579bbdedf6944dbde5777753 (patch) | |
| tree | 572394a8d4e900c2795c54456e904704e56dce3e | |
| parent | 0791af6d0d816544cf3a81b6e6b4534acb90a02a (diff) | |
Add CVEs from INTEL-SA-00435
| -rw-r--r-- | active/CVE-2020-12351 | 27 | ||||
| -rw-r--r-- | active/CVE-2020-12352 | 27 | ||||
| -rw-r--r-- | active/CVE-2020-24490 | 27 |
3 files changed, 81 insertions, 0 deletions
diff --git a/active/CVE-2020-12351 b/active/CVE-2020-12351 new file mode 100644 index 00000000..5deee40d --- /dev/null +++ b/active/CVE-2020-12351 @@ -0,0 +1,27 @@ +Description: INTEL-SA-00435 +References: + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html +Notes: + carnil> CVE-2020-12351, CVE-2020-12352 and CVE-2020-24490 are three + carnil> issues covered by a set of commits/patches sent upstream but + carnil> there is no clear association from the CVEs to the commits. So + carnil> duplicate this entry for now to all three CVEs. + carnil> The commits are: + carnil> https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-1-luiz.dentz@gmail.com/ + carnil> https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-2-luiz.dentz@gmail.com/ + carnil> https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-3-luiz.dentz@gmail.com/ + carnil> https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-4-luiz.dentz@gmail.com/ + carnil> which are not yet in mainline, and + carnil> a2ec905d1e16 ("Bluetooth: fix kernel oops in + carnil> store_pending_adv_report") which is in 5.8 (and which was + carnil> backported to 5.7.13, 5.4.56 and 4.19.137). + carnil> The "fixed version" information in INTEL-SA-00435 is thus as + carnil> well contradictory as it mentions the issue to be fixed in 5.9 + carnil> or later. +Bugs: +upstream: +4.19-upstream-stable: +4.9-upstream-stable: +sid: +4.19-buster-security: +4.9-stretch-security: diff --git a/active/CVE-2020-12352 b/active/CVE-2020-12352 new file mode 100644 index 00000000..5deee40d --- /dev/null +++ b/active/CVE-2020-12352 @@ -0,0 +1,27 @@ +Description: INTEL-SA-00435 +References: + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html +Notes: + carnil> CVE-2020-12351, CVE-2020-12352 and CVE-2020-24490 are three + carnil> issues covered by a set of commits/patches sent upstream but + carnil> there is no clear association from the CVEs to the commits. So + carnil> duplicate this entry for now to all three CVEs. + carnil> The commits are: + carnil> https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-1-luiz.dentz@gmail.com/ + carnil> https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-2-luiz.dentz@gmail.com/ + carnil> https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-3-luiz.dentz@gmail.com/ + carnil> https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-4-luiz.dentz@gmail.com/ + carnil> which are not yet in mainline, and + carnil> a2ec905d1e16 ("Bluetooth: fix kernel oops in + carnil> store_pending_adv_report") which is in 5.8 (and which was + carnil> backported to 5.7.13, 5.4.56 and 4.19.137). + carnil> The "fixed version" information in INTEL-SA-00435 is thus as + carnil> well contradictory as it mentions the issue to be fixed in 5.9 + carnil> or later. +Bugs: +upstream: +4.19-upstream-stable: +4.9-upstream-stable: +sid: +4.19-buster-security: +4.9-stretch-security: diff --git a/active/CVE-2020-24490 b/active/CVE-2020-24490 new file mode 100644 index 00000000..5deee40d --- /dev/null +++ b/active/CVE-2020-24490 @@ -0,0 +1,27 @@ +Description: INTEL-SA-00435 +References: + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html +Notes: + carnil> CVE-2020-12351, CVE-2020-12352 and CVE-2020-24490 are three + carnil> issues covered by a set of commits/patches sent upstream but + carnil> there is no clear association from the CVEs to the commits. So + carnil> duplicate this entry for now to all three CVEs. + carnil> The commits are: + carnil> https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-1-luiz.dentz@gmail.com/ + carnil> https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-2-luiz.dentz@gmail.com/ + carnil> https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-3-luiz.dentz@gmail.com/ + carnil> https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-4-luiz.dentz@gmail.com/ + carnil> which are not yet in mainline, and + carnil> a2ec905d1e16 ("Bluetooth: fix kernel oops in + carnil> store_pending_adv_report") which is in 5.8 (and which was + carnil> backported to 5.7.13, 5.4.56 and 4.19.137). + carnil> The "fixed version" information in INTEL-SA-00435 is thus as + carnil> well contradictory as it mentions the issue to be fixed in 5.9 + carnil> or later. +Bugs: +upstream: +4.19-upstream-stable: +4.9-upstream-stable: +sid: +4.19-buster-security: +4.9-stretch-security: |