Add new batch of CVEs from Kernel vulns repository

author: Salvatore Bonaccorso <carnil@debian.org> 2024-02-29 19:21:43 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-02-29 19:21:43 +0100
commit: 4623b36743bf6c013300f7df620ed4f2494214a1 (patch)
tree: 52fd98d1cd4cee84525095dcdaa1fb89e9d6803e /active/CVE-2023-52497
parent: c289ed05ac639a3e8c9efc1122633dd94123af99 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/active/CVE-2023-52497 b/active/CVE-2023-52497
new file mode 100644
index 00000000..fcb3bb9a
--- /dev/null
+++ b/active/CVE-2023-52497
@@ -0,0 +1,18 @@
+Description: erofs: fix lz4 inplace decompression
+References:
+Notes:
+ carnil> Introduced in 0ffd71bcc3a0 ("staging: erofs: introduce LZ4 decompression
+ carnil> inplace")
+ carnil> 598162d05080 ("erofs: support decompress big pcluster for lz4 backend").
+ carnil> Vulnerable versions: 5.3-rc1 5.13-rc1.
+Bugs:
+upstream: released (6.8-rc1) [3c12466b6b7bf1e56f9b32c366a3d83d87afb4de]
+6.7-upstream-stable: released (6.7.3) [bffc4cc334c5bb31ded54bc3cfd651735a3cb79e]
+6.6-upstream-stable: released (6.6.15) [f36d200a80a3ca025532ed60dd1ac21b620e14ae]
+6.1-upstream-stable: released (6.1.76) [33bf23c9940dbd3a22aad7f0cda4c84ed5701847]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2024-02-29 19:21:43 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-02-29 19:21:43 +0100
commit	4623b36743bf6c013300f7df620ed4f2494214a1 (patch)
tree	52fd98d1cd4cee84525095dcdaa1fb89e9d6803e /active/CVE-2023-52497
parent	c289ed05ac639a3e8c9efc1122633dd94123af99 (diff)