Add new batch of CVEs assigned for Linux

author: Salvatore Bonaccorso <carnil@debian.org> 2024-04-03 21:33:11 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-04-03 21:33:11 +0200
commit: e2b12639eebeadc5925bec1ffdecf7df5192aace (patch)
tree: c43a5a7f293006eced7e9c712f34efab9c774abb /active/CVE-2024-26752
parent: 03801e090c9fbe79615a6fe3fc2a075311f2bd8b (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/active/CVE-2024-26752 b/active/CVE-2024-26752
new file mode 100644
index 00000000..3ca05a9a
--- /dev/null
+++ b/active/CVE-2024-26752
@@ -0,0 +1,17 @@
+Description: l2tp: pass correct message length to ip6_append_data
+References:
+Notes:
+ carnil> Introduced in 9d4c75800f61 ("ipv4, ipv6: Fix handling of transhdrlen in
+ carnil> __ip{,6}_append_data()"). Vulnerable versions: 4.14.327 4.19.296 5.4.258
+ carnil> 5.10.198 5.15.135 6.1.57 6.5.7 6.6-rc5.
+Bugs:
+upstream: released (6.8-rc6) [359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79]
+6.7-upstream-stable: released (6.7.7) [83340c66b498e49353530e41542500fc8a4782d6]
+6.6-upstream-stable: released (6.6.19) [804bd8650a3a2bf3432375f8c97d5049d845ce56]
+6.1-upstream-stable: released (6.1.80) [13cd1daeea848614e585b2c6ecc11ca9c8ab2500]
+5.10-upstream-stable: released (5.10.211) [dcb4d14268595065c85dc5528056713928e17243]
+4.19-upstream-stable: released (4.19.308) [4c3ce64bc9d36ca9164dd6c77ff144c121011aae]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
author	Salvatore Bonaccorso <carnil@debian.org>	2024-04-03 21:33:11 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-04-03 21:33:11 +0200
commit	e2b12639eebeadc5925bec1ffdecf7df5192aace (patch)
tree	c43a5a7f293006eced7e9c712f34efab9c774abb /active/CVE-2024-26752
parent	03801e090c9fbe79615a6fe3fc2a075311f2bd8b (diff)