Add newly assigned CVEs from kernel CNA

author: Salvatore Bonaccorso <carnil@debian.org> 2024-04-25 08:42:19 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-04-25 08:42:19 +0200
commit: e027978684deb78966b761664e069b34556a8881 (patch)
tree: cccd576e794b6805142e5ba5f089cd765fe44f3f /active/CVE-2024-26926
parent: 2ef262fbee8d9f873f4cc79069939dc7d73f572f (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/active/CVE-2024-26926 b/active/CVE-2024-26926
new file mode 100644
index 00000000..c8b4d1bd
--- /dev/null
+++ b/active/CVE-2024-26926
@@ -0,0 +1,16 @@
+Description: binder: check offset alignment in binder_get_object()
+References:
+Notes:
+ carnil> Introduced in 6d98eb95b450 ("binder: avoid potential data leakage when copying
+ carnil> txn"). Vulnerable versions: 5.4.226 5.10.157 5.15.17 5.16.3 5.17-rc1.
+Bugs:
+upstream: released (6.9-rc5) [aaef73821a3b0194a01bd23ca77774f704a04d40]
+6.8-upstream-stable: needed
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2024-04-25 08:42:19 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-04-25 08:42:19 +0200
commit	e027978684deb78966b761664e069b34556a8881 (patch)
tree	cccd576e794b6805142e5ba5f089cd765fe44f3f /active/CVE-2024-26926
parent	2ef262fbee8d9f873f4cc79069939dc7d73f572f (diff)