From acb9ac528f970711d2ecd0a1827b59a7f5b44575 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 13 Jan 2022 22:41:26 +0100
Subject: Add tempoarary tracking for second bpf issue

---
 active/CVE-2022-oob-invalid_OR_NULL-type-verification | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 active/CVE-2022-oob-invalid_OR_NULL-type-verification

diff --git a/active/CVE-2022-oob-invalid_OR_NULL-type-verification b/active/CVE-2022-oob-invalid_OR_NULL-type-verification
new file mode 100644
index 00000000..b102da25
--- /dev/null
+++ b/active/CVE-2022-oob-invalid_OR_NULL-type-verification
@@ -0,0 +1,18 @@
+Description: bpf: Fix out of bounds access from invalid *_or_null type verification
+References:
+ https://www.openwall.com/lists/oss-security/2022/01/13/1
+Notes:
+ carnil> For stable series in 5.10.y, 5.15.y and 5.16.y the commit "bpf:
+ carnil> Fix out of bounds access from invalid *_or_null type
+ carnil> verification" was backported for fixing the issue as the issue
+ carnil> was fixed in mainline through the larger refactoring in
+ carnil> c25b2ae136039ffa820c26138ed4a5e5f3ab3841.
+Bugs:
+upstream: pending [c25b2ae136039ffa820c26138ed4a5e5f3ab3841]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3