From 7ade9f30444efa20496b308da6317904348f0fd2 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 9 Apr 2024 19:20:57 +0200
Subject: Add CVE-2024-2201/nativebhi

---
 data/CVE/list | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'data')

diff --git a/data/CVE/list b/data/CVE/list
index 88b836a5d7..031c12c279 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,11 @@
+CVE-2024-2201 [Native Branch History Injection]
+	- linux <unfixed>
+	- xen <unfixed>
+	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
+	[buster] - xen <end-of-life> (DSA 4677-1)
+	NOTE: https://www.openwall.com/lists/oss-security/2024/04/09/15
+	NOTE: https://vusec.net/projects/native-bhi
+	NOTE: https://xenbits.xen.org/xsa/advisory-456.html
 CVE-2024-31142 [x86: Incorrect logic for BTC/SRSO mitigations]
 	- xen <unfixed>
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
-- 
cgit v1.2.3