Add newly assigned CVEs from Linux kernel CNA

95 files changed, 1512 insertions, 0 deletions

diff --git a/active/CVE-2023-52647 b/active/CVE-2023-52647
new file mode 100644
index 00000000..37dc40de
--- /dev/null
+++ b/active/CVE-2023-52647
@@ -0,0 +1,16 @@
+Description: media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access
+References:
+Notes:
+ carnil> Introduced in cf21f328fcaf ("media: nxp: Add i.MX8 ISI driver"). Vulnerable
+ carnil> versions: 6.4-rc1.
+Bugs:
+upstream: released (6.9-rc1) [eb2f932100288dbb881eadfed02e1459c6b9504c]
+6.8-upstream-stable: released (6.8.3) [91c8ce42fcde09f1da24acab9013b3e19cb88a4e]
+6.6-upstream-stable: released (6.6.24) [c95318607fbe8fdd44991a8dad2e44118e6b8812]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-52648 b/active/CVE-2023-52648
new file mode 100644
index 00000000..419e171a
--- /dev/null
+++ b/active/CVE-2023-52648
@@ -0,0 +1,16 @@
+Description: drm/vmwgfx: Unmap the surface before resetting it on a plane state
+References:
+Notes:
+ carnil> Introduced in 485d98d472d5 ("drm/vmwgfx: Add support for CursorMob and
+ carnil> CursorBypass 4"). Vulnerable versions: 5.19-rc1.
+Bugs:
+upstream: released (6.9-rc1) [27571c64f1855881753e6f33c3186573afbab7ba]
+6.8-upstream-stable: released (6.8.3) [75baad63c033b3b900d822bffbc96c9d3649bc75]
+6.6-upstream-stable: released (6.6.24) [0a23f95af7f28dae7c0f7c82578ca5e1a239d461]
+6.1-upstream-stable: needed
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26929 b/active/CVE-2024-26929
new file mode 100644
index 00000000..7674cb14
--- /dev/null
+++ b/active/CVE-2024-26929
@@ -0,0 +1,15 @@
+Description: scsi: qla2xxx: Fix double free of fcport
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.9-rc2) [82f522ae0d97119a43da53e0f729275691b9c525]
+6.8-upstream-stable: released (6.8.3) [846fb9f112f618ec6ae181d8dae7961652574774]
+6.6-upstream-stable: released (6.6.24) [f85af9f1aa5e2f53694a6cbe72010f754b5ff862]
+6.1-upstream-stable: released (6.1.84) [282877633b25d67021a34169c5b5519b1d4ef65e]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26930 b/active/CVE-2024-26930
new file mode 100644
index 00000000..ce9c4d84
--- /dev/null
+++ b/active/CVE-2024-26930
@@ -0,0 +1,15 @@
+Description: scsi: qla2xxx: Fix double free of the ha->vp_map pointer
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.9-rc2) [e288285d47784fdcf7c81be56df7d65c6f10c58b]
+6.8-upstream-stable: released (6.8.3) [825d63164a2e6bacb059a9afb5605425b485413f]
+6.6-upstream-stable: released (6.6.24) [f14cee7a882cb79528f17a2335f53e9fd1848467]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.12-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26931 b/active/CVE-2024-26931
new file mode 100644
index 00000000..4d93d56f
--- /dev/null
+++ b/active/CVE-2024-26931
@@ -0,0 +1,15 @@
+Description: scsi: qla2xxx: Fix command flush on cable pull
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.9-rc2) [a27d4d0e7de305def8a5098a614053be208d1aa1]
+6.8-upstream-stable: released (6.8.3) [ec7587eef003cab15a13446d67c3adb88146a150]
+6.6-upstream-stable: released (6.6.24) [8de1584ec4fe0ebea33c273036e7e0a05e65c81d]
+6.1-upstream-stable: released (6.1.84) [09c0ac18cac206ed1218b1fe6c1a0918e5ea9211]
+5.10-upstream-stable: released (5.10.215) [67b2d35853c2da25a8ca1c4190a5e96d3083c2ac]
+4.19-upstream-stable: released (4.19.312) [b73377124f56d2fec154737c2f8d2e839c237d5a]
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26932 b/active/CVE-2024-26932
new file mode 100644
index 00000000..bdc1fed4
--- /dev/null
+++ b/active/CVE-2024-26932
@@ -0,0 +1,16 @@
+Description: usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd()
+References:
+Notes:
+ carnil> Introduced in cd099cde4ed2 ("usb: typec: tcpm: Support multiple capabilities").
+ carnil> Vulnerable versions: 6.8-rc1.
+Bugs:
+upstream: released (6.9-rc2) [b63f90487bdf93a4223ce7853d14717e9d452856]
+6.8-upstream-stable: released (6.8.3) [242e425ed580b2f4dbcb86c8fc03a410a4084a69]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26933 b/active/CVE-2024-26933
new file mode 100644
index 00000000..ea6646ae
--- /dev/null
+++ b/active/CVE-2024-26933
@@ -0,0 +1,15 @@
+Description: USB: core: Fix deadlock in port "disable" sysfs attribute
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.9-rc2) [f4d1960764d8a70318b02f15203a1be2b2554ca1]
+6.8-upstream-stable: released (6.8.3) [73d1589b91f2099e5f6534a8497b7c6b527e064e]
+6.6-upstream-stable: released (6.6.24) [f51849833705dea5b4f9b0c8de714dd87bd6c95c]
+6.1-upstream-stable: released (6.1.84) [9dac54f08198147f5ec0ec52fcf1bc8ac899ac05]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26934 b/active/CVE-2024-26934
new file mode 100644
index 00000000..4aa1d531
--- /dev/null
+++ b/active/CVE-2024-26934
@@ -0,0 +1,16 @@
+Description: USB: core: Fix deadlock in usb_deauthorize_interface()
+References:
+Notes:
+ carnil> Introduced in 310d2b4124c0 ("usb: interface authorization: SysFS part of USB
+ carnil> interface authorization"). Vulnerable versions: 4.4-rc1.
+Bugs:
+upstream: released (6.9-rc2) [80ba43e9f799cbdd83842fc27db667289b3150f5]
+6.8-upstream-stable: released (6.8.3) [07acf979da33c721357ff27129edf74c23c036c6]
+6.6-upstream-stable: released (6.6.24) [122a06f1068bf5e39089863f4f60b1f5d4273384]
+6.1-upstream-stable: released (6.1.84) [ab062fa3dc69aea88fe62162c5881ba14b50ecc5]
+5.10-upstream-stable: released (5.10.215) [e451709573f8be904a8a72d0775bf114d7c291d9]
+4.19-upstream-stable: released (4.19.312) [8cbdd324b41528994027128207fae8100dff094f]
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26935 b/active/CVE-2024-26935
new file mode 100644
index 00000000..af6a42be
--- /dev/null
+++ b/active/CVE-2024-26935
@@ -0,0 +1,17 @@
+Description: scsi: core: Fix unremoved procfs host directory regression
+References:
+Notes:
+ carnil> Introduced in be03df3d4bfe ("scsi: core: Fix a procfs host directory removal
+ carnil> regression"). Vulnerable versions: 5.4.238 5.10.176 5.15.104 6.1.21 6.2.8
+ carnil> 6.3-rc3.
+Bugs:
+upstream: released (6.9-rc2) [f23a4d6e07570826fe95023ca1aa96a011fa9f84]
+6.8-upstream-stable: released (6.8.3) [f4ff08fab66eb5c0b97e1a24edac052fb40bf5d7]
+6.6-upstream-stable: released (6.6.24) [d4c34782b6d7b1e68d18d9549451b19433bd4c6c]
+6.1-upstream-stable: released (6.1.84) [3678cf67ff7136db1dd3bf63c361650db5d92889]
+5.10-upstream-stable: released (5.10.215) [5c2386ba80e779a92ec3bb64ccadbedd88f779b1]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26936 b/active/CVE-2024-26936
new file mode 100644
index 00000000..d26512ee
--- /dev/null
+++ b/active/CVE-2024-26936
@@ -0,0 +1,15 @@
+Description: ksmbd: validate request buffer size in smb2_allocate_rsp_buf()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.9-rc6) [17cf0c2794bdb6f39671265aa18aea5c22ee8c4a]
+6.8-upstream-stable: released (6.8.8) [2c27a64a2bc47d9bfc7c3cf8be14be53b1ee7cb6]
+6.6-upstream-stable: released (6.6.29) [5c20b242d4fed73a93591e48bfd9772e2322fb11]
+6.1-upstream-stable: released (6.1.88) [21ff9d7d223c5c19cb4334009e4c0c83a2f4d674]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26937 b/active/CVE-2024-26937
new file mode 100644
index 00000000..1c103268
--- /dev/null
+++ b/active/CVE-2024-26937
@@ -0,0 +1,16 @@
+Description: drm/i915/gt: Reset queue_priority_hint on parking
+References:
+Notes:
+ carnil> Introduced in 22b7a426bbe1 ("drm/i915/execlists: Preempt-to-busy"). Vulnerable
+ carnil> versions: 5.4-rc1.
+Bugs:
+upstream: released (6.9-rc2) [4a3859ea5240365d21f6053ee219bb240d520895]
+6.8-upstream-stable: released (6.8.3) [8fd9b0ce8c26533fe4d5d15ea15bbf7b904b611c]
+6.6-upstream-stable: released (6.6.24) [3b031e4fcb2740988143c303f81f69f18ce86325]
+6.1-upstream-stable: released (6.1.84) [7eab7b021835ae422c38b968d5cc60e99408fb62]
+5.10-upstream-stable: released (5.10.215) [fe34587acc995e7b1d7a5d3444a0736721ec32b3]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26938 b/active/CVE-2024-26938
new file mode 100644
index 00000000..73d90f41
--- /dev/null
+++ b/active/CVE-2024-26938
@@ -0,0 +1,15 @@
+Description: drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.9-rc2) [32e39bab59934bfd3f37097d4dd85ac5eb0fd549]
+6.8-upstream-stable: released (6.8.3) [94cf2fb6feccd625e5b4e23e1b70f39a206f82ac]
+6.6-upstream-stable: released (6.6.24) [a891add409e3bc381f4f68c2ce9d953f1865cb1f]
+6.1-upstream-stable: released (6.1.84) [72e4d3fb72e9f0f016946158a7d95304832768e6]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26939 b/active/CVE-2024-26939
new file mode 100644
index 00000000..2e9aca12
--- /dev/null
+++ b/active/CVE-2024-26939
@@ -0,0 +1,17 @@
+Description: drm/i915/vma: Fix UAF on destroy against retire race
+References:
+Notes:
+ carnil> Introduced in tag.
+ carnil> d93939730347 ("drm/i915: Remove the vma refcount"). Vulnerable versions:
+ carnil> 5.19-rc1.
+Bugs:
+upstream: released (6.9-rc2) [0e45882ca829b26b915162e8e86dbb1095768e9e]
+6.8-upstream-stable: released (6.8.3) [59b2626dd8c8a2e13f18054b3530e0c00073d79f]
+6.6-upstream-stable: released (6.6.29) [5e3eb862df9f972ab677fb19e0d4b9b1be8db7b5]
+6.1-upstream-stable: released (6.1.88) [704edc9252f4988ae1ad7dafa23d0db8d90d7190]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26940 b/active/CVE-2024-26940
new file mode 100644
index 00000000..51caf555
--- /dev/null
+++ b/active/CVE-2024-26940
@@ -0,0 +1,16 @@
+Description: drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
+References:
+Notes:
+ carnil> Introduced in af4a25bbe5e7 ("drm/vmwgfx: Add debugfs entries for various ttm
+ carnil> resource managers"). Vulnerable versions: 5.19-rc1.
+Bugs:
+upstream: released (6.9-rc2) [4be9075fec0a639384ed19975634b662bfab938f]
+6.8-upstream-stable: released (6.8.3) [eb08db0fc5354fa17b7ed66dab3c503332423451]
+6.6-upstream-stable: released (6.6.24) [042ef0afc40fa1a22b3608f22915b91ce39d128f]
+6.1-upstream-stable: released (6.1.84) [016119154981d81c9e8f2ea3f56b9e2b4ea14500]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26941 b/active/CVE-2024-26941
new file mode 100644
index 00000000..bcd242ad
--- /dev/null
+++ b/active/CVE-2024-26941
@@ -0,0 +1,16 @@
+Description: drm/dp: Fix divide-by-zero regression on DP MST unplug with nouveau
+References:
+Notes:
+ carnil> Introduced in c1d6a22b7219 ("drm/dp: Add helpers to calculate the link BW
+ carnil> overhead"). Vulnerable versions: 6.8-rc1.
+Bugs:
+upstream: released (6.9-rc2) [9cbd1dae842737bfafa4b10a87909fa209dde250]
+6.8-upstream-stable: released (6.8.3) [828862071a6ca0c52655e6e62ac7abfef3e5c578]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26942 b/active/CVE-2024-26942
new file mode 100644
index 00000000..53ecd626
--- /dev/null
+++ b/active/CVE-2024-26942
@@ -0,0 +1,16 @@
+Description: net: phy: qcom: at803x: fix kernel panic with at8031_probe
+References:
+Notes:
+ carnil> Introduced in 25d2ba94005f ("net: phy: at803x: move specific at8031 probe mode
+ carnil> check to dedicated probe"). Vulnerable versions: 6.8-rc1.
+Bugs:
+upstream: released (6.9-rc2) [6a4aee277740d04ac0fd54cfa17cc28261932ddc]
+6.8-upstream-stable: released (6.8.3) [a8a296ad9957b845b89bcf48be1cf8c74875ecc3]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26943 b/active/CVE-2024-26943
new file mode 100644
index 00000000..652b2ac0
--- /dev/null
+++ b/active/CVE-2024-26943
@@ -0,0 +1,16 @@
+Description: nouveau/dmem: handle kcalloc() allocation failure
+References:
+Notes:
+ carnil> Introduced in 249881232e14 ("nouveau/dmem: evict device private memory during
+ carnil> release"). Vulnerable versions: 6.1-rc1.
+Bugs:
+upstream: released (6.9-rc2) [16e87fe23d4af6df920406494ced5c0f4354567b]
+6.8-upstream-stable: released (6.8.3) [3e82f7383e0b82a835e6b6b06a348b2bc4e2c2ee]
+6.6-upstream-stable: released (6.6.24) [2a84744a037b8a511d6a9055f3defddc28ff4a4d]
+6.1-upstream-stable: released (6.1.84) [9acfd8b083a0ffbd387566800d89f55058a68af2]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26944 b/active/CVE-2024-26944
new file mode 100644
index 00000000..1128435f
--- /dev/null
+++ b/active/CVE-2024-26944
@@ -0,0 +1,15 @@
+Description: btrfs: zoned: fix use-after-free in do_zone_finish()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.9-rc2) [1ec17ef59168a1a6f1105f5dc517f783839a5302]
+6.8-upstream-stable: released (6.8.3) [34ca809e055eca5cfe63d9c7efbf80b7c21b4e57]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26945 b/active/CVE-2024-26945
new file mode 100644
index 00000000..62a2cdfe
--- /dev/null
+++ b/active/CVE-2024-26945
@@ -0,0 +1,15 @@
+Description: crypto: iaa - Fix nr_cpus < nr_iaa case
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.9-rc2) [5a7e89d3315d1be86aff8a8bf849023cda6547f7]
+6.8-upstream-stable: released (6.8.3) [a5ca1be7f9817de4e93085778b3ee2219bdc2664]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26946 b/active/CVE-2024-26946
new file mode 100644
index 00000000..2b4163f4
--- /dev/null
+++ b/active/CVE-2024-26946
@@ -0,0 +1,16 @@
+Description: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address
+References:
+Notes:
+ carnil> Introduced in cc66bb914578 ("x86/ibt,kprobes: Cure sym+0 equals fentry woes").
+ carnil> Vulnerable versions: 5.18-rc1.
+Bugs:
+upstream: released (6.9-rc1) [4e51653d5d871f40f1bd5cf95cc7f2d8b33d063b]
+6.8-upstream-stable: released (6.8.3) [b69f577308f1070004cafac106dd1a44099e5483]
+6.6-upstream-stable: released (6.6.24) [f13edd1871d4fb4ab829aff629d47914e251bae3]
+6.1-upstream-stable: released (6.1.84) [6417684315087904fffe8966d27ca74398c57dd6]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26947 b/active/CVE-2024-26947
new file mode 100644
index 00000000..30802ecc
--- /dev/null
+++ b/active/CVE-2024-26947
@@ -0,0 +1,16 @@
+Description: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses
+References:
+Notes:
+ carnil> Introduced in a4d5613c4dc6 ("arm: extend pfn_valid to take into account freed
+ carnil> memory map alignment"). Vulnerable versions: 5.4.167 5.10.87 5.14-rc1.
+Bugs:
+upstream: released (6.9-rc1) [0c66c6f4e21cb22220cbd8821c5c73fc157d20dc]
+6.8-upstream-stable: released (6.8.3) [fb3a122a978626b33de3367ee1762da934c0f512]
+6.6-upstream-stable: released (6.6.24) [0c027c2bad7f5111c51a358b5d392e1a695dabff]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26948 b/active/CVE-2024-26948
new file mode 100644
index 00000000..844c25b1
--- /dev/null
+++ b/active/CVE-2024-26948
@@ -0,0 +1,15 @@
+Description: drm/amd/display: Add a dc_state NULL check in dc_state_release
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.9-rc1) [334b56cea5d9df5989be6cf1a5898114fa70ad98]
+6.8-upstream-stable: released (6.8.3) [d37a08f840485995e3fb91dad95e441b9d28a269]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26949 b/active/CVE-2024-26949
new file mode 100644
index 00000000..3cd68447
--- /dev/null
+++ b/active/CVE-2024-26949
@@ -0,0 +1,16 @@
+Description: drm/amdgpu/pm: Fix NULL pointer dereference when get power limit
+References:
+Notes:
+ carnil> Introduced in 7968e9748fbb ("drm/amdgpu/pm: Fix the power1_min_cap value").
+ carnil> Vulnerable versions: 6.7.9 6.8-rc7.
+Bugs:
+upstream: released (6.9-rc1) [08ae9ef829b8055c2fdc8cfee37510c1f4721a07]
+6.8-upstream-stable: released (6.8.3) [b8eaa8ef1f1157a9f330e36e66bdd7a693309948]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26950 b/active/CVE-2024-26950
new file mode 100644
index 00000000..30d8c668
--- /dev/null
+++ b/active/CVE-2024-26950
@@ -0,0 +1,16 @@
+Description: wireguard: netlink: access device through ctx instead of peer
+References:
+Notes:
+ carnil> Introduced in e7096c131e51 ("net: WireGuard secure network tunnel"). Vulnerable
+ carnil> versions: 5.6-rc1.
+Bugs:
+upstream: released (6.9-rc1) [71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f]
+6.8-upstream-stable: released (6.8.3) [d44bd323d8bb8031eef4bdc44547925998a11e47]
+6.6-upstream-stable: released (6.6.24) [c991567e6c638079304cc15dff28748e4a3c4a37]
+6.1-upstream-stable: released (6.1.84) [09c3fa70f65175861ca948cb2f0f791e666c90e5]
+5.10-upstream-stable: released (5.10.215) [493aa6bdcffd90a4f82aa614fe4f4db0641b4068]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26951 b/active/CVE-2024-26951
new file mode 100644
index 00000000..0d20c6db
--- /dev/null
+++ b/active/CVE-2024-26951
@@ -0,0 +1,16 @@
+Description: wireguard: netlink: check for dangling peer via is_dead instead of empty list
+References:
+Notes:
+ carnil> Introduced in e7096c131e51 ("net: WireGuard secure network tunnel"). Vulnerable
+ carnil> versions: 5.6-rc1.
+Bugs:
+upstream: released (6.9-rc1) [55b6c738673871c9b0edae05d0c97995c1ff08c4]
+6.8-upstream-stable: released (6.8.3) [302b2dfc013baca3dea7ceda383930d9297d231d]
+6.6-upstream-stable: released (6.6.24) [13d107794304306164481d31ce33f8fdb25a9c04]
+6.1-upstream-stable: released (6.1.84) [b7cea3a9af0853fdbb1b16633a458f991dde6aac]
+5.10-upstream-stable: released (5.10.215) [f52be46e3e6ecefc2539119784324f0cbc09620a]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26952 b/active/CVE-2024-26952
new file mode 100644
index 00000000..21b8207c
--- /dev/null
+++ b/active/CVE-2024-26952
@@ -0,0 +1,15 @@
+Description: ksmbd: fix potencial out-of-bounds when buffer offset is invalid
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.9-rc1) [c6cd2e8d2d9aa7ee35b1fa6a668e32a22a9753da]
+6.8-upstream-stable: released (6.8.3) [0c5541b4c980626fa3cab16ba1a451757778bbb5]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.12-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26953 b/active/CVE-2024-26953
new file mode 100644
index 00000000..0c13280f
--- /dev/null
+++ b/active/CVE-2024-26953
@@ -0,0 +1,16 @@
+Description: net: esp: fix bad handling of pages from page_pool
+References:
+Notes:
+ carnil> Introduced in 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB
+ carnil> recycling"). Vulnerable versions: 5.14-rc1.
+Bugs:
+upstream: released (6.9-rc1) [c3198822c6cb9fb588e446540485669cc81c5d34]
+6.8-upstream-stable: released (6.8.3) [f278ff9db67264715d0d50e3e75044f8b78990f4]
+6.6-upstream-stable: released (6.6.24) [8291b4eac429c480386669444c6377573f5d8664]
+6.1-upstream-stable: needed
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26954 b/active/CVE-2024-26954
new file mode 100644
index 00000000..742a3d2e
--- /dev/null
+++ b/active/CVE-2024-26954
@@ -0,0 +1,15 @@
+Description: ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.9-rc1) [a80a486d72e20bd12c335bcd38b6e6f19356b0aa]
+6.8-upstream-stable: released (6.8.3) [4f97e6a9d62cb1fce82fbf4baff44b83221bc178]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.12-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26955 b/active/CVE-2024-26955
new file mode 100644
index 00000000..9bc023ab
--- /dev/null
+++ b/active/CVE-2024-26955
@@ -0,0 +1,16 @@
+Description: nilfs2: prevent kernel bug at submit_bh_wbc()
+References:
+Notes:
+ carnil> Introduced in 1f5abe7e7dbc ("nilfs2: replace BUG_ON and BUG calls triggerable
+ carnil> from ioctl"). Vulnerable versions: 2.6.30-rc1.
+Bugs:
+upstream: released (6.9-rc1) [269cdf353b5bdd15f1a079671b0f889113865f20]
+6.8-upstream-stable: released (6.8.3) [76ffbe911e2798c7296968f5fd72f7bf67207a8d]
+6.6-upstream-stable: released (6.6.24) [0c8aa4cfda4e4adb15d5b6536d155eca9c9cd44c]
+6.1-upstream-stable: released (6.1.84) [192e9f9078c96be30b31c4b44d6294b24520fce5]
+5.10-upstream-stable: released (5.10.215) [f0fe7ad5aff4f0fcf988913313c497de85f1e186]
+4.19-upstream-stable: released (4.19.312) [91e4c4595fae5e87069e44687ae879091783c183]
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26956 b/active/CVE-2024-26956
new file mode 100644
index 00000000..7f0d2c53
--- /dev/null
+++ b/active/CVE-2024-26956
@@ -0,0 +1,16 @@
+Description: nilfs2: fix failure to detect DAT corruption in btree and direct mappings
+References:
+Notes:
+ carnil> Introduced in c3a7abf06ce7 ("nilfs2: support contiguous lookup of blocks").
+ carnil> Vulnerable versions: 2.6.31-rc1.
+Bugs:
+upstream: released (6.9-rc1) [f2f26b4a84a0ef41791bd2d70861c8eac748f4ba]
+6.8-upstream-stable: released (6.8.3) [82827ca21e7c8a91384c5baa656f78a5adfa4ab4]
+6.6-upstream-stable: released (6.6.24) [f69e81396aea66304d214f175aa371f1b5578862]
+6.1-upstream-stable: released (6.1.84) [46b832e09d43b394ac0f6d9485d2b1a06593f0b7]
+5.10-upstream-stable: released (5.10.215) [c3b5c5c31e723b568f83d8cafab8629d9d830ffb]
+4.19-upstream-stable: released (4.19.312) [b67189690eb4b7ecc84ae16fa1e880e0123eaa35]
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26957 b/active/CVE-2024-26957
new file mode 100644
index 00000000..f3efa6bf
--- /dev/null
+++ b/active/CVE-2024-26957
@@ -0,0 +1,15 @@
+Description: s390/zcrypt: fix reference counting on zcrypt card objects
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.9-rc1) [50ed48c80fecbe17218afed4f8bed005c802976c]
+6.8-upstream-stable: released (6.8.3) [394b6d8bbdf9ddee6d5bcf3e1f3e9f23eecd6484]
+6.6-upstream-stable: released (6.6.24) [a64ab862e84e3e698cd351a87cdb504c7fc575ca]
+6.1-upstream-stable: released (6.1.84) [b7f6c3630eb3f103115ab0d7613588064f665d0d]
+5.10-upstream-stable: released (5.10.215) [6470078ab3d8f222115e11c4ec67351f3031b3dd]
+4.19-upstream-stable: released (4.19.312) [7e500849fa558879a1cde43f80c7c048c2437058]
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26958 b/active/CVE-2024-26958
new file mode 100644
index 00000000..57e35ab0
--- /dev/null
+++ b/active/CVE-2024-26958
@@ -0,0 +1,15 @@
+Description: nfs: fix UAF in direct writes
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.9-rc1) [17f46b803d4f23c66cacce81db35fef3adb8f2af]
+6.8-upstream-stable: released (6.8.3) [cf54f66e1dd78990ec6b32177bca7e6ea2144a95]
+6.6-upstream-stable: released (6.6.24) [e25447c35f8745337ea8bc0c9697fcac14df8605]
+6.1-upstream-stable: released (6.1.84) [3abc2d160ed8213948b147295d77d44a22c88fa3]
+5.10-upstream-stable: released (5.10.215) [4595d90b5d2ea5fa4d318d13f59055aa4bf3e7f5]
+4.19-upstream-stable: needed
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26959 b/active/CVE-2024-26959
new file mode 100644
index 00000000..4acaa4ad
--- /dev/null
+++ b/active/CVE-2024-26959
@@ -0,0 +1,16 @@
+Description: Bluetooth: btnxpuart: Fix btnxpuart_close
+References:
+Notes:
+ carnil> Introduced in 689ca16e5232 ("Bluetooth: NXP: Add protocol support for NXP
+ carnil> Bluetooth chipsets"). Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.9-rc1) [664130c0b0309b360bc5bdd40a30604a9387bde8]
+6.8-upstream-stable: released (6.8.3) [74bcf708775c405f7fb6ed776ccd3e1957f38a52]
+6.6-upstream-stable: released (6.6.24) [d4e2365b07f1ae1f811a915b514caef5b2d6581e]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26960 b/active/CVE-2024-26960
new file mode 100644
index 00000000..471353d0
--- /dev/null
+++ b/active/CVE-2024-26960
@@ -0,0 +1,16 @@
+Description: mm: swap: fix race between free_swap_and_cache() and swapoff()
+References:
+Notes:
+ carnil> Introduced in 7c00bafee87c ("mm/swap: free swap slots in batch"). Vulnerable
+ carnil> versions: 4.11-rc1.
+Bugs:
+upstream: released (6.9-rc1) [82b1c07a0af603e3c47b906c8e991dc96f01688e]
+6.8-upstream-stable: released (6.8.3) [363d17e7f7907c8e27a9e86968af0eaa2301787b]
+6.6-upstream-stable: released (6.6.24) [0f98f6d2fb5fad00f8299b84b85b6bc1b6d7d19a]
+6.1-upstream-stable: released (6.1.84) [1ede7f1d7eed1738d1b9333fd1e152ccb450b86a]
+5.10-upstream-stable: released (5.10.215) [d85c11c97ecf92d47a4b29e3faca714dc1f18d0d]
+4.19-upstream-stable: needed
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26961 b/active/CVE-2024-26961
new file mode 100644
index 00000000..ad73bcf5
--- /dev/null
+++ b/active/CVE-2024-26961
@@ -0,0 +1,16 @@
+Description: mac802154: fix llsec key resources release in mac802154_llsec_key_del
+References:
+Notes:
+ carnil> Introduced in 5d637d5aabd8 ("mac802154: add llsec structures and mutators").
+ carnil> Vulnerable versions: 3.16-rc1.
+Bugs:
+upstream: released (6.9-rc1) [e8a1e58345cf40b7b272e08ac7b32328b2543e40]
+6.8-upstream-stable: released (6.8.3) [49c8951680d7b76fceaee89dcfbab1363fb24fd1]
+6.6-upstream-stable: released (6.6.24) [20d3e1c8a1847497269f04d874b2a5818ec29e2d]
+6.1-upstream-stable: released (6.1.84) [dcd51ab42b7a0431575689c5f74b8b6efd45fc2f]
+5.10-upstream-stable: released (5.10.215) [068ab2759bc0b4daf0b964de61b2731449c86531]
+4.19-upstream-stable: needed
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26962 b/active/CVE-2024-26962
new file mode 100644
index 00000000..12a39b2d
--- /dev/null
+++ b/active/CVE-2024-26962
@@ -0,0 +1,15 @@
+Description: dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.9-rc1) [41425f96d7aa59bc865f60f5dda3d7697b555677]
+6.8-upstream-stable: released (6.8.3) [a8d249d770cb357d16a2097b548d2e4c1c137304]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.12-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26963 b/active/CVE-2024-26963
new file mode 100644
index 00000000..d2820022
--- /dev/null
+++ b/active/CVE-2024-26963
@@ -0,0 +1,16 @@
+Description: usb: dwc3-am62: fix module unload/reload behavior
+References:
+Notes:
+ carnil> Introduced in e8784c0aec03 ("drivers: usb: dwc3: Add AM62 USB wrapper driver").
+ carnil> Vulnerable versions: 5.19-rc1.
+Bugs:
+upstream: released (6.9-rc1) [6661befe41009c210efa2c1bcd16a5cc4cff8a06]
+6.8-upstream-stable: released (6.8.3) [3895780fabd120d0fbd54354014e85207b25687c]
+6.6-upstream-stable: released (6.6.24) [7dfed9855397d0df4c6f748d1f66547ab3bad766]
+6.1-upstream-stable: released (6.1.84) [6c6a45645a2e6a272dfde14eddbb6706de63c25d]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26964 b/active/CVE-2024-26964
new file mode 100644
index 00000000..7e67c6c9
--- /dev/null
+++ b/active/CVE-2024-26964
@@ -0,0 +1,16 @@
+Description: usb: xhci: Add error handling in xhci_map_urb_for_dma
+References:
+Notes:
+ carnil> Introduced in 2017a1e58472 ("usb: xhci: Use temporary buffer to consolidate
+ carnil> SG"). Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (6.9-rc1) [be95cc6d71dfd0cba66e3621c65413321b398052]
+6.8-upstream-stable: released (6.8.3) [7b6cc33593d7ccfc3011b290849cfa899db46757]
+6.6-upstream-stable: released (6.6.24) [620b6cf2f1a270f48d38e6b8ce199c1acb3e90f4]
+6.1-upstream-stable: released (6.1.84) [b2c898469dfc388f619c6c972a28466cbb1442ea]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26965 b/active/CVE-2024-26965
new file mode 100644
index 00000000..0e6770fa
--- /dev/null
+++ b/active/CVE-2024-26965
@@ -0,0 +1,16 @@
+Description: clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
+References:
+Notes:
+ carnil> Introduced in d8b212014e69 ("clk: qcom: Add support for MSM8974's multimedia
+ carnil> clock controller (MMCC)"). Vulnerable versions: 3.14-rc1.
+Bugs:
+upstream: released (6.9-rc1) [e2c02a85bf53ae86d79b5fccf0a75ac0b78e0c96]
+6.8-upstream-stable: released (6.8.3) [ca2cf98d46748373e830a13d85d215d64a2d9bf2]
+6.6-upstream-stable: released (6.6.24) [7e9926fef71e514b4a8ea9d11d5a84d52b181362]
+6.1-upstream-stable: released (6.1.84) [537040c257ab4cd0673fbae048f3940c8ea2e589]
+5.10-upstream-stable: released (5.10.215) [3ff4a0f6a8f0ad4b4ee9e908bdfc3cacb7be4060]
+4.19-upstream-stable: released (4.19.312) [99740c4791dc8019b0d758c5389ca6d1c0604d95]
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26966 b/active/CVE-2024-26966
new file mode 100644
index 00000000..f378f84a
--- /dev/null
+++ b/active/CVE-2024-26966
@@ -0,0 +1,16 @@
+Description: clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
+References:
+Notes:
+ carnil> Introduced in 2b46cd23a5a2 ("clk: qcom: Add APQ8084 Multimedia Clock Controller
+ carnil> (MMCC) support"). Vulnerable versions: 3.17-rc1.
+Bugs:
+upstream: released (6.9-rc1) [a903cfd38d8dee7e754fb89fd1bebed99e28003d]
+6.8-upstream-stable: released (6.8.3) [5638330150db2cc30b53eed04e481062faa3ece8]
+6.6-upstream-stable: released (6.6.24) [9b4c4546dd61950e80ffdca1bf6925f42b665b03]
+6.1-upstream-stable: released (6.1.84) [185de0b7cdeaad8b89ebd4c8a258ff2f21adba99]
+5.10-upstream-stable: released (5.10.215) [a09aecb6cb482de88301c43bf00a6c8726c4d34f]
+4.19-upstream-stable: released (4.19.312) [5533686e99b04994d7c4877dc0e4282adc9444a2]
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26967 b/active/CVE-2024-26967
new file mode 100644
index 00000000..25a1e5b5
--- /dev/null
+++ b/active/CVE-2024-26967
@@ -0,0 +1,16 @@
+Description: clk: qcom: camcc-sc8280xp: fix terminating of frequency table arrays
+References:
+Notes:
+ carnil> Introduced in ff93872a9c61 ("clk: qcom: camcc-sc8280xp: Add sc8280xp CAMCC").
+ carnil> Vulnerable versions: 6.8-rc1.
+Bugs:
+upstream: released (6.9-rc1) [6a3d70f7802a98e6c28a74f997a264118b9f50cd]
+6.8-upstream-stable: released (6.8.3) [93ff48729211dae55df5d216023be4528d29babb]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26968 b/active/CVE-2024-26968
new file mode 100644
index 00000000..49accff9
--- /dev/null
+++ b/active/CVE-2024-26968
@@ -0,0 +1,16 @@
+Description: clk: qcom: gcc-ipq9574: fix terminating of frequency table arrays
+References:
+Notes:
+ carnil> Introduced in d75b82cff488 ("clk: qcom: Add Global Clock Controller driver for
+ carnil> IPQ9574"). Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.9-rc1) [bd2b6395671d823caa38d8e4d752de2448ae61e1]
+6.8-upstream-stable: released (6.8.3) [604f2d7c46727c5e24fc7faddc980bc1cc0b1011]
+6.6-upstream-stable: released (6.6.24) [0204247cf3669b6021fb745c3b7f37ae392ab19c]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26969 b/active/CVE-2024-26969
new file mode 100644
index 00000000..907f9aac
--- /dev/null
+++ b/active/CVE-2024-26969
@@ -0,0 +1,16 @@
+Description: clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
+References:
+Notes:
+ carnil> Introduced in 9607f6224b39 ("clk: qcom: ipq8074: add PCIE, USB and SDCC
+ carnil> clocks"). Vulnerable versions: 4.16-rc1.
+Bugs:
+upstream: released (6.9-rc1) [1040ef5ed95d6fd2628bad387d78a61633e09429]
+6.8-upstream-stable: released (6.8.3) [be9e2752d823eca1d5af67014a1844a9176ff566]
+6.6-upstream-stable: released (6.6.24) [b6b31b4c67ea6bd9222e5b73b330554c57f2f90d]
+6.1-upstream-stable: released (6.1.84) [dd92b159c506804ac57adf3742d9728298bb1255]
+5.10-upstream-stable: released (5.10.215) [851cc19bdb02556fb13629b3e4fef6f2bdb038fe]
+4.19-upstream-stable: released (4.19.312) [e117c6e2d1617520f5f7d7f6f6b395f01d8b5a27]
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26970 b/active/CVE-2024-26970
new file mode 100644
index 00000000..18767859
--- /dev/null
+++ b/active/CVE-2024-26970
@@ -0,0 +1,16 @@
+Description: clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays
+References:
+Notes:
+ carnil> Introduced in d9db07f088af ("clk: qcom: Add ipq6018 Global Clock Controller
+ carnil> support"). Vulnerable versions: 5.6-rc1.
+Bugs:
+upstream: released (6.9-rc1) [cdbc6e2d8108bc47895e5a901cfcaf799b00ca8d]
+6.8-upstream-stable: released (6.8.3) [db4066e3ab6b3d918ae2b92734a89c04fe82cc1d]
+6.6-upstream-stable: released (6.6.24) [421b135aceace99789c982f6a77ce9476564fb52]
+6.1-upstream-stable: released (6.1.84) [852db52b45ea96dac2720f108e7c7331cd3738bb]
+5.10-upstream-stable: released (5.10.215) [ae60e3342296f766f88911d39199f77b05f657a6]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26971 b/active/CVE-2024-26971
new file mode 100644
index 00000000..240bb13d
--- /dev/null
+++ b/active/CVE-2024-26971
@@ -0,0 +1,16 @@
+Description: clk: qcom: gcc-ipq5018: fix terminating of frequency table arrays
+References:
+Notes:
+ carnil> Introduced in e3fdbef1bab8 ("clk: qcom: Add Global Clock controller (GCC)
+ carnil> driver for IPQ5018"). Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.9-rc1) [90ad946fff70f312b8d23226afc38c13ddd88c4b]
+6.8-upstream-stable: released (6.8.3) [50c3acd460551cdf9d8ac6fe0c04f2de0e8e0872]
+6.6-upstream-stable: released (6.6.24) [b0cf3d200e8a72b6d28e6e088c062b4a98cb5eaf]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26972 b/active/CVE-2024-26972
new file mode 100644
index 00000000..f9fde1b2
--- /dev/null
+++ b/active/CVE-2024-26972
@@ -0,0 +1,16 @@
+Description: ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path
+References:
+Notes:
+ carnil> Introduced in 2c58d548f570 ("fscrypt: cache decrypted symlink target in
+ carnil> ->i_link"). Vulnerable versions: 5.2-rc1.
+Bugs:
+upstream: released (6.9-rc1) [6379b44cdcd67f5f5d986b73953e99700591edfa]
+6.8-upstream-stable: released (6.8.3) [62b5ae00c2b835639002ce898ccb5d82c51073ae]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26973 b/active/CVE-2024-26973
new file mode 100644
index 00000000..4f40f4a6
--- /dev/null
+++ b/active/CVE-2024-26973
@@ -0,0 +1,16 @@
+Description: fat: fix uninitialized field in nostale filehandles
+References:
+Notes:
+ carnil> Introduced in ea3983ace6b7 ("fat: restructure export_operations"). Vulnerable
+ carnil> versions: 3.10-rc1.
+Bugs:
+upstream: released (6.9-rc1) [fde2497d2bc3a063d8af88b258dbadc86bd7b57c]
+6.8-upstream-stable: released (6.8.3) [cdd33d54e789d229d6d5007cbf3f53965ca1a5c6]
+6.6-upstream-stable: released (6.6.24) [03a7e3f2ba3ca25f1da1d3898709a08db14c1abb]
+6.1-upstream-stable: released (6.1.84) [c8cc05de8e6b5612b6e9f92c385c1a064b0db375]
+5.10-upstream-stable: released (5.10.215) [a276c595c3a629170b0f052a3724f755d7c6adc6]
+4.19-upstream-stable: released (4.19.312) [9840d1897e28f8733cc1e38f97e044f987dc0a63]
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26974 b/active/CVE-2024-26974
new file mode 100644
index 00000000..8cdd7c6b
--- /dev/null
+++ b/active/CVE-2024-26974
@@ -0,0 +1,16 @@
+Description: crypto: qat - resolve race condition during AER recovery
+References:
+Notes:
+ carnil> Introduced in d8cba25d2c68 ("crypto: qat - Intel(R) QAT driver framework").
+ carnil> Vulnerable versions: 3.17-rc1.
+Bugs:
+upstream: released (6.9-rc1) [7d42e097607c4d246d99225bf2b195b6167a210c]
+6.8-upstream-stable: released (6.8.3) [bb279ead42263e9fb09480f02a4247b2c287d828]
+6.6-upstream-stable: released (6.6.24) [8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc]
+6.1-upstream-stable: released (6.1.84) [226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7]
+5.10-upstream-stable: released (5.10.215) [d03092550f526a79cf1ade7f0dfa74906f39eb71]
+4.19-upstream-stable: released (4.19.312) [daba62d9eeddcc5b1081be7d348ca836c83c59d7]
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26975 b/active/CVE-2024-26975
new file mode 100644
index 00000000..c40a062e
--- /dev/null
+++ b/active/CVE-2024-26975
@@ -0,0 +1,16 @@
+Description: powercap: intel_rapl: Fix a NULL pointer dereference
+References:
+Notes:
+ carnil> Introduced in 1488ac990ac8 ("powercap: intel_rapl: Allow probing without CPUID
+ carnil> match"). Vulnerable versions: 6.5-rc1.
+Bugs:
+upstream: released (6.9-rc1) [2d1f5006ff95770da502f8cee2a224a1ff83866e]
+6.8-upstream-stable: released (6.8.3) [2f73cf2ae5e0f4e629db5be3a4380ff7807148e6]
+6.6-upstream-stable: released (6.6.24) [0641908b906a133f1494c312a71f9fecbe2b6c78]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26976 b/active/CVE-2024-26976
new file mode 100644
index 00000000..f9d532ae
--- /dev/null
+++ b/active/CVE-2024-26976
@@ -0,0 +1,16 @@
+Description: KVM: Always flush async #PF workqueue when vCPU is being destroyed
+References:
+Notes:
+ carnil> Introduced in af585b921e5d ("KVM: Halt vcpu if page it tries to access is
+ carnil> swapped out"). Vulnerable versions: 2.6.38-rc1.
+Bugs:
+upstream: released (6.9-rc1) [3d75b8aa5c29058a512db29da7cbee8052724157]
+6.8-upstream-stable: released (6.8.3) [caa9af2e27c275e089d702cfbaaece3b42bca31b]
+6.6-upstream-stable: released (6.6.24) [a75afe480d4349c524d9c659b1a5a544dbc39a98]
+6.1-upstream-stable: released (6.1.84) [b54478d20375874aeee257744dedfd3e413432ff]
+5.10-upstream-stable: released (5.10.215) [f8730d6335e5f43d09151fca1f0f41922209a264]
+4.19-upstream-stable: released (4.19.312) [ab2c2f5d9576112ad22cfd3798071cb74693b1f5]
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26977 b/active/CVE-2024-26977
new file mode 100644
index 00000000..dcfc4b7e
--- /dev/null
+++ b/active/CVE-2024-26977
@@ -0,0 +1,16 @@
+Description: pci_iounmap(): Fix MMIO mapping leak
+References:
+Notes:
+ carnil> Introduced in 316e8d79a095 ("pci_iounmap'2: Electric Boogaloo: try to make
+ carnil> sense of it all"). Vulnerable versions: 5.15-rc2.
+Bugs:
+upstream: released (6.9-rc1) [7626913652cc786c238e2dd7d8740b17d41b2637]
+6.8-upstream-stable: released (6.8.3) [af280e137e273935f2e09f4d73169998298792ed]
+6.6-upstream-stable: released (6.6.24) [b5d40f02e7222da032c2042aebcf2a07de9b342f]
+6.1-upstream-stable: released (6.1.84) [6d21d0356aa44157a62e39c0d1a13d4c69a8d0c8]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26978 b/active/CVE-2024-26978
new file mode 100644
index 00000000..e7b1c1a3
--- /dev/null
+++ b/active/CVE-2024-26978
@@ -0,0 +1,16 @@
+Description: serial: max310x: fix NULL pointer dereference in I2C instantiation
+References:
+Notes:
+ carnil> Introduced in 2e1f2d9a9bdb ("serial: max310x: implement I2C support").
+ carnil> Vulnerable versions: 5.4.272 5.10.213 6.0-rc1.
+Bugs:
+upstream: released (6.9-rc1) [0d27056c24efd3d63a03f3edfbcfc4827086b110]
+6.8-upstream-stable: released (6.8.3) [aeca49661fd02fd56fb026768b580ce301b45733]
+6.6-upstream-stable: released (6.6.24) [2160ad6861c4a21d3fa553d7b2aaec6634a37f8a]
+6.1-upstream-stable: released (6.1.84) [12609c76b755dbeb1645c0aacc0f0f4743b2eff3]
+5.10-upstream-stable: released (5.10.215) [c45e53c27b78afd6c81fc25608003576f27b5735]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26979 b/active/CVE-2024-26979
new file mode 100644
index 00000000..76096cc6
--- /dev/null
+++ b/active/CVE-2024-26979
@@ -0,0 +1,16 @@
+Description: drm/vmwgfx: Fix possible null pointer derefence with invalid contexts
+References:
+Notes:
+ carnil> Introduced in 9c079b8ce8bf ("drm/vmwgfx: Adapt execbuf to the new validation
+ carnil> api"). Vulnerable versions: 4.20-rc1.
+Bugs:
+upstream: released (6.9-rc1) [517621b7060096e48e42f545fa6646fc00252eac]
+6.8-upstream-stable: released (6.8.3) [585fec7361e7850bead21fada49a7fcde2f2e791]
+6.6-upstream-stable: released (6.6.24) [ff41e0d4f3fa10d7cdd7d40f8026bea9fcc8b000]
+6.1-upstream-stable: released (6.1.84) [07c3fe923ff7eccf684fb4f8c953d0a7cc8ded73]
+5.10-upstream-stable: released (5.10.215) [c560327d900bab968c2e1b4cd7fa2d46cd429e3d]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26980 b/active/CVE-2024-26980
new file mode 100644
index 00000000..042fe6c3
--- /dev/null
+++ b/active/CVE-2024-26980
@@ -0,0 +1,15 @@
+Description: ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.9-rc6) [c119f4ede3fa90a9463f50831761c28f989bfb20]
+6.8-upstream-stable: released (6.8.8) [0977f89722eceba165700ea384f075143f012085]
+6.6-upstream-stable: released (6.6.29) [3160d9734453a40db248487f8204830879c207f1]
+6.1-upstream-stable: released (6.1.88) [b80ba648714e6d790d69610cf14656be222d0248]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26981 b/active/CVE-2024-26981
new file mode 100644
index 00000000..640a4c6f
--- /dev/null
+++ b/active/CVE-2024-26981
@@ -0,0 +1,16 @@
+Description: nilfs2: fix OOB in nilfs_set_de_type
+References:
+Notes:
+ carnil> Introduced in 2ba466d74ed7 ("nilfs2: directory entry operations"). Vulnerable
+ carnil> versions: 2.6.30-rc1.
+Bugs:
+upstream: released (6.9-rc5) [c4a7dc9523b59b3e73fd522c73e95e072f876b16]
+6.8-upstream-stable: released (6.8.8) [90823f8d9ecca3d5fa6b102c8e464c62f416975f]
+6.6-upstream-stable: released (6.6.29) [2382eae66b196c31893984a538908c3eb7506ff9]
+6.1-upstream-stable: released (6.1.88) [897ac5306bbeb83e90c437326f7044c79a17c611]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26982 b/active/CVE-2024-26982
new file mode 100644
index 00000000..a1fbaff6
--- /dev/null
+++ b/active/CVE-2024-26982
@@ -0,0 +1,15 @@
+Description: Squashfs: check the inode number is not the invalid value of zero
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.9-rc5) [9253c54e01b6505d348afbc02abaa4d9f8a01395]
+6.8-upstream-stable: released (6.8.8) [7def00ebc9f2d6a581ddf46ce4541f84a10680e5]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26983 b/active/CVE-2024-26983
new file mode 100644
index 00000000..e5a980ac
--- /dev/null
+++ b/active/CVE-2024-26983
@@ -0,0 +1,16 @@
+Description: bootconfig: use memblock_free_late to free xbc memory to buddy
+References:
+Notes:
+ carnil> Introduced in 40caa127f3c7 ("init: bootconfig: Remove all bootconfig data when
+ carnil> the init memory is removed"). Vulnerable versions: 5.15-rc1.
+Bugs:
+upstream: released (6.9-rc5) [89f9a1e876b5a7ad884918c03a46831af202c8a0]
+6.8-upstream-stable: released (6.8.8) [5a7dfb8fcd3f29fc93161100179b27f24f3d5f35]
+6.6-upstream-stable: released (6.6.29) [e46d3be714ad9652480c6db129ab8125e2d20ab7]
+6.1-upstream-stable: released (6.1.88) [1e7feb31a18c197d63a5e606025ed63c762f8918]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26984 b/active/CVE-2024-26984
new file mode 100644
index 00000000..0555daf3
--- /dev/null
+++ b/active/CVE-2024-26984
@@ -0,0 +1,16 @@
+Description: nouveau: fix instmem race condition around ptr stores
+References:
+Notes:
+ carnil> Introduced in be55287aa5ba ("drm/nouveau/imem/nv50: embed nvkm_instobj directly
+ carnil> into nv04_instobj"). Vulnerable versions: 4.15-rc1.
+Bugs:
+upstream: released (6.9-rc5) [fff1386cc889d8fb4089d285f883f8cba62d82ce]
+6.8-upstream-stable: released (6.8.8) [21ca9539f09360fd83654f78f2c361f2f5ddcb52]
+6.6-upstream-stable: released (6.6.29) [a019b44b1bc6ed224c46fb5f88a8a10dd116e525]
+6.1-upstream-stable: released (6.1.88) [ad74d208f213c06d860916ad40f609ade8c13039]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26985 b/active/CVE-2024-26985
new file mode 100644
index 00000000..0bfbfad0
--- /dev/null
+++ b/active/CVE-2024-26985
@@ -0,0 +1,16 @@
+Description: drm/xe: Fix bo leak in intel_fb_bo_framebuffer_init
+References:
+Notes:
+ carnil> Introduced in 44e694958b95 ("drm/xe/display: Implement display support").
+ carnil> Vulnerable versions: 6.8-rc1.
+Bugs:
+upstream: released (6.9-rc5) [652ead9b746a63e4e79d7ad66d3edf0a8a5b0c2f]
+6.8-upstream-stable: released (6.8.8) [7d8ac0942c312abda43b407eff72d31747a7b472]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26986 b/active/CVE-2024-26986
new file mode 100644
index 00000000..1217e061
--- /dev/null
+++ b/active/CVE-2024-26986
@@ -0,0 +1,16 @@
+Description: drm/amdkfd: Fix memory leak in create_process failure
+References:
+Notes:
+ carnil> Introduced in 0ab2d7532b05 ("drm/amdkfd: prepare per-process debug enable and
+ carnil> disable"). Vulnerable versions: 6.5-rc1.
+Bugs:
+upstream: released (6.9-rc5) [18921b205012568b45760753ad3146ddb9e2d4e2]
+6.8-upstream-stable: released (6.8.8) [0dcd876411644da98a6b4d5a18d32ca94c15bdb5]
+6.6-upstream-stable: released (6.6.29) [aa02d43367a9adf8c85fb382fea4171fb266c8d0]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26987 b/active/CVE-2024-26987
new file mode 100644
index 00000000..8a1534e6
--- /dev/null
+++ b/active/CVE-2024-26987
@@ -0,0 +1,16 @@
+Description: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
+References:
+Notes:
+ carnil> Introduced in a6b40850c442 ("mm: hugetlb: replace hugetlb_free_vmemmap_enabled
+ carnil> with a static_key"). Vulnerable versions: 5.18-rc1.
+Bugs:
+upstream: released (6.9-rc5) [1983184c22dd84a4d95a71e5c6775c2638557dc7]
+6.8-upstream-stable: released (6.8.8) [49955b24002dc16a0ae2e83a57a2a6c863a1845c]
+6.6-upstream-stable: released (6.6.29) [882e1180c83f5b75bae03d0ccc31ccedfe5159de]
+6.1-upstream-stable: released (6.1.88) [5ef7ba2799a3b5ed292b8f6407376e2c25ef002e]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26988 b/active/CVE-2024-26988
new file mode 100644
index 00000000..fe584f49
--- /dev/null
+++ b/active/CVE-2024-26988
@@ -0,0 +1,16 @@
+Description: init/main.c: Fix potential static_command_line memory overflow
+References:
+Notes:
+ carnil> Introduced in f5c7310ac73e ("init/main: add checks for the return value of
+ carnil> memblock_alloc*()"). Vulnerable versions: 5.1-rc1.
+Bugs:
+upstream: released (6.9-rc5) [46dad3c1e57897ab9228332f03e1c14798d2d3b9]
+6.8-upstream-stable: released (6.8.8) [936a02b5a9630c5beb0353c3085cc49d86c57034]
+6.6-upstream-stable: released (6.6.29) [81cf85ae4f2dd5fa3e43021782aa72c4c85558e8]
+6.1-upstream-stable: released (6.1.88) [76c2f4d426a5358fced5d5990744d46f10a4ccea]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26989 b/active/CVE-2024-26989
new file mode 100644
index 00000000..4ce7d320
--- /dev/null
+++ b/active/CVE-2024-26989
@@ -0,0 +1,16 @@
+Description: arm64: hibernate: Fix level3 translation fault in swsusp_save()
+References:
+Notes:
+ carnil> Introduced in a7d9f306ba70 ("arm64: drop pfn_valid_within() and simplify
+ carnil> pfn_valid()"). Vulnerable versions: 5.14-rc1.
+Bugs:
+upstream: released (6.9-rc5) [50449ca66cc5a8cbc64749cf4b9f3d3fc5f4b457]
+6.8-upstream-stable: released (6.8.8) [022b19ebc31cce369c407617041a3db810db23b3]
+6.6-upstream-stable: released (6.6.29) [31f815cb436082e72d34ed2e8a182140a73ebdf4]
+6.1-upstream-stable: released (6.1.88) [f7e71a7cf399f53ff9fc314ca3836dc913b05bd6]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26990 b/active/CVE-2024-26990
new file mode 100644
index 00000000..5790cc7b
--- /dev/null
+++ b/active/CVE-2024-26990
@@ -0,0 +1,16 @@
+Description: KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status
+References:
+Notes:
+ carnil> Introduced in 5982a5392663 ("KVM: x86/mmu: Use kvm_ad_enabled() to determine if
+ carnil> TDP MMU SPTEs need wrprot"). Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.9-rc5) [2673dfb591a359c75080dd5af3da484b89320d22]
+6.8-upstream-stable: released (6.8.8) [e20bff0f1b2de9cfe303dd35ff46470104a87404]
+6.6-upstream-stable: released (6.6.29) [cdf811a937471af2d1facdf8ae80e5e68096f1ed]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26991 b/active/CVE-2024-26991
new file mode 100644
index 00000000..4255fba8
--- /dev/null
+++ b/active/CVE-2024-26991
@@ -0,0 +1,16 @@
+Description: KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes
+References:
+Notes:
+ carnil> Introduced in 90b4fe17981e ("KVM: x86: Disallow hugepages when memory
+ carnil> attributes are mixed"). Vulnerable versions: 6.8-rc1.
+Bugs:
+upstream: released (6.9-rc5) [992b54bd083c5bee24ff7cc35991388ab08598c4]
+6.8-upstream-stable: released (6.8.8) [048cc4a028e635d339687ed968985d2d1669494c]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26992 b/active/CVE-2024-26992
new file mode 100644
index 00000000..c874a6aa
--- /dev/null
+++ b/active/CVE-2024-26992
@@ -0,0 +1,16 @@
+Description: KVM: x86/pmu: Disable support for adaptive PEBS
+References:
+Notes:
+ carnil> Introduced in c59a1f106f5c ("KVM: x86/pmu: Add IA32_PEBS_ENABLE MSR emulation
+ carnil> for extended PEBS"). Vulnerable versions: 6.0-rc1.
+Bugs:
+upstream: released (6.9-rc5) [9e985cbf2942a1bb8fcef9adc2a17d90fd7ca8ee]
+6.8-upstream-stable: released (6.8.8) [7a7650b3ac23e5fc8c990f00e94f787dc84e3175]
+6.6-upstream-stable: released (6.6.29) [037e48ceccf163899374b601afb6ae8d0bf1d2ac]
+6.1-upstream-stable: released (6.1.88) [0fb74c00d140a66128afc0003785dcc57e69d312]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26993 b/active/CVE-2024-26993
new file mode 100644
index 00000000..11a9ea23
--- /dev/null
+++ b/active/CVE-2024-26993
@@ -0,0 +1,17 @@
+Description: fs: sysfs: Fix reference leak in sysfs_break_active_protection()
+References:
+Notes:
+ carnil> Introduced in 2afc9166f79b ("scsi: sysfs: Introduce
+ carnil> sysfs_{un,}break_active_protection()"). Vulnerable versions: 3.16.62 3.18.121
+ carnil> 4.4.154 4.9.125 4.14.68 4.18.6 4.19-rc1.
+Bugs:
+upstream: released (6.9-rc5) [a90bca2228c0646fc29a72689d308e5fe03e6d78]
+6.8-upstream-stable: released (6.8.8) [a4c99b57d43bab45225ba92d574a8683f9edc8e4]
+6.6-upstream-stable: released (6.6.29) [ac107356aabc362aaeb77463e814fc067a5d3957]
+6.1-upstream-stable: released (6.1.88) [5d43e072285e81b0b63cee7189b3357c7768a43b]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26994 b/active/CVE-2024-26994
new file mode 100644
index 00000000..384ea9e8
--- /dev/null
+++ b/active/CVE-2024-26994
@@ -0,0 +1,16 @@
+Description: speakup: Avoid crash on very long word
+References:
+Notes:
+ carnil> Introduced in c6e3fd22cd538 ("Staging: add speakup to the staging directory").
+ carnil> Vulnerable versions: 2.6.37-rc1.
+Bugs:
+upstream: released (6.9-rc5) [c8d2f34ea96ea3bce6ba2535f867f0d4ee3b22e1]
+6.8-upstream-stable: released (6.8.8) [0efb15c14c493263cb3a5f65f5ddfd4603d19a76]
+6.6-upstream-stable: released (6.6.29) [8defb1d22ba0395b81feb963b96e252b097ba76f]
+6.1-upstream-stable: released (6.1.88) [89af25bd4b4bf6a71295f07e07a8ae7dc03c6595]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26995 b/active/CVE-2024-26995
new file mode 100644
index 00000000..529a696f
--- /dev/null
+++ b/active/CVE-2024-26995
@@ -0,0 +1,16 @@
+Description: usb: typec: tcpm: Correct the PDO counting in pd_set
+References:
+Notes:
+ carnil> Introduced in cd099cde4ed2 ("usb: typec: tcpm: Support multiple capabilities").
+ carnil> Vulnerable versions: 6.8-rc1.
+Bugs:
+upstream: released (6.9-rc5) [c4128304c2169b4664ed6fb6200f228cead2ab70]
+6.8-upstream-stable: released (6.8.8) [f3da3192cdd3fefe213390e976eec424a8e270b5]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26996 b/active/CVE-2024-26996
new file mode 100644
index 00000000..599a1622
--- /dev/null
+++ b/active/CVE-2024-26996
@@ -0,0 +1,15 @@
+Description: usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.9-rc5) [6334b8e4553cc69f51e383c9de545082213d785e]
+6.8-upstream-stable: released (6.8.8) [7250326cbb1f4f90391ac511a126b936cefb5bb7]
+6.6-upstream-stable: released (6.6.29) [f356fd0cbd9c9cbd0854657a80d1608d0d732db3]
+6.1-upstream-stable: released (6.1.88) [0588bbbd718a8130b98c54518f1e0b569ce60a93]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26997 b/active/CVE-2024-26997
new file mode 100644
index 00000000..75db91c1
--- /dev/null
+++ b/active/CVE-2024-26997
@@ -0,0 +1,17 @@
+Description: usb: dwc2: host: Fix dereference issue in DDMA completion flow.
+References:
+Notes:
+ carnil> Introduced in b258e4268850 ("usb: dwc2: host: Fix ISOC flow in DDMA mode").
+ carnil> Vulnerable versions: 4.19.312 5.4.274 5.10.215 5.15.154 6.1.84 6.6.24 6.7.12
+ carnil> 6.8.3 6.9-rc2.
+Bugs:
+upstream: released (6.9-rc5) [eed04fa96c48790c1cce73c8a248e9d460b088f8]
+6.8-upstream-stable: released (6.8.8) [55656b2afd5f1efcec4245f3e7e814c2a9ef53f6]
+6.6-upstream-stable: released (6.6.29) [8a139fa44870e84ac228b7b76423a49610e5ba9a]
+6.1-upstream-stable: released (6.1.88) [9de10b59d16880a0a3ae2876c142fe54ce45d816]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26998 b/active/CVE-2024-26998
new file mode 100644
index 00000000..e907c64e
--- /dev/null
+++ b/active/CVE-2024-26998
@@ -0,0 +1,16 @@
+Description: serial: core: Clearing the circular buffer before NULLifying it
+References:
+Notes:
+ carnil> Introduced in 43066e32227e ("serial: port: Don't suspend if the port is still
+ carnil> busy"). Vulnerable versions: 6.6.24 6.7.12 6.8.
+Bugs:
+upstream: released (6.9-rc5) [9cf7ea2eeb745213dc2a04103e426b960e807940]
+6.8-upstream-stable: released (6.8.8) [bb1118905e875c111d7ccef9aee86ac5e4e7f985]
+6.6-upstream-stable: released (6.6.29) [7ae7104d54342433a3a73975f6569beefdd86350]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26999 b/active/CVE-2024-26999
new file mode 100644
index 00000000..32ee477c
--- /dev/null
+++ b/active/CVE-2024-26999
@@ -0,0 +1,16 @@
+Description: serial/pmac_zilog: Remove flawed mitigation for rx irq flood
+References:
+Notes:
+ carnil> Introduced in 1da177e4c3f4 ("Linux-2.6.12-rc2"). Vulnerable versions:
+ carnil> 2.6.12-rc2^0.
+Bugs:
+upstream: released (6.9-rc5) [1be3226445362bfbf461c92a5bcdb1723f2e4907]
+6.8-upstream-stable: released (6.8.8) [ca09dfc3cfdf89e6af3ac24e1c6c0be5c575a729]
+6.6-upstream-stable: released (6.6.29) [52aaf1ff14622a04148dbb9ccce6d9de5d534ea7]
+6.1-upstream-stable: released (6.1.88) [bbaafbb4651fede8d3c3881601ecaa4f834f9d3f]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27000 b/active/CVE-2024-27000
new file mode 100644
index 00000000..47ad9fb7
--- /dev/null
+++ b/active/CVE-2024-27000
@@ -0,0 +1,16 @@
+Description: serial: mxs-auart: add spinlock around changing cts state
+References:
+Notes:
+ carnil> Introduced in 4d90bb147ef6 ("serial: core: Document and assert lock
+ carnil> requirements for irq helpers"). Vulnerable versions: 3.18-rc1.
+Bugs:
+upstream: released (6.9-rc5) [54c4ec5f8c471b7c1137a1f769648549c423c026]
+6.8-upstream-stable: released (6.8.8) [94b0e65c75f4af888ab2dd6c90f060f762924e86]
+6.6-upstream-stable: released (6.6.29) [5f40fd6ca2cf0bfbc5a5c9e403dfce8ca899ba37]
+6.1-upstream-stable: released (6.1.88) [2c9b943e9924cf1269e44289bc5e60e51b0f5270]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27001 b/active/CVE-2024-27001
new file mode 100644
index 00000000..4a2fa0ec
--- /dev/null
+++ b/active/CVE-2024-27001
@@ -0,0 +1,16 @@
+Description: comedi: vmk80xx: fix incomplete endpoint checking
+References:
+Notes:
+ carnil> Introduced in 49253d542cc0 ("staging: comedi: vmk80xx: factor out usb endpoint
+ carnil> detection"). Vulnerable versions: 3.9-rc1.
+Bugs:
+upstream: released (6.9-rc5) [d1718530e3f640b7d5f0050e725216eab57a85d8]
+6.8-upstream-stable: released (6.8.8) [6ec3514a7d35ad9cfab600187612c29f669069d2]
+6.6-upstream-stable: released (6.6.29) [59f33af9796160f851641d960bd93937f282c696]
+6.1-upstream-stable: released (6.1.88) [ac882d6b21bffecb57bcc4486701239eef5aa67b]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27002 b/active/CVE-2024-27002
new file mode 100644
index 00000000..96a6e9bc
--- /dev/null
+++ b/active/CVE-2024-27002
@@ -0,0 +1,16 @@
+Description: clk: mediatek: Do a runtime PM get on controllers during probe
+References:
+Notes:
+ carnil> Introduced in acddfc2c261b ("clk: mediatek: Add MT8183 clock support").
+ carnil> Vulnerable versions: 5.2-rc1.
+Bugs:
+upstream: released (6.9-rc5) [2f7b1d8b5505efb0057cd1ab85fca206063ea4c3]
+6.8-upstream-stable: released (6.8.8) [b62ed25feb342eab052822eff0c554873799a4f5]
+6.6-upstream-stable: released (6.6.29) [c0dcd5c072e2a3fff886f673e6a5d9bf8090c4cc]
+6.1-upstream-stable: released (6.1.88) [165d226472575b213dd90dfda19d1605dd7c19a8]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27003 b/active/CVE-2024-27003
new file mode 100644
index 00000000..f4efde35
--- /dev/null
+++ b/active/CVE-2024-27003
@@ -0,0 +1,16 @@
+Description: clk: Get runtime PM before walking tree for clk_summary
+References:
+Notes:
+ carnil> Introduced in 1bb294a7981c ("clk: Enable/Disable runtime PM for clk_summary").
+ carnil> Vulnerable versions: 5.17-rc1.
+Bugs:
+upstream: released (6.9-rc5) [9d1e795f754db1ac3344528b7af0b17b8146f321]
+6.8-upstream-stable: released (6.8.8) [b457105309d388e4081c716cf7b81d517ff74db4]
+6.6-upstream-stable: released (6.6.29) [2c077fdfd09dffb31a890e5095c8ab205138a42e]
+6.1-upstream-stable: released (6.1.88) [83ada89e4a86e2b28ea2b5113c76d6dc7560a4d0]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27004 b/active/CVE-2024-27004
new file mode 100644
index 00000000..f2d93596
--- /dev/null
+++ b/active/CVE-2024-27004
@@ -0,0 +1,16 @@
+Description: clk: Get runtime PM before walking tree during disable_unused
+References:
+Notes:
+ carnil> Introduced in 9a34b45397e5 ("clk: Add support for runtime PM"). Vulnerable
+ carnil> versions: 4.15-rc1.
+Bugs:
+upstream: released (6.9-rc5) [e581cf5d216289ef292d1a4036d53ce90e122469]
+6.8-upstream-stable: released (6.8.8) [115554862294397590088ba02f11f2aba6d5016c]
+6.6-upstream-stable: released (6.6.29) [60ff482c4205a5aac3b0595ab794cfd62295dab5]
+6.1-upstream-stable: released (6.1.88) [a424e713e0cc33d4b969cfda25b9f46df4d7b5bc]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27005 b/active/CVE-2024-27005
new file mode 100644
index 00000000..b73c7711
--- /dev/null
+++ b/active/CVE-2024-27005
@@ -0,0 +1,16 @@
+Description: interconnect: Don't access req_list while it's being manipulated
+References:
+Notes:
+ carnil> Introduced in af42269c3523 ("interconnect: Fix locking for runpm vs reclaim").
+ carnil> Vulnerable versions: 5.15.133 5.15.151 6.1.55 6.1.81 6.5.5 6.6-rc1.
+Bugs:
+upstream: released (6.9-rc5) [de1bf25b6d771abdb52d43546cf57ad775fb68a1]
+6.8-upstream-stable: released (6.8.8) [4c65507121ea8e0b47fae6d2049c8688390d46b6]
+6.6-upstream-stable: released (6.6.29) [d0d04efa2e367921654b5106cc5c05e3757c2b42]
+6.1-upstream-stable: needed
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27006 b/active/CVE-2024-27006
new file mode 100644
index 00000000..3c50f3dc
--- /dev/null
+++ b/active/CVE-2024-27006
@@ -0,0 +1,16 @@
+Description: thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up()
+References:
+Notes:
+ carnil> Introduced in 7ef01f228c9f ("thermal/debugfs: Add thermal debugfs information
+ carnil> for mitigation episodes"). Vulnerable versions: 6.8-rc1.
+Bugs:
+upstream: released (6.9-rc5) [b552f63cd43735048bbe9bfbb7a9dcfce166fbdd]
+6.8-upstream-stable: released (6.8.8) [9c8215d32e730b597c809a9d2090bf8ec1b79fcf]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27007 b/active/CVE-2024-27007
new file mode 100644
index 00000000..73058a5c
--- /dev/null
+++ b/active/CVE-2024-27007
@@ -0,0 +1,16 @@
+Description: userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE
+References:
+Notes:
+ carnil> Introduced in adef440691ba ("userfaultfd: UFFDIO_MOVE uABI"). Vulnerable
+ carnil> versions: 6.8-rc1.
+Bugs:
+upstream: released (6.9-rc5) [c0205eaf3af9f5db14d4b5ee4abacf4a583c3c50]
+6.8-upstream-stable: released (6.8.8) [df5f6e683e7f21a15d8be6e7a0c7a46436963ebe]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27008 b/active/CVE-2024-27008
new file mode 100644
index 00000000..24fb7978
--- /dev/null
+++ b/active/CVE-2024-27008
@@ -0,0 +1,18 @@
+Description: drm: nv04: Fix out of bounds access
+References:
+Notes:
+ carnil> Introduced in 2e5702aff395 ("drm/nouveau: fabricate DCB encoder table for iMac
+ carnil> G4")
+ carnil> 670820c0e6a9 ("drm/nouveau: Workaround incorrect DCB entry on a GeForce3 Ti
+ carnil> 200."). Vulnerable versions: 2.6.38-rc1.
+Bugs:
+upstream: released (6.9-rc5) [cf92bb778eda7830e79452c6917efa8474a30c1e]
+6.8-upstream-stable: released (6.8.8) [26212da39ee14a52c76a202c6ae5153a84f579a5]
+6.6-upstream-stable: released (6.6.29) [6690cc2732e2a8d0eaca44dcbac032a4b0148042]
+6.1-upstream-stable: released (6.1.88) [5fd4b090304e450aa0e7cc9cc2b4873285c6face]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27009 b/active/CVE-2024-27009
new file mode 100644
index 00000000..2369aa43
--- /dev/null
+++ b/active/CVE-2024-27009
@@ -0,0 +1,16 @@
+Description: s390/cio: fix race condition during online processing
+References:
+Notes:
+ carnil> Introduced in 2297791c92d0 ("s390/cio: dont unregister subchannel from
+ carnil> child-drivers"). Vulnerable versions: 5.15-rc1.
+Bugs:
+upstream: released (6.9-rc5) [2d8527f2f911fab84aec04df4788c0c23af3df48]
+6.8-upstream-stable: released (6.8.8) [a4234decd0fe429832ca81c4637be7248b88b49e]
+6.6-upstream-stable: released (6.6.29) [2df56f4ea769ff81e51bbb05699989603bde9c49]
+6.1-upstream-stable: released (6.1.88) [559f3a6333397ab6cd4a696edd65a70b6be62c6e]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27010 b/active/CVE-2024-27010
new file mode 100644
index 00000000..1df1fc9b
--- /dev/null
+++ b/active/CVE-2024-27010
@@ -0,0 +1,17 @@
+Description: net/sched: Fix mirred deadlock on device recursion
+References:
+Notes:
+ carnil> Introduced in 3bcb846ca4cf ("net: get rid of spin_trylock() in net_tx_action()")
+ carnil> e578d9c02587 ("net: sched: use counter to break reclassify loops"). Vulnerable
+ carnil> versions: 4.2-rc1.
+Bugs:
+upstream: released (6.9-rc5) [0f022d32c3eca477fbf79a205243a6123ed0fe11]
+6.8-upstream-stable: released (6.8.8) [e6b90468da4dae2281a6e381107f411efb48b0ef]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27011 b/active/CVE-2024-27011
new file mode 100644
index 00000000..2d8674cc
--- /dev/null
+++ b/active/CVE-2024-27011
@@ -0,0 +1,16 @@
+Description: netfilter: nf_tables: fix memleak in map from abort path
+References:
+Notes:
+ carnil> Introduced in 591054469b3e ("netfilter: nf_tables: revisit chain/object
+ carnil> refcounting from elements"). Vulnerable versions: 4.12-rc3.
+Bugs:
+upstream: released (6.9-rc5) [86a1471d7cde792941109b93b558b5dc078b9ee9]
+6.8-upstream-stable: released (6.8.8) [49d0e656d19dfb2d4d7c230e4a720d37b3decff6]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27012 b/active/CVE-2024-27012
new file mode 100644
index 00000000..9093ebcc
--- /dev/null
+++ b/active/CVE-2024-27012
@@ -0,0 +1,17 @@
+Description: netfilter: nf_tables: restore set elements when delete set fails
+References:
+Notes:
+ carnil> Introduced in 628bd3e49cba ("netfilter: nf_tables: drop map element references
+ carnil> from preparation phase"). Vulnerable versions: 5.4.262 5.10.188 5.15.121 6.1.36
+ carnil> 6.3.10 6.4.
+Bugs:
+upstream: released (6.9-rc5) [e79b47a8615d42c68aaeb68971593333667382ed]
+6.8-upstream-stable: released (6.8.8) [86658fc7414d4b9e25c2699d751034537503d637]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27013 b/active/CVE-2024-27013
new file mode 100644
index 00000000..dab0232c
--- /dev/null
+++ b/active/CVE-2024-27013
@@ -0,0 +1,16 @@
+Description: tun: limit printing rate when illegal packet received by tun dev
+References:
+Notes:
+ carnil> Introduced in ef3db4a59542 ("tun: avoid BUG, dump packet on GSO errors").
+ carnil> Vulnerable versions: 2.6.35.
+Bugs:
+upstream: released (6.9-rc5) [f8bbc07ac535593139c875ffa19af924b1084540]
+6.8-upstream-stable: released (6.8.8) [52854101180beccdb9dc2077a3bea31b6ad48dfa]
+6.6-upstream-stable: released (6.6.29) [40f4ced305c6c47487d3cd8da54676e2acc1a6ad]
+6.1-upstream-stable: released (6.1.88) [62e27ef18eb4f0d33bbae8e9ef56b99696a74713]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27014 b/active/CVE-2024-27014
new file mode 100644
index 00000000..85f4a226
--- /dev/null
+++ b/active/CVE-2024-27014
@@ -0,0 +1,16 @@
+Description: net/mlx5e: Prevent deadlock while disabling aRFS
+References:
+Notes:
+ carnil> Introduced in 45bf454ae884 ("net/mlx5e: Enabling aRFS mechanism"). Vulnerable
+ carnil> versions: 4.7-rc1.
+Bugs:
+upstream: released (6.9-rc5) [fef965764cf562f28afb997b626fc7c3cec99693]
+6.8-upstream-stable: released (6.8.8) [0080bf99499468030248ebd25dd645e487dcecdc]
+6.6-upstream-stable: released (6.6.29) [48c4bb81df19402d4346032353d0795260255e3b]
+6.1-upstream-stable: released (6.1.88) [46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27015 b/active/CVE-2024-27015
new file mode 100644
index 00000000..ed078b43
--- /dev/null
+++ b/active/CVE-2024-27015
@@ -0,0 +1,16 @@
+Description: netfilter: flowtable: incorrect pppoe tuple
+References:
+Notes:
+ carnil> Introduced in 72efd585f714 ("netfilter: flowtable: add pppoe support").
+ carnil> Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (6.9-rc5) [6db5dc7b351b9569940cd1cf445e237c42cd6d27]
+6.8-upstream-stable: released (6.8.8) [e3f078103421642fcd5f05c5e70777feb10f000d]
+6.6-upstream-stable: released (6.6.29) [4ed82dd368ad883dc4284292937b882f044e625d]
+6.1-upstream-stable: released (6.1.88) [f1c3c61701a0b12f4906152c1626a5de580ea3d2]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27016 b/active/CVE-2024-27016
new file mode 100644
index 00000000..8fef1e00
--- /dev/null
+++ b/active/CVE-2024-27016
@@ -0,0 +1,16 @@
+Description: netfilter: flowtable: validate pppoe header
+References:
+Notes:
+ carnil> Introduced in 72efd585f714 ("netfilter: flowtable: add pppoe support").
+ carnil> Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (6.9-rc5) [87b3593bed1868b2d9fe096c01bcdf0ea86cbebf]
+6.8-upstream-stable: released (6.8.8) [cf366ee3bc1b7d1c76a882640ba3b3f8f1039163]
+6.6-upstream-stable: released (6.6.29) [a2471d271042ea18e8a6babc132a8716bb2f08b9]
+6.1-upstream-stable: released (6.1.88) [8bf7c76a2a207ca2b4cfda0a279192adf27678d7]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27017 b/active/CVE-2024-27017
new file mode 100644
index 00000000..21143d71
--- /dev/null
+++ b/active/CVE-2024-27017
@@ -0,0 +1,16 @@
+Description: netfilter: nft_set_pipapo: walk over current view on netlink dump
+References:
+Notes:
+ carnil> Introduced in 2b84e215f874 ("netfilter: nft_set_pipapo: .walk does not deal
+ carnil> with generations"). Vulnerable versions: 5.10.186 5.15.119 6.1.36 6.3.10 6.4.
+Bugs:
+upstream: released (6.9-rc5) [29b359cf6d95fd60730533f7f10464e95bd17c73]
+6.8-upstream-stable: released (6.8.8) [721715655c72640567e8742567520c99801148ed]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27018 b/active/CVE-2024-27018
new file mode 100644
index 00000000..86390f35
--- /dev/null
+++ b/active/CVE-2024-27018
@@ -0,0 +1,17 @@
+Description: netfilter: br_netfilter: skip conntrack input hook for promisc packets
+References:
+Notes:
+ carnil> Introduced in 62e7151ae3eb ("netfilter: bridge: confirm multicast packets
+ carnil> before passing them up the stack"). Vulnerable versions: 5.15.151 6.1.81 6.6.21
+ carnil> 6.7.9 6.8-rc7.
+Bugs:
+upstream: released (6.9-rc5) [751de2012eafa4d46d8081056761fa0e9cc8a178]
+6.8-upstream-stable: released (6.8.8) [43193174510ea4f3ce09b796e559a2fd9f148615]
+6.6-upstream-stable: released (6.6.29) [3f59ac29dea0921637053908fe99268d157bbb9d]
+6.1-upstream-stable: released (6.1.88) [b13db0d16bc7b2a52abcf5cb71334f63faa5dbd6]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27019 b/active/CVE-2024-27019
new file mode 100644
index 00000000..bc4e6827
--- /dev/null
+++ b/active/CVE-2024-27019
@@ -0,0 +1,16 @@
+Description: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
+References:
+Notes:
+ carnil> Introduced in e50092404c1b ("netfilter: nf_tables: add stateful objects").
+ carnil> Vulnerable versions: 4.10-rc1.
+Bugs:
+upstream: released (6.9-rc5) [d78d867dcea69c328db30df665be5be7d0148484]
+6.8-upstream-stable: released (6.8.8) [4ca946b19caf655a08d5e2266d4d5526025ebb73]
+6.6-upstream-stable: released (6.6.29) [ad333578f736d56920e090d7db1f8dec891d815e]
+6.1-upstream-stable: released (6.1.88) [df7c0fb8c2b9f9cac65659332581b19682a71349]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27020 b/active/CVE-2024-27020
new file mode 100644
index 00000000..ae0bf6be
--- /dev/null
+++ b/active/CVE-2024-27020
@@ -0,0 +1,16 @@
+Description: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
+References:
+Notes:
+ carnil> Introduced in ef1f7df9170d ("netfilter: nf_tables: expression ops
+ carnil> overloading"). Vulnerable versions: 3.13-rc1.
+Bugs:
+upstream: released (6.9-rc5) [f969eb84ce482331a991079ab7a5c4dc3b7f89bf]
+6.8-upstream-stable: released (6.8.8) [01f1a678b05ade4b1248019c2dcca773aebbeb7f]
+6.6-upstream-stable: released (6.6.29) [a9ebf340d123ae12582210407f879d6a5a1bc25b]
+6.1-upstream-stable: released (6.1.88) [8d56bad42ac4c43c6c72ddd6a654a2628bf839c5]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27021 b/active/CVE-2024-27021
new file mode 100644
index 00000000..91632bcd
--- /dev/null
+++ b/active/CVE-2024-27021
@@ -0,0 +1,16 @@
+Description: r8169: fix LED-related deadlock on module removal
+References:
+Notes:
+ carnil> Introduced in 18764b883e15 ("r8169: add support for LED's on RTL8168/RTL8101").
+ carnil> Vulnerable versions: 6.8-rc1.
+Bugs:
+upstream: released (6.9-rc4) [19fa4f2a85d777a8052e869c1b892a2f7556569d]
+6.8-upstream-stable: released (6.8.8) [53d986f39acd8ea11c9e460732bfa5add66360d9]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"