Add new batch of CVEs assigned from Linux kernel CNA

Manual fixup for the sid version not correctly detecting 6.6.15-1 as the right now and instead using 6.7.7-1 one.
author: Salvatore Bonaccorso <carnil@debian.org> 2024-04-02 10:56:31 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-04-02 10:56:31 +0200
commit: 394790af91161b751b9411f7737a4207ba5c0b55 (patch)
tree: e24f0764bf786f47a569956869194e71add754ec /active/CVE-2023-52630
parent: 612fa53fe5f7ec56deab8572d3abc0d9f345e3c0 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/active/CVE-2023-52630 b/active/CVE-2023-52630
new file mode 100644
index 00000000..1906f416
--- /dev/null
+++ b/active/CVE-2023-52630
@@ -0,0 +1,16 @@
+Description: blk-iocost: Fix an UBSAN shift-out-of-bounds warning
+References:
+Notes:
+ carnil> Introduced in 5160a5a53c0c ("blk-iocost: implement delay adjustment
+ carnil> hysteresis"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (6.8-rc4) [2a427b49d02995ea4a6ff93a1432c40fa4d36821]
+6.7-upstream-stable: released (6.7.5) [cd33b330cb21675189e747953845f5c3689e4912]
+6.6-upstream-stable: released (6.6.17) [27b216130e64651e76ed583742a1b4e4d08a67c3]
+6.1-upstream-stable: released (6.1.78) [e5dc63f01e027721c29f82069f7e97e2149fa131]
+5.10-upstream-stable: released (5.10.210) [9f56f38331171c9a19754004f0664686d67ee48d]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2024-04-02 10:56:31 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-04-02 10:56:31 +0200
commit	394790af91161b751b9411f7737a4207ba5c0b55 (patch)
tree	e24f0764bf786f47a569956869194e71add754ec /active/CVE-2023-52630
parent	612fa53fe5f7ec56deab8572d3abc0d9f345e3c0 (diff)