Add batch of CVEs from CNA

author: Salvatore Bonaccorso <carnil@debian.org> 2024-04-17 19:42:10 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-04-17 19:42:10 +0200
commit: 340814e1a325812027f37a78f5052c8c470caa62 (patch)
tree: 7ef5ef0ab7ed2d3c56b2a1da4e9fb0373757586a /active/CVE-2024-26852
parent: 16ca5f383c524df1ff66a64d96eba1266dd6e1dc (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/active/CVE-2024-26852 b/active/CVE-2024-26852
new file mode 100644
index 00000000..2fb7606f
--- /dev/null
+++ b/active/CVE-2024-26852
@@ -0,0 +1,17 @@
+Description: net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
+References:
+Notes:
+ carnil> Introduced in 3b1137fe7482 ("net: ipv6: Change notifications for multipath add
+ carnil> to RTA_MULTIPATH"). Vulnerable versions: 4.11-rc1.
+Bugs:
+upstream: released (6.8) [685f7d531264599b3f167f1e94bbd22f120e5fab]
+6.8-upstream-stable: released (6.8) [685f7d531264599b3f167f1e94bbd22f120e5fab]
+6.7-upstream-stable: released (6.7.10) [61b34f73cdbdb8eaf9ea12e9e2eb3b29716c4dda]
+6.6-upstream-stable: released (6.6.22) [ed883060c38721ed828061f6c0c30e5147326c9a]
+6.1-upstream-stable: released (6.1.82) [394334fe2ae3b9f1e2332b873857e84cb28aac18]
+5.10-upstream-stable: released (5.10.213) [79ce2e54cc0ae366f45516c00bf1b19aa43e9abe]
+4.19-upstream-stable: released (4.19.310) [31ea5bcc7d4cd1423de6be327a2c034725704136]
+sid: needed
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
author	Salvatore Bonaccorso <carnil@debian.org>	2024-04-17 19:42:10 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-04-17 19:42:10 +0200
commit	340814e1a325812027f37a78f5052c8c470caa62 (patch)
tree	7ef5ef0ab7ed2d3c56b2a1da4e9fb0373757586a /active/CVE-2024-26852
parent	16ca5f383c524df1ff66a64d96eba1266dd6e1dc (diff)