Add new batch of CVEs from Linux kernel CNA

author: Salvatore Bonaccorso <carnil@debian.org> 2024-05-01 20:48:05 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-05-01 20:48:05 +0200
commit: d05469adc091243005292db82d4b4e6556c58199 (patch)
tree: 9bfb90da2a4dc8e0c470909cad02a4592addbe59 /active
parent: 0763ac5322d01bfc34edc852640cce8a7f68afff (diff)
69 files changed, 1105 insertions, 0 deletions
diff --git a/active/CVE-2022-48669 b/active/CVE-2022-48669
new file mode 100644
index 00000000..42133200
--- /dev/null
+++ b/active/CVE-2022-48669
@@ -0,0 +1,16 @@
+Description: powerpc/pseries: Fix potential memleak in papr_get_attr()
+References:
+Notes:
+ carnil> Introduced in 3c14b73454cf ("powerpc/pseries: Interface to represent PAPR
+ carnil> firmware attributes"). Vulnerable versions: 5.18-rc1.
+Bugs:
+upstream: released (6.9-rc1) [cda9c0d556283e2d4adaa9960b2dc19b16156bae]
+6.8-upstream-stable: released (6.8.2) [d0647c3e81eff62b66d46fd4e475318cb8cb3610]
+6.6-upstream-stable: released (6.6.23) [1699fb915b9f61794d559b55114c09a390aaf234]
+6.1-upstream-stable: released (6.1.83) [a3f22feb2220a945d1c3282e34199e8bcdc5afc4]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-52649 b/active/CVE-2023-52649
new file mode 100644
index 00000000..3e2b3d8e
--- /dev/null
+++ b/active/CVE-2023-52649
@@ -0,0 +1,16 @@
+Description: drm/vkms: Avoid reading beyond LUT array
+References:
+Notes:
+ carnil> Introduced in db1f254f2cfa ("drm/vkms: Add support to 1D gamma LUT").
+ carnil> Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.9-rc1) [2fee84030d12d9fddfa874e4562d71761a129277]
+6.8-upstream-stable: released (6.8.2) [92800aaeff51b8358d1e0a7eb74daf8aa2d7ce9d]
+6.6-upstream-stable: released (6.6.23) [9556c167673057d48ce4a0da675026fe046654c1]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-52650 b/active/CVE-2023-52650
new file mode 100644
index 00000000..28a1d908
--- /dev/null
+++ b/active/CVE-2023-52650
@@ -0,0 +1,16 @@
+Description: drm/tegra: dsi: Add missing check for of_find_device_by_node
+References:
+Notes:
+ carnil> Introduced in e94236cde4d5 ("drm/tegra: dsi: Add ganged mode support").
+ carnil> Vulnerable versions: 3.19-rc1.
+Bugs:
+upstream: released (6.9-rc1) [afe6fcb9775882230cd29b529203eabd5d2a638d]
+6.8-upstream-stable: released (6.8.2) [3169eaf1365541fd8e521091010c44fbe14691fc]
+6.6-upstream-stable: released (6.6.23) [52aa507148c4aad41436e2005d742ffcafad9976]
+6.1-upstream-stable: released (6.1.83) [50c0ad785a780c72a2fdaba10b38c645ffb4eae6]
+5.10-upstream-stable: released (5.10.214) [92003981a6df5dc84af8a5904f8ee112fa324129]
+4.19-upstream-stable: released (4.19.311) [47a13d0b9d8527518639ab5c39667f69d6203e80]
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52651 b/active/CVE-2023-52651
new file mode 100644
index 00000000..354453a6
--- /dev/null
+++ b/active/CVE-2023-52651
@@ -0,0 +1,16 @@
+Description: wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()
+References:
+Notes:
+ carnil> Introduced in dc405152bb64 ("ath10k: handle mgmt tx completion event").
+ carnil> Vulnerable versions: 4.19-rc1.
+Bugs:
+upstream: released (6.9-rc1) [ad25ee36f00172f7d53242dc77c69fff7ced0755]
+6.8-upstream-stable: released (6.8.2) [835c5d37f4b0ba99e9ec285ffa645bc532714191]
+6.6-upstream-stable: released (6.6.23) [10a342fa2fe4c4dd22f2c8fe917d3b1929582076]
+6.1-upstream-stable: released (6.1.83) [90f089d77e38db1c48629f111f3c8c336be1bc38]
+5.10-upstream-stable: released (5.10.214) [e1dc7aa814a95aeeb1b2c05be2b62af8423b15cc]
+4.19-upstream-stable: released (4.19.311) [0cd3b0a1dc987697cba1fe93c784365aa1f8a230]
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52652 b/active/CVE-2023-52652
new file mode 100644
index 00000000..c5e1e697
--- /dev/null
+++ b/active/CVE-2023-52652
@@ -0,0 +1,16 @@
+Description: NTB: fix possible name leak in ntb_register_device()
+References:
+Notes:
+ carnil> Introduced in a1bd3baeb2f1 ("NTB: Add NTB hardware abstraction layer").
+ carnil> Vulnerable versions: 4.2-rc1.
+Bugs:
+upstream: released (6.9-rc1) [aebfdfe39b9327a3077d0df8db3beb3160c9bdd0]
+6.8-upstream-stable: released (6.8.2) [913421f9f7fd8324dcc41753d0f28b52e177ef04]
+6.6-upstream-stable: released (6.6.23) [a039690d323221eb5865f1f31db3ec264e7a14b6]
+6.1-upstream-stable: released (6.1.83) [6632a54ac8057cc0b0d789c6f73883e871bcd25c]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52653 b/active/CVE-2023-52653
new file mode 100644
index 00000000..edfeeab6
--- /dev/null
+++ b/active/CVE-2023-52653
@@ -0,0 +1,16 @@
+Description: SUNRPC: fix a memleak in gss_import_v2_context
+References:
+Notes:
+ carnil> Introduced in 47d848077629 ("gss_krb5: handle new context format from gssd").
+ carnil> Vulnerable versions: 2.6.35-rc1.
+Bugs:
+upstream: released (6.9-rc1) [e67b652d8e8591d3b1e569dbcdfcee15993e91fa]
+6.8-upstream-stable: released (6.8.2) [d111e30d9cd846bb368faf3637dc0f71fcbcf822]
+6.6-upstream-stable: released (6.6.23) [99044c01ed5329e73651c054d8a4baacdbb1a27c]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.12-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27023 b/active/CVE-2024-27023
new file mode 100644
index 00000000..41d680eb
--- /dev/null
+++ b/active/CVE-2024-27023
@@ -0,0 +1,16 @@
+Description: md: Fix missing release of 'active_io' for flush
+References:
+Notes:
+ carnil> Introduced in fa2bbff7b0b4 ("md: synchronize flush io with array
+ carnil> reconfiguration"). Vulnerable versions: 6.1.75 6.6.14 6.7.2 6.8-rc1.
+Bugs:
+upstream: released (6.8-rc6) [855678ed8534518e2b428bcbcec695de9ba248e8]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: released (6.6.19) [02dad157ba11064d073f5499dc33552b227d5d3a]
+6.1-upstream-stable: released (6.1.80) [6b2ff10390b19a2364af622b6666b690443f9f3f]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27024 b/active/CVE-2024-27024
new file mode 100644
index 00000000..788329be
--- /dev/null
+++ b/active/CVE-2024-27024
@@ -0,0 +1,16 @@
+Description: net/rds: fix WARNING in rds_conn_connect_if_down
+References:
+Notes:
+ carnil> Introduced in 584a8279a44a ("RDS: RDMA: return appropriate error on rdma map
+ carnil> failures"). Vulnerable versions: 3.18.85 4.1.48 4.4.103 4.9.66 4.11-rc1.
+Bugs:
+upstream: released (6.8) [c055fc00c07be1f0df7375ab0036cebd1106ed38]
+6.8-upstream-stable: released (6.8) [c055fc00c07be1f0df7375ab0036cebd1106ed38]
+6.6-upstream-stable: released (6.6.22) [2b505d05280739ce31d5708da840f42df827cb85]
+6.1-upstream-stable: released (6.1.82) [998fd719e6d6468b930ac0c44552ea9ff8b07b80]
+5.10-upstream-stable: released (5.10.213) [9dfc15a10dfd44f8ff7f27488651cb5be6af83c2]
+4.19-upstream-stable: released (4.19.310) [786854141057751bc08eb26f1b02e97c1631c8f4]
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27025 b/active/CVE-2024-27025
new file mode 100644
index 00000000..1836149c
--- /dev/null
+++ b/active/CVE-2024-27025
@@ -0,0 +1,16 @@
+Description: nbd: null check for nla_nest_start
+References:
+Notes:
+ carnil> Introduced in 47d902b90a32 ("nbd: add a status netlink command"). Vulnerable
+ carnil> versions: 4.12-rc1.
+Bugs:
+upstream: released (6.9-rc1) [31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d]
+6.8-upstream-stable: released (6.8.2) [ba6a9970ce9e284cbc04099361c58731e308596a]
+6.6-upstream-stable: released (6.6.23) [b7f5aed55829f376e4f7e5ea5b80ccdcb023e983]
+6.1-upstream-stable: released (6.1.83) [96436365e5d80d0106ea785a4f80a58e7c9edff8]
+5.10-upstream-stable: released (5.10.214) [4af837db0fd3679fabc7b7758397090b0c06dced]
+4.19-upstream-stable: needed
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27026 b/active/CVE-2024-27026
new file mode 100644
index 00000000..840095be
--- /dev/null
+++ b/active/CVE-2024-27026
@@ -0,0 +1,16 @@
+Description: vmxnet3: Fix missing reserved tailroom
+References:
+Notes:
+ carnil> Introduced in 54f00cce1178 ("vmxnet3: Add XDP support."). Vulnerable versions:
+ carnil> 6.6-rc1.
+Bugs:
+upstream: released (6.9-rc1) [e127ce7699c1e05279ee5ee61f00893e7bfa9671]
+6.8-upstream-stable: released (6.8.2) [91d017d19d5a9ad153e2dc23ed3c0e2e79ef5262]
+6.6-upstream-stable: released (6.6.23) [aba8659caf88017507419feea06069f529329ea6]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27027 b/active/CVE-2024-27027
new file mode 100644
index 00000000..c9676d62
--- /dev/null
+++ b/active/CVE-2024-27027
@@ -0,0 +1,16 @@
+Description: dpll: fix dpll_xa_ref_*_del() for multiple registrations
+References:
+Notes:
+ carnil> Introduced in 9431063ad323 ("dpll: core: Add DPLL framework base functions").
+ carnil> Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.9-rc1) [b446631f355ece73b13c311dd712c47381a23172]
+6.8-upstream-stable: released (6.8.2) [b27e32e9367dac024cd6f61f22655714f483fd67]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27028 b/active/CVE-2024-27028
new file mode 100644
index 00000000..78d2af9e
--- /dev/null
+++ b/active/CVE-2024-27028
@@ -0,0 +1,16 @@
+Description: spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
+References:
+Notes:
+ carnil> Introduced in 1ce24864bff4 ("spi: mediatek: Only do dma for 4-byte aligned
+ carnil> buffers"). Vulnerable versions: 4.11-rc1.
+Bugs:
+upstream: released (6.9-rc1) [a20ad45008a7c82f1184dc6dee280096009ece55]
+6.8-upstream-stable: released (6.8.2) [1784053cf10a14c4ebd8a890bad5cfe1bee51713]
+6.6-upstream-stable: released (6.6.23) [62b1f837b15cf3ec2835724bdf8577e47d14c753]
+6.1-upstream-stable: released (6.1.83) [766ec94cc57492eab97cbbf1595bd516ab0cb0e4]
+5.10-upstream-stable: released (5.10.214) [bcfcdf19698024565eff427706ebbd8df65abd11]
+4.19-upstream-stable: released (4.19.311) [2342b05ec5342a519e00524a507f7a6ea6791a38]
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27029 b/active/CVE-2024-27029
new file mode 100644
index 00000000..e92756b9
--- /dev/null
+++ b/active/CVE-2024-27029
@@ -0,0 +1,16 @@
+Description: drm/amdgpu: fix mmhub client id out-of-bounds access
+References:
+Notes:
+ carnil> Introduced in aba2be41470a ("drm/amdgpu: add mmhub 3.3.0 support"). Vulnerable
+ carnil> versions: 6.7-rc1.
+Bugs:
+upstream: released (6.9-rc1) [6540ff6482c1a5a6890ae44b23d0852ba1986d9e]
+6.8-upstream-stable: released (6.8.2) [1f24b3040f2b6ffcb97151fabb3070328254d923]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27030 b/active/CVE-2024-27030
new file mode 100644
index 00000000..06305fdd
--- /dev/null
+++ b/active/CVE-2024-27030
@@ -0,0 +1,16 @@
+Description: octeontx2-af: Use separate handlers for interrupts
+References:
+Notes:
+ carnil> Introduced in 7304ac4567bc ("octeontx2-af: Add mailbox IRQ and msg handlers").
+ carnil> Vulnerable versions: 4.20-rc1.
+Bugs:
+upstream: released (6.9-rc1) [50e60de381c342008c0956fd762e1c26408f372c]
+6.8-upstream-stable: released (6.8.2) [4fedae8f9eafa2ac8cdaca58e315f52a7e2a8701]
+6.6-upstream-stable: released (6.6.23) [dc29dd00705a62c77de75b6d752259b869aac49d]
+6.1-upstream-stable: released (6.1.83) [29d2550d79a8cbd31e0fbaa5c0e2a2efdc444e44]
+5.10-upstream-stable: released (5.10.214) [766c2627acb2d9d1722cce2e24837044d52d888a]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27031 b/active/CVE-2024-27031
new file mode 100644
index 00000000..30bd48f5
--- /dev/null
+++ b/active/CVE-2024-27031
@@ -0,0 +1,16 @@
+Description: NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt
+References:
+Notes:
+ carnil> Introduced in 000dbe0bec05 ("NFS: Convert buffered read paths to use netfs when
+ carnil> fscache is enabled"). Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.9-rc1) [fd5860ab6341506004219b080aea40213b299d2e]
+6.8-upstream-stable: released (6.8.2) [8a2e5977cecd3cde6a0e3e86b7b914d00240e5dc]
+6.6-upstream-stable: released (6.6.23) [ad27382f8495f8ef6d2c66c413d756bfd13c0598]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27032 b/active/CVE-2024-27032
new file mode 100644
index 00000000..859d6e14
--- /dev/null
+++ b/active/CVE-2024-27032
@@ -0,0 +1,17 @@
+Description: f2fs: fix to avoid potential panic during recovery
+References:
+Notes:
+ carnil> Introduced in 956fa1ddc132 ("f2fs: fix to check return value of
+ carnil> f2fs_reserve_new_block()"). Vulnerable versions: 4.19.307 5.4.269 5.10.210
+ carnil> 5.15.149 6.1.77 6.6.16 6.7.4 6.8-rc1.
+Bugs:
+upstream: released (6.9-rc1) [21ec68234826b1b54ab980a8df6e33c74cfbee58]
+6.8-upstream-stable: released (6.8.2) [f26091a981318b5b7451d61f99bc073a6af8db67]
+6.6-upstream-stable: released (6.6.23) [8844b2f8a3f0c428b74672f9726f9950b1a7764c]
+6.1-upstream-stable: released (6.1.83) [fe4de493572a4263554903bf9c3afc5c196e15f0]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27033 b/active/CVE-2024-27033
new file mode 100644
index 00000000..d8af9f85
--- /dev/null
+++ b/active/CVE-2024-27033
@@ -0,0 +1,16 @@
+Description: f2fs: fix to remove unnecessary f2fs_bug_on() to avoid panic
+References:
+Notes:
+ carnil> Introduced in 18792e64c86d ("f2fs: support fault injection for
+ carnil> f2fs_is_valid_blkaddr()"). Vulnerable versions: 6.2-rc1.
+Bugs:
+upstream: released (6.9-rc1) [b896e302f79678451a94769ddd9e52e954c64fbb]
+6.8-upstream-stable: released (6.8.2) [abe98a05e7162f64759bf9111108ebcb11322dec]
+6.6-upstream-stable: released (6.6.23) [0386408036bfc8b50296d9e544ff91c4d52af2db]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27034 b/active/CVE-2024-27034
new file mode 100644
index 00000000..8018d776
--- /dev/null
+++ b/active/CVE-2024-27034
@@ -0,0 +1,16 @@
+Description: f2fs: compress: fix to cover normal cluster write with cp_rwsem
+References:
+Notes:
+ carnil> Introduced in 4c8ff7095bef ("f2fs: support data compression"). Vulnerable
+ carnil> versions: 5.6-rc1.
+Bugs:
+upstream: released (6.9-rc1) [fd244524c2cf07b5f4c3fe8abd6a99225c76544b]
+6.8-upstream-stable: released (6.8.2) [52982edfcefd475cc34af663d5c47c0cddaa5739]
+6.6-upstream-stable: released (6.6.23) [75abfd61392b1db391bde6d738a30d685b843286]
+6.1-upstream-stable: released (6.1.83) [542c8b3c774a480bfd0804291a12f6f2391b0cd1]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27035 b/active/CVE-2024-27035
new file mode 100644
index 00000000..35376519
--- /dev/null
+++ b/active/CVE-2024-27035
@@ -0,0 +1,16 @@
+Description: f2fs: compress: fix to guarantee persisting compressed blocks by CP
+References:
+Notes:
+ carnil> Introduced in 4c8ff7095bef ("f2fs: support data compression"). Vulnerable
+ carnil> versions: 5.6-rc1.
+Bugs:
+upstream: released (6.9-rc1) [8a430dd49e9cb021372b0ad91e60aeef9c6ced00]
+6.8-upstream-stable: released (6.8.2) [57e8b17d0522c8f4daf0c4d9969b4d7358033532]
+6.6-upstream-stable: released (6.6.23) [82704e598d7b33c7e45526e34d3c585426319bed]
+6.1-upstream-stable: released (6.1.83) [e54cce8137258a550b49cae45d09e024821fb28d]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27036 b/active/CVE-2024-27036
new file mode 100644
index 00000000..caa4e371
--- /dev/null
+++ b/active/CVE-2024-27036
@@ -0,0 +1,16 @@
+Description: cifs: Fix writeback data corruption
+References:
+Notes:
+ carnil> Introduced in d08089f649a0 ("cifs: Change the I/O paths to use an iterator
+ carnil> rather than a page list"). Vulnerable versions: 6.3-rc1.
+Bugs:
+upstream: released (6.9-rc1) [f3dc1bdb6b0b0693562c7c54a6c28bafa608ba3c]
+6.8-upstream-stable: released (6.8.2) [844b4e132f57f1333dc79feaa035075a096762e4]
+6.6-upstream-stable: released (6.6.23) [e45deec35bf7f1f4f992a707b2d04a8c162f2240]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27037 b/active/CVE-2024-27037
new file mode 100644
index 00000000..ef4b0847
--- /dev/null
+++ b/active/CVE-2024-27037
@@ -0,0 +1,16 @@
+Description: clk: zynq: Prevent null pointer dereference caused by kmalloc failure
+References:
+Notes:
+ carnil> Introduced in 0ee52b157b8e ("clk: zynq: Add clock controller driver").
+ carnil> Vulnerable versions: 3.11-rc1.
+Bugs:
+upstream: released (6.9-rc1) [7938e9ce39d6779d2f85d822cc930f73420e54a6]
+6.8-upstream-stable: released (6.8.2) [58a946ab43501f2eba058d24d96af0ad1122475b]
+6.6-upstream-stable: released (6.6.23) [0801c893fd48cdba66a3c8f44c3fe43cc67d3b85]
+6.1-upstream-stable: released (6.1.83) [8c4889a9ea861d7be37463c10846eb75e1b49c9d]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27038 b/active/CVE-2024-27038
new file mode 100644
index 00000000..1c13db61
--- /dev/null
+++ b/active/CVE-2024-27038
@@ -0,0 +1,16 @@
+Description: clk: Fix clk_core_get NULL dereference
+References:
+Notes:
+ carnil> Introduced in dde4eff47c82 ("clk: Look for parents with clkdev based
+ carnil> clk_lookups"). Vulnerable versions: 5.2-rc1.
+Bugs:
+upstream: released (6.9-rc1) [e97fe4901e0f59a0bfd524578fe3768f8ca42428]
+6.8-upstream-stable: released (6.8.2) [6f073b24a9e2becd25ac4505a9780a87e621bb51]
+6.6-upstream-stable: released (6.6.23) [a5d9b1aa61b401867b9066d54086b3e4ee91f8ed]
+6.1-upstream-stable: released (6.1.83) [a8b2b26fdd011ebe36d68a9a321ca45801685959]
+5.10-upstream-stable: released (5.10.214) [239174535dba11f7b83de0eaaa27909024f8c185]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27039 b/active/CVE-2024-27039
new file mode 100644
index 00000000..47053f0e
--- /dev/null
+++ b/active/CVE-2024-27039
@@ -0,0 +1,16 @@
+Description: clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()
+References:
+Notes:
+ carnil> Introduced in 6c81966107dc ("clk: hisilicon: Add clock driver for hi3559A
+ carnil> SoC"). Vulnerable versions: 5.14-rc1.
+Bugs:
+upstream: released (6.9-rc1) [64c6a38136b74a2f18c42199830975edd9fbc379]
+6.8-upstream-stable: released (6.8.2) [d575765b1b62e8bdb00af11caa1aabeb01763d9f]
+6.6-upstream-stable: released (6.6.23) [95d1f1228c1bb54803ae57525b76db60e99b37e4]
+6.1-upstream-stable: released (6.1.83) [e0b0d1c46a2ce1e46b79d004a7270fdef872e097]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27040 b/active/CVE-2024-27040
new file mode 100644
index 00000000..df6f4b43
--- /dev/null
+++ b/active/CVE-2024-27040
@@ -0,0 +1,16 @@
+Description: drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()'
+References:
+Notes:
+ carnil> Introduced in c7ddc0a800bc ("drm/amd/display: Add Functions to enable Freesync
+ carnil> Panel Replay"). Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.9-rc1) [f6aed043ee5d75b3d1bfc452b1a9584b63c8f76b]
+6.8-upstream-stable: released (6.8.2) [d0e94f4807ff0df66cf447d6b4bbb8ac830e99c3]
+6.6-upstream-stable: released (6.6.23) [f610c46771ef1047e46d61807aa7c69cd29e63d8]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27041 b/active/CVE-2024-27041
new file mode 100644
index 00000000..5bcb5d58
--- /dev/null
+++ b/active/CVE-2024-27041
@@ -0,0 +1,16 @@
+Description: drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini()
+References:
+Notes:
+ carnil> Introduced in 81927e2808be ("drm/amd/display: Support for DMUB AUX").
+ carnil> Vulnerable versions: 5.14-rc1.
+Bugs:
+upstream: released (6.9-rc1) [2a3cfb9a24a28da9cc13d2c525a76548865e182c]
+6.8-upstream-stable: released (6.8.2) [1c62697e4086de988b31124fb8c79c244ea05f2b]
+6.6-upstream-stable: released (6.6.23) [e040f1fbe9abae91b12b074cfc3bbb5367b79811]
+6.1-upstream-stable: needed
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27042 b/active/CVE-2024-27042
new file mode 100644
index 00000000..ce0a3726
--- /dev/null
+++ b/active/CVE-2024-27042
@@ -0,0 +1,16 @@
+Description: drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()'
+References:
+Notes:
+ carnil> Introduced in a0ccc717c4ab ("drm/amdgpu/discovery: validate VCN and SDMA
+ carnil> instances"). Vulnerable versions: 5.19-rc1.
+Bugs:
+upstream: released (6.9-rc1) [cdb637d339572398821204a1142d8d615668f1e9]
+6.8-upstream-stable: released (6.8.2) [8db10cee51e3e11a6658742465edc21986cf1e8d]
+6.6-upstream-stable: released (6.6.23) [8f3e68c6a3fff53c2240762a47a0045d89371775]
+6.1-upstream-stable: needed
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27043 b/active/CVE-2024-27043
new file mode 100644
index 00000000..53568c89
--- /dev/null
+++ b/active/CVE-2024-27043
@@ -0,0 +1,16 @@
+Description: media: edia: dvbdev: fix a use-after-free
+References:
+Notes:
+ carnil> Introduced in b61901024776 ("V4L/DVB (5244): Dvbdev: fix illegal re-usage of
+ carnil> fileoperations struct"). Vulnerable versions: 2.6.20.2.
+Bugs:
+upstream: released (6.9-rc1) [8c64f4cdf4e6cc5682c52523713af8c39c94e6d5]
+6.8-upstream-stable: released (6.8.2) [b7586e902128e4fb7bfbb661cb52e4215a65637b]
+6.6-upstream-stable: released (6.6.23) [779e8db7efb22316c8581d6c229636d2f5694a62]
+6.1-upstream-stable: released (6.1.83) [437a111f79a2f5b2a5f21e27fdec6f40c8768712]
+5.10-upstream-stable: released (5.10.214) [096237039d00c839f3e3a5fe6d001bf0db45b644]
+4.19-upstream-stable: released (4.19.311) [d0f5c28333822f9baa5280d813124920720fd856]
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27044 b/active/CVE-2024-27044
new file mode 100644
index 00000000..f02c4cd5
--- /dev/null
+++ b/active/CVE-2024-27044
@@ -0,0 +1,16 @@
+Description: drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()'
+References:
+Notes:
+ carnil> Introduced in ddef02de0d71 ("drm/amd/display: add null checks before logging").
+ carnil> Vulnerable versions: 5.4-rc1.
+Bugs:
+upstream: released (6.9-rc1) [9ccfe80d022df7c595f1925afb31de2232900656]
+6.8-upstream-stable: released (6.8.2) [7874ab3105ca4657102fee1cc14b0af70883c484]
+6.6-upstream-stable: released (6.6.23) [2d9fe7787af01188dc470a649bdbb842d6511fd7]
+6.1-upstream-stable: released (6.1.83) [29fde8895b2fcc33f44aea28c644ce2d9b62f9e0]
+5.10-upstream-stable: released (5.10.214) [330caa061af53ea6d287d7c43d0703714e510e08]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27045 b/active/CVE-2024-27045
new file mode 100644
index 00000000..7fd2190e
--- /dev/null
+++ b/active/CVE-2024-27045
@@ -0,0 +1,16 @@
+Description: drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()'
+References:
+Notes:
+ carnil> Introduced in c06e09b76639 ("drm/amd/display: Add DSC parameters logging to
+ carnil> debugfs"). Vulnerable versions: 5.9-rc1.
+Bugs:
+upstream: released (6.9-rc1) [4b09715f1504f1b6e8dff0e9643630610bc05141]
+6.8-upstream-stable: released (6.8.2) [cf114d8d4a8d78df272116a745bb43b48cef65f4]
+6.6-upstream-stable: released (6.6.23) [ad76fd30557d6a106c481e4606a981221ca525f7]
+6.1-upstream-stable: released (6.1.83) [d346b3e5b25c95d504478507eb867cd3818775ab]
+5.10-upstream-stable: released (5.10.214) [ff28893c96c5e0927a4da10cd24a3522ca663515]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27046 b/active/CVE-2024-27046
new file mode 100644
index 00000000..caaf7003
--- /dev/null
+++ b/active/CVE-2024-27046
@@ -0,0 +1,16 @@
+Description: nfp: flower: handle acti_netdevs allocation failure
+References:
+Notes:
+ carnil> Introduced in bb9a8d031140 ("nfp: flower: monitor and offload LAG groups").
+ carnil> Vulnerable versions: 4.18-rc1.
+Bugs:
+upstream: released (6.9-rc1) [84e95149bd341705f0eca6a7fcb955c548805002]
+6.8-upstream-stable: released (6.8.2) [9d8eb1238377cd994829f9162ae396a84ae037b2]
+6.6-upstream-stable: released (6.6.23) [408ba7fd04f959c61b50db79c983484312fea642]
+6.1-upstream-stable: released (6.1.83) [c9b4e220dd18f79507803f38a55d53b483f6c9c3]
+5.10-upstream-stable: released (5.10.214) [928705e341010dd910fdece61ccb974f494a758f]
+4.19-upstream-stable: released (4.19.311) [d746889db75a76aeee95fb705b8e1ac28c684a2e]
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27047 b/active/CVE-2024-27047
new file mode 100644
index 00000000..9f52ffa9
--- /dev/null
+++ b/active/CVE-2024-27047
@@ -0,0 +1,16 @@
+Description: net: phy: fix phy_get_internal_delay accessing an empty array
+References:
+Notes:
+ carnil> Introduced in 92252eec913b ("net: phy: Add a helper to return the index for of
+ carnil> the internal delay"). Vulnerable versions: 5.9-rc1.
+Bugs:
+upstream: released (6.9-rc1) [4469c0c5b14a0919f5965c7ceac96b523eb57b79]
+6.8-upstream-stable: released (6.8.2) [0307cf443308ecc6be9b2ca312bb31bae5e5a7ad]
+6.6-upstream-stable: released (6.6.23) [589ec16174dd9378953b8232ae76fad0a96e1563]
+6.1-upstream-stable: released (6.1.83) [2a2ff709511617de9c6c072eeee82bcbbdfecaf8]
+5.10-upstream-stable: released (5.10.214) [06dd21045a7e8bc8701b0ebedcd9a30a6325878b]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27048 b/active/CVE-2024-27048
new file mode 100644
index 00000000..e50f6d98
--- /dev/null
+++ b/active/CVE-2024-27048
@@ -0,0 +1,16 @@
+Description: wifi: brcm80211: handle pmk_op allocation failure
+References:
+Notes:
+ carnil> Introduced in a96202acaea4 ("wifi: brcmfmac: cfg80211: Add support for PMKID_V3
+ carnil> operations"). Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.9-rc1) [b4152222e04cb8afeeca239c90e3fcaf4c553b42]
+6.8-upstream-stable: released (6.8.2) [6138a82f3bccfc67ed7ac059493579fc326c02e5]
+6.6-upstream-stable: released (6.6.23) [df62e22c2e27420e8990a4f09e30d7bf56c2036f]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27049 b/active/CVE-2024-27049
new file mode 100644
index 00000000..34edc9f8
--- /dev/null
+++ b/active/CVE-2024-27049
@@ -0,0 +1,16 @@
+Description: wifi: mt76: mt7925e: fix use-after-free in free_irq()
+References:
+Notes:
+ carnil> Introduced in c948b5da6bbe ("wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for
+ carnil> mt7925 chips"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.9-rc1) [a5a5f4413d91f395cb2d89829d376d7393ad48b9]
+6.8-upstream-stable: released (6.8.2) [6d9930096e1f13cf6d9aabfbf95d0e05fb04144f]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27050 b/active/CVE-2024-27050
new file mode 100644
index 00000000..42ccec02
--- /dev/null
+++ b/active/CVE-2024-27050
@@ -0,0 +1,16 @@
+Description: libbpf: Use OPTS_SET() macro in bpf_xdp_query()
+References:
+Notes:
+ carnil> Introduced in 13ce2daa259a ("xsk: add new netlink attribute dedicated for ZC
+ carnil> max frags"). Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.9-rc1) [92a871ab9fa59a74d013bc04f321026a057618e7]
+6.8-upstream-stable: released (6.8.2) [cd3be9843247edb8fc6fcd8d8237cbce2bc19f5e]
+6.6-upstream-stable: released (6.6.23) [fa5bef5e80c6a3321b2b1a7070436f3bc5daf07c]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27051 b/active/CVE-2024-27051
new file mode 100644
index 00000000..133ff54e
--- /dev/null
+++ b/active/CVE-2024-27051
@@ -0,0 +1,16 @@
+Description: cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
+References:
+Notes:
+ carnil> Introduced in de322e085995 ("cpufreq: brcmstb-avs-cpufreq: AVS CPUfreq driver
+ carnil> for Broadcom STB SoCs"). Vulnerable versions: 4.10-rc1.
+Bugs:
+upstream: released (6.9-rc1) [f661017e6d326ee187db24194cabb013d81bc2a6]
+6.8-upstream-stable: released (6.8.2) [e6e3e51ffba0784782b1a076d7441605697ea3c6]
+6.6-upstream-stable: released (6.6.23) [b25b64a241d769e932a022e5c780cf135ef56035]
+6.1-upstream-stable: released (6.1.83) [e72160cb6e23b78b41999d6885a34ce8db536095]
+5.10-upstream-stable: released (5.10.214) [9127599c075caff234359950117018a010dd01db]
+4.19-upstream-stable: needed
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27052 b/active/CVE-2024-27052
new file mode 100644
index 00000000..8ccce55b
--- /dev/null
+++ b/active/CVE-2024-27052
@@ -0,0 +1,16 @@
+Description: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
+References:
+Notes:
+ carnil> Introduced in e542e66b7c2e ("rtl8xxxu: add bluetooth co-existence support for
+ carnil> single antenna"). Vulnerable versions: 5.5-rc1.
+Bugs:
+upstream: released (6.9-rc1) [1213acb478a7181cd73eeaf00db430f1e45b1361]
+6.8-upstream-stable: released (6.8.2) [58fe3bbddfec10c6b216096d8c0e517cd8463e3a]
+6.6-upstream-stable: released (6.6.23) [156012667b85ca7305cb363790d3ae8519a6f41e]
+6.1-upstream-stable: released (6.1.83) [3518cea837de4d106efa84ddac18a07b6de1384e]
+5.10-upstream-stable: released (5.10.214) [dddedfa3b29a63c2ca4336663806a6128b8545b4]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27053 b/active/CVE-2024-27053
new file mode 100644
index 00000000..d9a97b89
--- /dev/null
+++ b/active/CVE-2024-27053
@@ -0,0 +1,16 @@
+Description: wifi: wilc1000: fix RCU usage in connect path
+References:
+Notes:
+ carnil> Introduced in c460495ee072 ("staging: wilc1000: fix incorrent type in
+ carnil> initializer"). Vulnerable versions: 5.1-rc1.
+Bugs:
+upstream: released (6.9-rc1) [205c50306acf58a335eb19fa84e40140f4fe814f]
+6.8-upstream-stable: released (6.8.2) [dd50d3ead6e3707bb0a5df7cc832730c93ace3a7]
+6.6-upstream-stable: released (6.6.23) [4bfd20d5f5c62b5495d6c0016ee6933bd3add7ce]
+6.1-upstream-stable: released (6.1.83) [745003b5917b610352f52fe0d11ef658d6471ec2]
+5.10-upstream-stable: released (5.10.214) [b4bbf38c350acb6500cbe667b1e2e68f896e4b38]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27054 b/active/CVE-2024-27054
new file mode 100644
index 00000000..31a2367c
--- /dev/null
+++ b/active/CVE-2024-27054
@@ -0,0 +1,16 @@
+Description: s390/dasd: fix double module refcount decrement
+References:
+Notes:
+ carnil> Introduced in c020d722b110 ("s390/dasd: fix panic during offline processing").
+ carnil> Vulnerable versions: 4.9-rc1.
+Bugs:
+upstream: released (6.9-rc1) [c3116e62ddeff79cae342147753ce596f01fcf06]
+6.8-upstream-stable: released (6.8.2) [ebc5a3bd79e54f98c885c26f0862a27a02c487c5]
+6.6-upstream-stable: released (6.6.23) [ec09bcab32fc4765e0cc97e1b72cdd067135f37e]
+6.1-upstream-stable: released (6.1.83) [ad999aa18103fa038787b6a8a55020abcf34df1a]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27055 b/active/CVE-2024-27055
new file mode 100644
index 00000000..2b0d5a5a
--- /dev/null
+++ b/active/CVE-2024-27055
@@ -0,0 +1,17 @@
+Description: workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active()
+References:
+Notes:
+ carnil> Introduced in 5797b1c18919 ("workqueue: Implement system-wide nr_active
+ carnil> enforcement for unbound workqueues"). Vulnerable versions: 6.6.25 6.7.11 6.8.4
+ carnil> 6.9-rc1.
+Bugs:
+upstream: released (6.9-rc1) [15930da42f8981dc42c19038042947b475b19f47]
+6.8-upstream-stable: released (6.8.4) [adc646d2126988a64234502f579e4bc2b080d7cf]
+6.6-upstream-stable: released (6.6.25) [a75ac2693d734d20724f0e10e039ca85f1fcfc4e]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27056 b/active/CVE-2024-27056
new file mode 100644
index 00000000..ebde3ad9
--- /dev/null
+++ b/active/CVE-2024-27056
@@ -0,0 +1,15 @@
+Description: wifi: iwlwifi: mvm: ensure offloading TID queue exists
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc7) [78f65fbf421a61894c14a1b91fe2fb4437b3fe5f]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.12-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27057 b/active/CVE-2024-27057
new file mode 100644
index 00000000..b2b377a5
--- /dev/null
+++ b/active/CVE-2024-27057
@@ -0,0 +1,15 @@
+Description: ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc5) [c40aad7c81e5fba34b70123ed7ce3397fa62a4d2]
+6.8-upstream-stable: N/A "Fixed before branching point"
+6.6-upstream-stable: released (6.6.23) [3cac6eebea9b4bc5f041e157e45c76e212ad6759]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.12-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27058 b/active/CVE-2024-27058
new file mode 100644
index 00000000..d7f30129
--- /dev/null
+++ b/active/CVE-2024-27058
@@ -0,0 +1,16 @@
+Description: tmpfs: fix race on handling dquot rbtree
+References:
+Notes:
+ carnil> Introduced in eafc474e2029 ("shmem: prepare shmem quota infrastructure").
+ carnil> Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.9-rc2) [0a69b6b3a026543bc215ccc866d0aea5579e6ce2]
+6.8-upstream-stable: released (6.8.3) [f82f184874d2761ebaa60dccf577921a0dbb3810]
+6.6-upstream-stable: released (6.6.24) [c7077f43f30d817d10a9f8245e51576ac114b2f0]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27059 b/active/CVE-2024-27059
new file mode 100644
index 00000000..ca14ef44
--- /dev/null
+++ b/active/CVE-2024-27059
@@ -0,0 +1,16 @@
+Description: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
+References:
+Notes:
+ carnil> Introduced in 1da177e4c3f4 ("Linux-2.6.12-rc2"). Vulnerable versions:
+ carnil> 2.6.12-rc2^0.
+Bugs:
+upstream: released (6.8) [014bcf41d946b36a8f0b8e9b5d9529efbb822f49]
+6.8-upstream-stable: released (6.8) [014bcf41d946b36a8f0b8e9b5d9529efbb822f49]
+6.6-upstream-stable: released (6.6.24) [871fd7b10b56d280990b7e754f43d888382ca325]
+6.1-upstream-stable: released (6.1.84) [f42ba916689f5c7b1642092266d2f53cf527aaaa]
+5.10-upstream-stable: released (5.10.215) [284fb1003d5da111019b9e0bf99b084fd71ac133]
+4.19-upstream-stable: released (4.19.312) [9968c701cba7eda42e5f0052b040349d6222ae34]
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27060 b/active/CVE-2024-27060
new file mode 100644
index 00000000..cc9e53c6
--- /dev/null
+++ b/active/CVE-2024-27060
@@ -0,0 +1,16 @@
+Description: thunderbolt: Fix NULL pointer dereference in tb_port_update_credits()
+References:
+Notes:
+ carnil> Introduced in 81af2952e606 ("thunderbolt: Add support for asymmetric link").
+ carnil> Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8) [d3d17e23d1a0d1f959b4fa55b35f1802d9c584fa]
+6.8-upstream-stable: released (6.8) [d3d17e23d1a0d1f959b4fa55b35f1802d9c584fa]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27061 b/active/CVE-2024-27061
new file mode 100644
index 00000000..cf18512f
--- /dev/null
+++ b/active/CVE-2024-27061
@@ -0,0 +1,16 @@
+Description: crypto: sun8i-ce - Fix use after free in unprepare
+References:
+Notes:
+ carnil> Introduced in 4136212ab18e ("crypto: sun8i-ce - Remove prepare/unprepare
+ carnil> request"). Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.8) [183420038444547c149a0fc5f58e792c2752860c]
+6.8-upstream-stable: released (6.8) [183420038444547c149a0fc5f58e792c2752860c]
+6.6-upstream-stable: released (6.6.24) [dc60b25540c82fc4baa95d1458ae96ead21859e0]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27062 b/active/CVE-2024-27062
new file mode 100644
index 00000000..352184c5
--- /dev/null
+++ b/active/CVE-2024-27062
@@ -0,0 +1,15 @@
+Description: nouveau: lock the client object tree.
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8) [b7cc4ff787a572edf2c55caeffaa88cd801eb135]
+6.8-upstream-stable: released (6.8) [b7cc4ff787a572edf2c55caeffaa88cd801eb135]
+6.6-upstream-stable: released (6.6.24) [6887314f5356389fc219b8152e951ac084a10ef7]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.12-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27063 b/active/CVE-2024-27063
new file mode 100644
index 00000000..2b8afb63
--- /dev/null
+++ b/active/CVE-2024-27063
@@ -0,0 +1,16 @@
+Description: leds: trigger: netdev: Fix kernel panic on interface rename trig notify
+References:
+Notes:
+ carnil> Introduced in d5e01266e7f5 ("leds: trigger: netdev: add additional specific
+ carnil> link speed mode"). Vulnerable versions: 6.5-rc1.
+Bugs:
+upstream: released (6.9-rc1) [415798bc07dd1c1ae3a656aa026580816e0b9fe8]
+6.8-upstream-stable: released (6.8.3) [3f360227cb46edb2cd2494128e1e06ed5768a62e]
+6.6-upstream-stable: released (6.6.24) [10f2af1af8ab8a7064f193446abd5579d3def7e3]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27064 b/active/CVE-2024-27064
new file mode 100644
index 00000000..c9c7b2d7
--- /dev/null
+++ b/active/CVE-2024-27064
@@ -0,0 +1,16 @@
+Description: netfilter: nf_tables: Fix a memory leak in nf_tables_updchain
+References:
+Notes:
+ carnil> Introduced in b9703ed44ffb ("netfilter: nf_tables: support for adding new
+ carnil> devices to an existing netdev chain"). Vulnerable versions: 6.3.3 6.4-rc1.
+Bugs:
+upstream: released (6.9-rc1) [7eaf837a4eb5f74561e2486972e7f5184b613f6e]
+6.8-upstream-stable: released (6.8.2) [e77a6b53a3a547b6dedfc40c37cee4f310701090]
+6.6-upstream-stable: released (6.6.23) [79846fdcc548d617b0b321addc6a3821d3b75b20]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27065 b/active/CVE-2024-27065
new file mode 100644
index 00000000..9bef68d3
--- /dev/null
+++ b/active/CVE-2024-27065
@@ -0,0 +1,16 @@
+Description: netfilter: nf_tables: do not compare internal table flags on updates
+References:
+Notes:
+ carnil> Introduced in 179d9ba5559a ("netfilter: nf_tables: fix table flag updates").
+ carnil> Vulnerable versions: 5.4.262 5.10.202 5.13-rc5.
+Bugs:
+upstream: released (6.9-rc1) [4a0e7f2decbf9bd72461226f1f5f7dcc4b08f139]
+6.8-upstream-stable: released (6.8.2) [df257c435e51651c43b86326d112ddadda76350e]
+6.6-upstream-stable: released (6.6.23) [4d37f12707ee965d338028732575f0b85f6d9e4f]
+6.1-upstream-stable: released (6.1.83) [9683cb6c2c6c0f45537bf0b8868b5d38fcb63fc7]
+5.10-upstream-stable: released (5.10.214) [fcf32a5bfcb8a57ac0ce717fcfa4d688c91f1005]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27066 b/active/CVE-2024-27066
new file mode 100644
index 00000000..23a9f5f0
--- /dev/null
+++ b/active/CVE-2024-27066
@@ -0,0 +1,16 @@
+Description: virtio: packed: fix unmap leak for indirect desc table
+References:
+Notes:
+ carnil> Introduced in b319940f83c2 ("virtio_ring: skip unmap for premapped").
+ carnil> Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.9-rc1) [d5c0ed17fea60cca9bc3bf1278b49ba79242bbcd]
+6.8-upstream-stable: released (6.8.2) [51bacd9d29bf98c3ebc65e4a0477bb86306b4140]
+6.6-upstream-stable: released (6.6.23) [e142169aca5546ae6619c39a575cda8105362100]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27067 b/active/CVE-2024-27067
new file mode 100644
index 00000000..e9112c2b
--- /dev/null
+++ b/active/CVE-2024-27067
@@ -0,0 +1,16 @@
+Description: xen/evtchn: avoid WARN() when unbinding an event channel
+References:
+Notes:
+ carnil> Introduced in 9e90e58c11b7 ("xen: evtchn: Allow shared registration of IRQ
+ carnil> handers"). Vulnerable versions: 6.6.19 6.7-rc1.
+Bugs:
+upstream: released (6.9-rc1) [51c23bd691c0f1fb95b29731c356c6fd69925d17]
+6.8-upstream-stable: released (6.8.2) [9e2d4b58c1da48a32905802aaeadba7084b46895]
+6.6-upstream-stable: released (6.6.23) [99e425032c6ec13584d3cd33846e0c7307501b47]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27068 b/active/CVE-2024-27068
new file mode 100644
index 00000000..90c0f06e
--- /dev/null
+++ b/active/CVE-2024-27068
@@ -0,0 +1,16 @@
+Description: thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path
+References:
+Notes:
+ carnil> Introduced in f5f633b18234 ("thermal/drivers/mediatek: Add the Low Voltage
+ carnil> Thermal Sensor driver"). Vulnerable versions: 6.3-rc1.
+Bugs:
+upstream: released (6.9-rc1) [ca93bf607a44c1f009283dac4af7df0d9ae5e357]
+6.8-upstream-stable: released (6.8.2) [9b02197596671800dd934609384b1aca7c6ad218]
+6.6-upstream-stable: released (6.6.23) [2db869da91afd48e5b9ec76814709be49662b07d]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27069 b/active/CVE-2024-27069
new file mode 100644
index 00000000..aafce61c
--- /dev/null
+++ b/active/CVE-2024-27069
@@ -0,0 +1,16 @@
+Description: ovl: relax WARN_ON in ovl_verify_area()
+References:
+Notes:
+ carnil> Introduced in ca7ab482401c ("ovl: add permission hooks outside of
+ carnil> do_splice_direct()"). Vulnerable versions: 6.8-rc1.
+Bugs:
+upstream: released (6.9-rc1) [77a28aa476873048024ad56daf8f4f17d58ee48e]
+6.8-upstream-stable: released (6.8.2) [c3c85aefc0da1e5074a06c682542a54ccc99bdca]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27070 b/active/CVE-2024-27070
new file mode 100644
index 00000000..3e40da4a
--- /dev/null
+++ b/active/CVE-2024-27070
@@ -0,0 +1,16 @@
+Description: f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault
+References:
+Notes:
+ carnil> Introduced in 87f3afd366f7 ("f2fs: add tracepoint for f2fs_vm_page_mkwrite()").
+ carnil> Vulnerable versions: 6.8-rc1.
+Bugs:
+upstream: released (6.9-rc1) [eb70d5a6c932d9d23f4bb3e7b83782c21ac4b064]
+6.8-upstream-stable: released (6.8.2) [8186e16a766d709a08f188d2f4e84098f364bea1]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27071 b/active/CVE-2024-27071
new file mode 100644
index 00000000..9ba2d477
--- /dev/null
+++ b/active/CVE-2024-27071
@@ -0,0 +1,16 @@
+Description: backlight: hx8357: Fix potential NULL pointer dereference
+References:
+Notes:
+ carnil> Introduced in 7d84a63a39b7 ("backlight: hx8357: Convert to agnostic GPIO API").
+ carnil> Vulnerable versions: 6.8-rc1.
+Bugs:
+upstream: released (6.9-rc1) [b1ba8bcb2d1ffce11b308ce166c9cc28d989e3b9]
+6.8-upstream-stable: released (6.8.2) [67e578c8ff2d7df03bf8ca9a7f5436b1796f6ad1]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27072 b/active/CVE-2024-27072
new file mode 100644
index 00000000..efe34542
--- /dev/null
+++ b/active/CVE-2024-27072
@@ -0,0 +1,18 @@
+Description: media: usbtv: Remove useless locks in usbtv_video_free()
+References:
+Notes:
+ carnil> Introduced in c838530d230b ("media: media videobuf2: Be more flexible on the
+ carnil> number of queue stored buffers")
+ carnil> f3d27f34fdd7 ("[media] usbtv: Add driver for Fushicai USBTV007 video frame
+ carnil> grabber"). Vulnerable versions: 3.11-rc1.
+Bugs:
+upstream: released (6.9-rc1) [65e6a2773d655172143cc0b927cdc89549842895]
+6.8-upstream-stable: released (6.8.2) [3e7d82ebb86e94643bdb30b0b5b077ed27dce1c2]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27073 b/active/CVE-2024-27073
new file mode 100644
index 00000000..dbc5974f
--- /dev/null
+++ b/active/CVE-2024-27073
@@ -0,0 +1,16 @@
+Description: media: ttpci: fix two memleaks in budget_av_attach
+References:
+Notes:
+ carnil> Introduced in 1da177e4c3f4 ("Linux-2.6.12-rc2"). Vulnerable versions:
+ carnil> 2.6.12-rc2^0.
+Bugs:
+upstream: released (6.9-rc1) [d0b07f712bf61e1a3cf23c87c663791c42e50837]
+6.8-upstream-stable: released (6.8.2) [656b8cc123d7635dd399d9f02594f27aa797ac3c]
+6.6-upstream-stable: released (6.6.23) [7393c681f9aa05ffe2385e8716989565eed2fe06]
+6.1-upstream-stable: released (6.1.83) [55ca0c7eae8499bb96f4e5d9b26af95e89c4e6a0]
+5.10-upstream-stable: released (5.10.214) [910363473e4bf97da3c350e08d915546dd6cc30b]
+4.19-upstream-stable: needed
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27074 b/active/CVE-2024-27074
new file mode 100644
index 00000000..8d105938
--- /dev/null
+++ b/active/CVE-2024-27074
@@ -0,0 +1,16 @@
+Description: media: go7007: fix a memleak in go7007_load_encoder
+References:
+Notes:
+ carnil> Introduced in 95ef39403f89 ("[media] go7007: remember boot firmware").
+ carnil> Vulnerable versions: 3.10-rc1.
+Bugs:
+upstream: released (6.9-rc1) [b9b683844b01d171a72b9c0419a2d760d946ee12]
+6.8-upstream-stable: released (6.8.2) [7405a0d4442792988e9ae834e7d84f9d163731a4]
+6.6-upstream-stable: released (6.6.23) [f31c1cc37411f5f7bcb266133f9a7e1b4bdf2975]
+6.1-upstream-stable: released (6.1.83) [e04d15c8bb3e111dd69f98894acd92d63e87aac3]
+5.10-upstream-stable: released (5.10.214) [b49fe84c6cefcc1c2336d793b53442e716c95073]
+4.19-upstream-stable: released (4.19.311) [7f11dd3d165b178e738fe73dfeea513e383bedb5]
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27075 b/active/CVE-2024-27075
new file mode 100644
index 00000000..3b4923f7
--- /dev/null
+++ b/active/CVE-2024-27075
@@ -0,0 +1,16 @@
+Description: media: dvb-frontends: avoid stack overflow warnings with clang
+References:
+Notes:
+ carnil> Introduced in 3cd890dbe2a4 ("media: dvb-frontends: fix i2c access helpers for
+ carnil> KASAN"). Vulnerable versions: 4.4.168 4.9.82 4.14.20 4.15.4 4.16-rc1.
+Bugs:
+upstream: released (6.9-rc1) [7a4cf27d1f0538f779bf31b8c99eda394e277119]
+6.8-upstream-stable: released (6.8.2) [ed514ecf4f29c80a2f09ae3c877059b401efe893]
+6.6-upstream-stable: released (6.6.23) [8fad9c5bb00d3a9508d18bbfe832e33a47377730]
+6.1-upstream-stable: released (6.1.83) [107052a8cfeff3a97326277192b4f052e4860a8a]
+5.10-upstream-stable: released (5.10.214) [fb07104a02e87c06c39914d13ed67fd8f839ca82]
+4.19-upstream-stable: released (4.19.311) [c073c8cede5abd3836e83d70d72606d11d0759d4]
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27076 b/active/CVE-2024-27076
new file mode 100644
index 00000000..6adcf2af
--- /dev/null
+++ b/active/CVE-2024-27076
@@ -0,0 +1,16 @@
+Description: media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
+References:
+Notes:
+ carnil> Introduced in a8ef0488cc59 ("media: imx: add csc/scaler mem2mem device").
+ carnil> Vulnerable versions: 5.4-rc1.
+Bugs:
+upstream: released (6.9-rc1) [4797a3dd46f220e6d83daf54d70c5b33db6deb01]
+6.8-upstream-stable: released (6.8.2) [6c92224721a439d6350db5933a1060768dcd565e]
+6.6-upstream-stable: released (6.6.23) [d164ddc21e986dd9ad614b4b01746e5457aeb24f]
+6.1-upstream-stable: released (6.1.83) [8df9a3c7044b847e9c4dc7e683fd64c6b873f328]
+5.10-upstream-stable: released (5.10.214) [5d9fe604bf9b5b09d2215225df55f22a4cbbc684]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27077 b/active/CVE-2024-27077
new file mode 100644
index 00000000..3828e542
--- /dev/null
+++ b/active/CVE-2024-27077
@@ -0,0 +1,16 @@
+Description: media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
+References:
+Notes:
+ carnil> Introduced in be2fff656322 ("media: add helpers for memory-to-memory media
+ carnil> controller"). Vulnerable versions: 4.19-rc1.
+Bugs:
+upstream: released (6.9-rc1) [8f94b49a5b5d386c038e355bef6347298aabd211]
+6.8-upstream-stable: released (6.8.2) [9c23ef30e840fedc66948299509f6c2777c9cf4f]
+6.6-upstream-stable: released (6.6.23) [90029b9c979b60de5cb2b70ade4bbf61d561bc5d]
+6.1-upstream-stable: released (6.1.83) [0c9550b032de48d6a7fa6a4ddc09699d64d9300d]
+5.10-upstream-stable: released (5.10.214) [afd2a82fe300032f63f8be5d6cd6981e75f8bbf2]
+4.19-upstream-stable: released (4.19.311) [3dd8abb0ed0e0a7c66d6d677c86ccb188cc39333]
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27078 b/active/CVE-2024-27078
new file mode 100644
index 00000000..055b0be5
--- /dev/null
+++ b/active/CVE-2024-27078
@@ -0,0 +1,16 @@
+Description: media: v4l2-tpg: fix some memleaks in tpg_alloc
+References:
+Notes:
+ carnil> Introduced in 63881df94d3e ("[media] vivid: add the Test Pattern Generator").
+ carnil> Vulnerable versions: 3.18-rc1.
+Bugs:
+upstream: released (6.9-rc1) [8cf9c5051076e0eb958f4361d50d8b0c3ee6691c]
+6.8-upstream-stable: released (6.8.2) [622b1cf38521569869c8f7b9fbe9e4f1a289add7]
+6.6-upstream-stable: released (6.6.23) [4c86c772fef06f5d7a66151bac42366825db0941]
+6.1-upstream-stable: released (6.1.83) [6bf5c2fade8ed53b2d26fa9875e5b04f36c7145d]
+5.10-upstream-stable: released (5.10.214) [94303a06e1852a366e9671fff46d19459f88cb28]
+4.19-upstream-stable: released (4.19.311) [0de691ff547d86dd54c24b40a81f9c925df8dd77]
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27079 b/active/CVE-2024-27079
new file mode 100644
index 00000000..e514edc1
--- /dev/null
+++ b/active/CVE-2024-27079
@@ -0,0 +1,16 @@
+Description: iommu/vt-d: Fix NULL domain on device release
+References:
+Notes:
+ carnil> Introduced in 586081d3f6b1 ("iommu/vt-d: Remove DEFER_DEVICE_DOMAIN_INFO").
+ carnil> Vulnerable versions: 5.18-rc1.
+Bugs:
+upstream: released (6.9-rc1) [81e921fd321614c2ad8ac333b041aae1da7a1c6d]
+6.8-upstream-stable: released (6.8.2) [333fe86968482ca701c609af590003bcea450e8f]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27080 b/active/CVE-2024-27080
new file mode 100644
index 00000000..b262d485
--- /dev/null
+++ b/active/CVE-2024-27080
@@ -0,0 +1,16 @@
+Description: btrfs: fix race when detecting delalloc ranges during fiemap
+References:
+Notes:
+ carnil> Introduced in b0ad381fa769 ("btrfs: fix deadlock with fiemap and extent
+ carnil> locking"). Vulnerable versions: 6.6.24 6.7.12 6.8-rc6.
+Bugs:
+upstream: released (6.9-rc1) [978b63f7464abcfd364a6c95f734282c50f3decf]
+6.8-upstream-stable: released (6.8.2) [ced63fffd63072c0ca55d5a451010d71bf08c0b3]
+6.6-upstream-stable: released (6.6.26) [49d640d2946c35a17b051d54171a032dd95b0f50]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27388 b/active/CVE-2024-27388
new file mode 100644
index 00000000..962cb73e
--- /dev/null
+++ b/active/CVE-2024-27388
@@ -0,0 +1,16 @@
+Description: SUNRPC: fix some memleaks in gssx_dec_option_array
+References:
+Notes:
+ carnil> Introduced in 1d658336b05f ("SUNRPC: Add RPC based upcall mechanism for RPCGSS
+ carnil> auth"). Vulnerable versions: 3.10-rc1.
+Bugs:
+upstream: released (6.9-rc1) [3cfcfc102a5e57b021b786a755a38935e357797d]
+6.8-upstream-stable: released (6.8.2) [996997d1fb2126feda550d6adcedcbd94911fc69]
+6.6-upstream-stable: released (6.6.23) [5e6013ae2c8d420faea553d363935f65badd32c3]
+6.1-upstream-stable: released (6.1.83) [934212a623cbab851848b6de377eb476718c3e4c]
+5.10-upstream-stable: released (5.10.214) [bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8]
+4.19-upstream-stable: released (4.19.311) [b97c37978ca825557d331c9012e0c1ddc0e42364]
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-27389 b/active/CVE-2024-27389
new file mode 100644
index 00000000..88344fd1
--- /dev/null
+++ b/active/CVE-2024-27389
@@ -0,0 +1,16 @@
+Description: pstore: inode: Only d_invalidate() is needed
+References:
+Notes:
+ carnil> Introduced in 609e28bb139e ("pstore: Remove filesystem records when backend is
+ carnil> unregistered"). Vulnerable versions: 5.8-rc1.
+Bugs:
+upstream: released (6.9-rc1) [a43e0fc5e9134a46515de2f2f8d4100b74e50de3]
+6.8-upstream-stable: released (6.8.2) [340682ed1932b8e3bd0bfc6c31a0c6354eb57cc6]
+6.6-upstream-stable: released (6.6.23) [4cdf9006fc095af71da80e9b5f48a32e991b9ed3]
+6.1-upstream-stable: released (6.1.83) [db6e5e16f1ee9e3b01d2f71c7f0ba945f4bf0f4e]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27390 b/active/CVE-2024-27390
new file mode 100644
index 00000000..d7515f2f
--- /dev/null
+++ b/active/CVE-2024-27390
@@ -0,0 +1,16 @@
+Description: ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()
+References:
+Notes:
+ carnil> Introduced in f185de28d9ae ("mld: add new workqueues for process mld events").
+ carnil> Vulnerable versions: 5.13-rc1.
+Bugs:
+upstream: released (6.9-rc1) [17ef8efc00b34918b966388b2af0993811895a8c]
+6.8-upstream-stable: released (6.8.2) [5da9a218340a2bc804dc4327e5804392e24a0b88]
+6.6-upstream-stable: released (6.6.23) [26d4bac55750d535f1f0b8790dc26daf6089e373]
+6.1-upstream-stable: released (6.1.83) [a03ede2282ebbd181bd6f5c38cbfcb5765afcd04]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27391 b/active/CVE-2024-27391
new file mode 100644
index 00000000..020ab76d
--- /dev/null
+++ b/active/CVE-2024-27391
@@ -0,0 +1,16 @@
+Description: wifi: wilc1000: do not realloc workqueue everytime an interface is added
+References:
+Notes:
+ carnil> Introduced in 09ed8bfc5215 ("wilc1000: Rename workqueue from "WILC_wq" to
+ carnil> "NETDEV-wq""). Vulnerable versions: 5.17-rc1.
+Bugs:
+upstream: released (6.9-rc1) [328efda22af81130c2ad981c110518cb29ff2f1d]
+6.8-upstream-stable: released (6.8.2) [9ab0c303ccabfd6bdce14432792d41090070008c]
+6.6-upstream-stable: released (6.6.23) [4041c60a9d543b3ad50225385b072ba68e96166e]
+6.1-upstream-stable: released (6.1.83) [515cc676dfbce40d93c92b1ff3c1070e917f4e52]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.12-1)
+6.1-bookworm-security: released (6.1.85-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-27392 b/active/CVE-2024-27392
new file mode 100644
index 00000000..71207821
--- /dev/null
+++ b/active/CVE-2024-27392
@@ -0,0 +1,16 @@
+Description: nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()
+References:
+Notes:
+ carnil> Introduced in a1a825ab6a60 ("nvme: add csi, ms and nuse to sysfs"). Vulnerable
+ carnil> versions: 6.8-rc1.
+Bugs:
+upstream: released (6.9-rc1) [8d0d2447394b13fb22a069f0330f9c49b7fff9d3]
+6.8-upstream-stable: released (6.8.2) [534f9dc7fe495b3f9cc84363898ac50c5a25fccb]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2024-05-01 20:48:05 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-05-01 20:48:05 +0200
commit	d05469adc091243005292db82d4b4e6556c58199 (patch)
tree	9bfb90da2a4dc8e0c470909cad02a4592addbe59 /active
parent	0763ac5322d01bfc34edc852640cce8a7f68afff (diff)