From 394790af91161b751b9411f7737a4207ba5c0b55 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 2 Apr 2024 10:56:31 +0200
Subject: Add new batch of CVEs assigned from Linux kernel CNA

Manual fixup for the sid version not correctly detecting 6.6.15-1 as the
right now and instead using 6.7.7-1 one.
---
 active/CVE-2023-52630 | 16 ++++++++++++++++
 active/CVE-2023-52631 | 16 ++++++++++++++++
 active/CVE-2023-52632 | 15 +++++++++++++++
 active/CVE-2023-52633 | 15 +++++++++++++++
 active/CVE-2023-52634 | 15 +++++++++++++++
 active/CVE-2023-52635 | 15 +++++++++++++++
 active/CVE-2023-52636 | 16 ++++++++++++++++
 active/CVE-2024-26656 | 15 +++++++++++++++
 active/CVE-2024-26657 | 16 ++++++++++++++++
 active/CVE-2024-26658 | 15 +++++++++++++++
 active/CVE-2024-26659 | 15 +++++++++++++++
 active/CVE-2024-26660 | 16 ++++++++++++++++
 active/CVE-2024-26661 | 16 ++++++++++++++++
 active/CVE-2024-26662 | 16 ++++++++++++++++
 active/CVE-2024-26663 | 16 ++++++++++++++++
 active/CVE-2024-26664 | 16 ++++++++++++++++
 active/CVE-2024-26665 | 16 ++++++++++++++++
 active/CVE-2024-26666 | 16 ++++++++++++++++
 active/CVE-2024-26667 | 16 ++++++++++++++++
 active/CVE-2024-26668 | 16 ++++++++++++++++
 active/CVE-2024-26669 | 16 ++++++++++++++++
 active/CVE-2024-26670 | 16 ++++++++++++++++
 active/CVE-2024-26671 | 15 +++++++++++++++
 active/CVE-2024-26672 | 15 +++++++++++++++
 active/CVE-2024-26673 | 16 ++++++++++++++++
 active/CVE-2024-26674 | 16 ++++++++++++++++
 active/CVE-2024-26675 | 16 ++++++++++++++++
 active/CVE-2024-26676 | 16 ++++++++++++++++
 active/CVE-2024-26677 | 16 ++++++++++++++++
 active/CVE-2024-26678 | 16 ++++++++++++++++
 active/CVE-2024-26679 | 16 ++++++++++++++++
 active/CVE-2024-26680 | 16 ++++++++++++++++
 active/CVE-2024-26681 | 16 ++++++++++++++++
 active/CVE-2024-26682 | 16 ++++++++++++++++
 active/CVE-2024-26683 | 16 ++++++++++++++++
 active/CVE-2024-26684 | 16 ++++++++++++++++
 36 files changed, 567 insertions(+)
 create mode 100644 active/CVE-2023-52630
 create mode 100644 active/CVE-2023-52631
 create mode 100644 active/CVE-2023-52632
 create mode 100644 active/CVE-2023-52633
 create mode 100644 active/CVE-2023-52634
 create mode 100644 active/CVE-2023-52635
 create mode 100644 active/CVE-2023-52636
 create mode 100644 active/CVE-2024-26656
 create mode 100644 active/CVE-2024-26657
 create mode 100644 active/CVE-2024-26658
 create mode 100644 active/CVE-2024-26659
 create mode 100644 active/CVE-2024-26660
 create mode 100644 active/CVE-2024-26661
 create mode 100644 active/CVE-2024-26662
 create mode 100644 active/CVE-2024-26663
 create mode 100644 active/CVE-2024-26664
 create mode 100644 active/CVE-2024-26665
 create mode 100644 active/CVE-2024-26666
 create mode 100644 active/CVE-2024-26667
 create mode 100644 active/CVE-2024-26668
 create mode 100644 active/CVE-2024-26669
 create mode 100644 active/CVE-2024-26670
 create mode 100644 active/CVE-2024-26671
 create mode 100644 active/CVE-2024-26672
 create mode 100644 active/CVE-2024-26673
 create mode 100644 active/CVE-2024-26674
 create mode 100644 active/CVE-2024-26675
 create mode 100644 active/CVE-2024-26676
 create mode 100644 active/CVE-2024-26677
 create mode 100644 active/CVE-2024-26678
 create mode 100644 active/CVE-2024-26679
 create mode 100644 active/CVE-2024-26680
 create mode 100644 active/CVE-2024-26681
 create mode 100644 active/CVE-2024-26682
 create mode 100644 active/CVE-2024-26683
 create mode 100644 active/CVE-2024-26684

(limited to 'active')

diff --git a/active/CVE-2023-52630 b/active/CVE-2023-52630
new file mode 100644
index 00000000..1906f416
--- /dev/null
+++ b/active/CVE-2023-52630
@@ -0,0 +1,16 @@
+Description: blk-iocost: Fix an UBSAN shift-out-of-bounds warning
+References:
+Notes:
+ carnil> Introduced in 5160a5a53c0c ("blk-iocost: implement delay adjustment
+ carnil> hysteresis"). Vulnerable versions: 5.10-rc1.
+Bugs:
+upstream: released (6.8-rc4) [2a427b49d02995ea4a6ff93a1432c40fa4d36821]
+6.7-upstream-stable: released (6.7.5) [cd33b330cb21675189e747953845f5c3689e4912]
+6.6-upstream-stable: released (6.6.17) [27b216130e64651e76ed583742a1b4e4d08a67c3]
+6.1-upstream-stable: released (6.1.78) [e5dc63f01e027721c29f82069f7e97e2149fa131]
+5.10-upstream-stable: released (5.10.210) [9f56f38331171c9a19754004f0664686d67ee48d]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-52631 b/active/CVE-2023-52631
new file mode 100644
index 00000000..d387c826
--- /dev/null
+++ b/active/CVE-2023-52631
@@ -0,0 +1,16 @@
+Description: fs/ntfs3: Fix an NULL dereference bug
+References:
+Notes:
+ carnil> Introduced in be71b5cba2e6 ("fs/ntfs3: Add attrib operations"). Vulnerable
+ carnil> versions: 5.15-rc1.
+Bugs:
+upstream: released (6.8-rc4) [b2dd7b953c25ffd5912dda17e980e7168bebcf6c]
+6.7-upstream-stable: released (6.7.5) [686820fe141ea0220fc6fdfc7e5694f915cf64b2]
+6.6-upstream-stable: released (6.6.17) [fb7bcd1722bc9bc55160378f5f99c01198fd14a7]
+6.1-upstream-stable: released (6.1.78) [ec1bedd797588fe38fc11cba26d77bb1d9b194c6]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-52632 b/active/CVE-2023-52632
new file mode 100644
index 00000000..2e305550
--- /dev/null
+++ b/active/CVE-2023-52632
@@ -0,0 +1,15 @@
+Description: drm/amdkfd: Fix lock dependency warning with srcu
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [2a9de42e8d3c82c6990d226198602be44f43f340]
+6.7-upstream-stable: released (6.7.4) [1556c242e64cdffe58736aa650b0b395854fe4d4]
+6.6-upstream-stable: released (6.6.16) [752312f6a79440086ac0f9b08d7776870037323c]
+6.1-upstream-stable: released (6.1.77) [b602f098f716723fa5c6c96a486e0afba83b7b94]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52633 b/active/CVE-2023-52633
new file mode 100644
index 00000000..a7593f2d
--- /dev/null
+++ b/active/CVE-2023-52633
@@ -0,0 +1,15 @@
+Description: um: time-travel: fix time corruption
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [abe4eaa8618bb36c2b33e9cdde0499296a23448c]
+6.7-upstream-stable: released (6.7.4) [b427f55e9d4185f6f17cc1e3296eb8d0c4425283]
+6.6-upstream-stable: released (6.6.16) [de3e9d8e8d1ae0a4d301109d1ec140796901306c]
+6.1-upstream-stable: released (6.1.77) [4f7dad73df4cdb2b7042103d3922745d040ad025]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52634 b/active/CVE-2023-52634
new file mode 100644
index 00000000..530132d9
--- /dev/null
+++ b/active/CVE-2023-52634
@@ -0,0 +1,15 @@
+Description: drm/amd/display: Fix disable_otg_wa logic
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [2ce156482a6fef349d2eba98e5070c412d3af662]
+6.7-upstream-stable: released (6.7.4) [ce29728ef6485a367934cc100249c66dd3cde5b6]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52635 b/active/CVE-2023-52635
new file mode 100644
index 00000000..9f215bf0
--- /dev/null
+++ b/active/CVE-2023-52635
@@ -0,0 +1,15 @@
+Description: PM / devfreq: Synchronize devfreq_monitor_[start/stop]
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [aed5ed595960c6d301dcd4ed31aeaa7a8054c0c6]
+6.7-upstream-stable: released (6.7.4) [ae815e2fdc284ab31651d52460698bd89c0fce22]
+6.6-upstream-stable: released (6.6.16) [0aedb319ef3ed39e9e5a7b7726c8264ca627bbd9]
+6.1-upstream-stable: released (6.1.77) [31569995fc65007b73a3fff605ec2b3401b435e9]
+5.10-upstream-stable: released (5.10.210) [3399cc7013e761fee9d6eec795e9b31ab0cbe475]
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2023-52636 b/active/CVE-2023-52636
new file mode 100644
index 00000000..d957fbf4
--- /dev/null
+++ b/active/CVE-2023-52636
@@ -0,0 +1,16 @@
+Description: libceph: just wait for more data to be available on the socket
+References:
+Notes:
+ carnil> Introduced in d396f89db39a ("libceph: add sparse read support to msgr1").
+ carnil> Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.8-rc4) [8e46a2d068c92a905d01cbb018b00d66991585ab]
+6.7-upstream-stable: released (6.7.5) [bd9442e553ab8bf74b8be3b3c0a43bf4af4dc9b8]
+6.6-upstream-stable: released (6.6.17) [da9c33a70f095d5d55c36d0bfeba969e31de08ae]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26656 b/active/CVE-2024-26656
new file mode 100644
index 00000000..3e9cc9c2
--- /dev/null
+++ b/active/CVE-2024-26656
@@ -0,0 +1,15 @@
+Description: drm/amdgpu: fix use-after-free bug
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.9-rc1) [22207fd5c80177b860279653d017474b2812af5e]
+6.7-upstream-stable: needed
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26657 b/active/CVE-2024-26657
new file mode 100644
index 00000000..ae7cf220
--- /dev/null
+++ b/active/CVE-2024-26657
@@ -0,0 +1,16 @@
+Description: drm/sched: fix null-ptr-deref in init entity
+References:
+Notes:
+ carnil> Introduced in 56e449603f0a ("drm/sched: Convert the GPU scheduler to variable
+ carnil> number of run-queues"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.9-rc2) [f34e8bb7d6c6626933fe993e03ed59ae85e16abb]
+6.7-upstream-stable: needed
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26658 b/active/CVE-2024-26658
new file mode 100644
index 00000000..b7cb2342
--- /dev/null
+++ b/active/CVE-2024-26658
@@ -0,0 +1,15 @@
+Description: bcachefs: grab s_umount only if snapshotting
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [2acc59dd88d27ad69b66ded80df16c042b04eeec]
+6.7-upstream-stable: released (6.7.5) [5b41d3fd04c6757b9c2a60a0c5b2609cae9999df]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26659 b/active/CVE-2024-26659
new file mode 100644
index 00000000..fc30cbaa
--- /dev/null
+++ b/active/CVE-2024-26659
@@ -0,0 +1,15 @@
+Description: xhci: handle isoc Babble and Buffer Overrun events properly
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc3) [7c4650ded49e5b88929ecbbb631efb8b0838e811]
+6.7-upstream-stable: released (6.7.5) [418456c0ce56209610523f21734c5612ee634134]
+6.6-upstream-stable: released (6.6.17) [f5e7ffa9269a448a720e21f1ed1384d118298c97]
+6.1-upstream-stable: released (6.1.82) [2e3ec80ea7ba58bbb210e83b5a0afefee7c171d3]
+5.10-upstream-stable: released (5.10.213) [696e4112e5c1ee61996198f0ebb6ca3fab55166e]
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26660 b/active/CVE-2024-26660
new file mode 100644
index 00000000..6ee8c10e
--- /dev/null
+++ b/active/CVE-2024-26660
@@ -0,0 +1,16 @@
+Description: drm/amd/display: Implement bounds check for stream encoder creation in DCN301
+References:
+Notes:
+ carnil> Introduced in 3a83e4e64bb1 ("drm/amd/display: Add dcn3.01 support to DC (v2)").
+ carnil> Vulnerable versions: 5.11-rc1.
+Bugs:
+upstream: released (6.8-rc4) [58fca355ad37dcb5f785d9095db5f748b79c5dc2]
+6.7-upstream-stable: released (6.7.5) [a938eab9586eea31cfd129a507f552efae14d738]
+6.6-upstream-stable: released (6.6.17) [cd9bd10c59e3c1446680514fd3097c5b00d3712d]
+6.1-upstream-stable: released (6.1.78) [efdd665ce1a1634b8c1dad5e7f6baaef3e131d0a]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26661 b/active/CVE-2024-26661
new file mode 100644
index 00000000..6e2d3162
--- /dev/null
+++ b/active/CVE-2024-26661
@@ -0,0 +1,16 @@
+Description: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()'
+References:
+Notes:
+ carnil> Introduced in 474ac4a875ca ("drm/amd/display: Implement some asic specific abm
+ carnil> call backs."). Vulnerable versions: 5.9-rc1.
+Bugs:
+upstream: released (6.8-rc4) [66951d98d9bf45ba25acf37fe0747253fafdf298]
+6.7-upstream-stable: released (6.7.5) [39f24c08363af1cd945abad84e3c87fd3e3c845a]
+6.6-upstream-stable: released (6.6.17) [3f3c237a706580326d3b7a1b97697e5031ca4667]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26662 b/active/CVE-2024-26662
new file mode 100644
index 00000000..25c3173c
--- /dev/null
+++ b/active/CVE-2024-26662
@@ -0,0 +1,16 @@
+Description: drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()'
+References:
+Notes:
+ carnil> Introduced in 474ac4a875ca ("drm/amd/display: Implement some asic specific abm
+ carnil> call backs."). Vulnerable versions: 5.9-rc1.
+Bugs:
+upstream: released (6.8-rc4) [e96fddb32931d007db12b1fce9b5e8e4c080401b]
+6.7-upstream-stable: released (6.7.5) [0c863cab0e9173f8b6c7bc328bee3b8625f131b5]
+6.6-upstream-stable: released (6.6.17) [2e150ccea13129eb048679114808eb9770443e4d]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26663 b/active/CVE-2024-26663
new file mode 100644
index 00000000..73f2483b
--- /dev/null
+++ b/active/CVE-2024-26663
@@ -0,0 +1,16 @@
+Description: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
+References:
+Notes:
+ carnil> Introduced in ef20cd4dd163 ("tipc: introduce UDP replicast"). Vulnerable
+ carnil> versions: 4.9-rc1.
+Bugs:
+upstream: released (6.8-rc4) [3871aa01e1a779d866fa9dfdd5a836f342f4eb87]
+6.7-upstream-stable: released (6.7.5) [0cd331dfd6023640c9669d0592bc0fd491205f87]
+6.6-upstream-stable: released (6.6.17) [888e3524be87f3df9fa3c083484e4b62b3e3bb59]
+6.1-upstream-stable: released (6.1.78) [3d3a5b31b43515b5752ff282702ca546ec3e48b6]
+5.10-upstream-stable: released (5.10.210) [19d7314f2fb9515bdaac9829d4d8eb34edd1fe95]
+4.19-upstream-stable: released (4.19.307) [24ec8f0da93b8a9fba11600be8a90f0d73fb46f1]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26664 b/active/CVE-2024-26664
new file mode 100644
index 00000000..b3850fcb
--- /dev/null
+++ b/active/CVE-2024-26664
@@ -0,0 +1,16 @@
+Description: hwmon: (coretemp) Fix out-of-bounds memory access
+References:
+Notes:
+ carnil> Introduced in 7108b80a542b ("hwmon/coretemp: Handle large core ID value").
+ carnil> Vulnerable versions: 4.19.264 5.4.221 5.10.152 5.15.76 6.0.6 6.1-rc2.
+Bugs:
+upstream: released (6.8-rc4) [4e440abc894585a34c2904a32cd54af1742311b3]
+6.7-upstream-stable: released (6.7.5) [3a7753bda55985dc26fae17795cb10d825453ad1]
+6.6-upstream-stable: released (6.6.17) [853a6503c586a71abf27e60a7f8c4fb28092976d]
+6.1-upstream-stable: released (6.1.78) [9bce69419271eb8b2b3ab467387cb59c99d80deb]
+5.10-upstream-stable: released (5.10.210) [f0da068c75c20ffc5ba28243ff577531dc2af1fd]
+4.19-upstream-stable: released (4.19.307) [93f0f4e846fcb682c3ec436e3b2e30e5a3a8ee6a]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26665 b/active/CVE-2024-26665
new file mode 100644
index 00000000..dc63c904
--- /dev/null
+++ b/active/CVE-2024-26665
@@ -0,0 +1,16 @@
+Description: tunnels: fix out of bounds access when building IPv6 PMTU error
+References:
+Notes:
+ carnil> Introduced in 4cb47a8644cc ("tunnels: PMTU discovery support for directly
+ carnil> bridged IP packets"). Vulnerable versions: 5.9-rc1.
+Bugs:
+upstream: released (6.8-rc4) [d75abeec401f8c86b470e7028a13fcdc87e5dd06]
+6.7-upstream-stable: released (6.7.5) [7dc9feb8b1705cf00de20563b6bc4831f4c99dab]
+6.6-upstream-stable: released (6.6.17) [510c869ffa4068c5f19ff4df51d1e2f3a30aaac1]
+6.1-upstream-stable: released (6.1.78) [e37cde7a5716466ff2a76f7f27f0a29b05b9a732]
+5.10-upstream-stable: released (5.10.210) [e77bf828f1ca1c47fcff58bdc26b60a9d3dfbe1d]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26666 b/active/CVE-2024-26666
new file mode 100644
index 00000000..ccaf7809
--- /dev/null
+++ b/active/CVE-2024-26666
@@ -0,0 +1,16 @@
+Description: wifi: mac80211: fix RCU use in TDLS fast-xmit
+References:
+Notes:
+ carnil> Introduced in 8cc07265b691 ("wifi: mac80211: handle TDLS data frames with
+ carnil> MLO"). Vulnerable versions: 6.5-rc1.
+Bugs:
+upstream: released (6.8-rc4) [9480adfe4e0f0319b9da04b44e4eebd5ad07e0cd]
+6.7-upstream-stable: released (6.7.5) [c255c3b653c6e8b52ac658c305e2fece2825f7ad]
+6.6-upstream-stable: released (6.6.17) [fc3432ae8232ff4025e7c55012dd88db0e3d18eb]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26667 b/active/CVE-2024-26667
new file mode 100644
index 00000000..67a395cb
--- /dev/null
+++ b/active/CVE-2024-26667
@@ -0,0 +1,16 @@
+Description: drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup
+References:
+Notes:
+ carnil> Introduced in ae4d721ce100 ("drm/msm/dpu: add an API to reset the encoder
+ carnil> related hw blocks"). Vulnerable versions: 5.19-rc1.
+Bugs:
+upstream: released (6.8-rc4) [7f3d03c48b1eb6bc45ab20ca98b8b11be25f9f52]
+6.7-upstream-stable: released (6.7.5) [eb4f56f3ff5799ca754ae6d811803a63fe25a4a2]
+6.6-upstream-stable: released (6.6.17) [79592a6e7bdc1d05460c95f891f5e5263a107af8]
+6.1-upstream-stable: released (6.1.78) [fb8bfc6ea3cd8c5ac3d35711d064e2f6646aec17]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26668 b/active/CVE-2024-26668
new file mode 100644
index 00000000..d19618e7
--- /dev/null
+++ b/active/CVE-2024-26668
@@ -0,0 +1,16 @@
+Description: netfilter: nft_limit: reject configurations that cause integer overflow
+References:
+Notes:
+ carnil> Introduced in d2168e849ebf ("netfilter: nft_limit: add per-byte limiting").
+ carnil> Vulnerable versions: 4.3-rc1.
+Bugs:
+upstream: released (6.8-rc2) [c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa]
+6.7-upstream-stable: released (6.7.3) [00c2c29aa36d1d1827c51a3720e9f893a22c7c6a]
+6.6-upstream-stable: released (6.6.15) [9882495d02ecc490604f747437a40626dc9160d0]
+6.1-upstream-stable: released (6.1.76) [bc6e242bb74e2ae616bfd2b250682b738e781c9b]
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26669 b/active/CVE-2024-26669
new file mode 100644
index 00000000..b2e01bf2
--- /dev/null
+++ b/active/CVE-2024-26669
@@ -0,0 +1,16 @@
+Description: net/sched: flower: Fix chain template offload
+References:
+Notes:
+ carnil> Introduced in bbf73830cd48 ("net: sched: traverse chains in block with
+ carnil> tcf_get_next_chain()"). Vulnerable versions: 5.1-rc1.
+Bugs:
+upstream: released (6.8-rc2) [32f2a0afa95fae0d1ceec2ff06e0e816939964b8]
+6.7-upstream-stable: released (6.7.3) [c04709b2cc99ae31c346f79f0211752d7b74df01]
+6.6-upstream-stable: released (6.6.15) [9ed46144cff3598a5cf79955630e795ff9af5b97]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26670 b/active/CVE-2024-26670
new file mode 100644
index 00000000..e15bb523
--- /dev/null
+++ b/active/CVE-2024-26670
@@ -0,0 +1,16 @@
+Description: arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD
+References:
+Notes:
+ carnil> Introduced in 471470bc7052 ("arm64: errata: Add Cortex-A520 speculative
+ carnil> unprivileged load workaround"). Vulnerable versions: 6.1.57 6.5.7 6.6-rc5.
+Bugs:
+upstream: released (6.8-rc1) [832dd634bd1b4e3bbe9f10b9c9ba5db6f6f2b97f]
+6.7-upstream-stable: released (6.7.3) [baa0aaac16432019651e0d60c41cd34a0c3c3477]
+6.6-upstream-stable: released (6.6.15) [58eb5c07f41704464b9acc09ab0707b6769db6c0]
+6.1-upstream-stable: needed
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26671 b/active/CVE-2024-26671
new file mode 100644
index 00000000..cd2e802f
--- /dev/null
+++ b/active/CVE-2024-26671
@@ -0,0 +1,15 @@
+Description: blk-mq: fix IO hang from sbitmap wakeup race
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [5266caaf5660529e3da53004b8b7174cab6374ed]
+6.7-upstream-stable: released (6.7.4) [f1bc0d8163f8ee84a8d5affdf624cfad657df1d2]
+6.6-upstream-stable: released (6.6.16) [6d8b01624a2540336a32be91f25187a433af53a0]
+6.1-upstream-stable: released (6.1.77) [1d9c777d3e70bdc57dddf7a14a80059d65919e56]
+5.10-upstream-stable: released (5.10.210) [7610ba1319253225a9ba8a9d28d472fc883b4e2f]
+4.19-upstream-stable: released (4.19.307) [9525b38180e2753f0daa1a522b7767a2aa969676]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26672 b/active/CVE-2024-26672
new file mode 100644
index 00000000..3f1360a4
--- /dev/null
+++ b/active/CVE-2024-26672
@@ -0,0 +1,15 @@
+Description: drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'
+References:
+Notes:
+ carnil> First introducing commit could not be determined.
+Bugs:
+upstream: released (6.8-rc1) [4f32504a2f85a7b40fe149436881381f48e9c0c0]
+6.7-upstream-stable: released (6.7.4) [7b5d58c07024516c0e81b95e98f37710cf402c53]
+6.6-upstream-stable: needed
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26673 b/active/CVE-2024-26673
new file mode 100644
index 00000000..2ff096e2
--- /dev/null
+++ b/active/CVE-2024-26673
@@ -0,0 +1,16 @@
+Description: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations
+References:
+Notes:
+ carnil> Introduced in 857b46027d6f ("netfilter: nft_ct: add ct expectations support").
+ carnil> Vulnerable versions: 5.3-rc1.
+Bugs:
+upstream: released (6.8-rc3) [8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4]
+6.7-upstream-stable: released (6.7.4) [38cc1605338d99205a263707f4dde76408d3e0e8]
+6.6-upstream-stable: released (6.6.16) [cfe3550ea5df292c9e2d608e8c4560032391847e]
+6.1-upstream-stable: released (6.1.77) [0f501dae16b7099e69ee9b0d5c70b8f40fd30e98]
+5.10-upstream-stable: released (5.10.210) [65ee90efc928410c6f73b3d2e0afdd762652c09d]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26674 b/active/CVE-2024-26674
new file mode 100644
index 00000000..0d0f2b3d
--- /dev/null
+++ b/active/CVE-2024-26674
@@ -0,0 +1,16 @@
+Description: x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups
+References:
+Notes:
+ carnil> Introduced in b19b74bc99b1 ("x86/mm: Rework address range check in get_user()
+ carnil> and put_user()"). Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.8-rc4) [8eed4e00a370b37b4e5985ed983dccedd555ea9d]
+6.7-upstream-stable: released (6.7.5) [2da241c5ed78d0978228a1150735539fe1a60eca]
+6.6-upstream-stable: released (6.6.17) [2aed1b6c33afd8599d01c6532bbecb829480a674]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26675 b/active/CVE-2024-26675
new file mode 100644
index 00000000..7a7dd17e
--- /dev/null
+++ b/active/CVE-2024-26675
@@ -0,0 +1,16 @@
+Description: ppp_async: limit MRU to 64K
+References:
+Notes:
+ carnil> Introduced in 1da177e4c3f4 ("Linux-2.6.12-rc2"). Vulnerable versions:
+ carnil> 2.6.12-rc2^0.
+Bugs:
+upstream: released (6.8-rc4) [cb88cb53badb8aeb3955ad6ce80b07b598e310b8]
+6.7-upstream-stable: released (6.7.5) [210d938f963dddc543b07e66a79b7d8d4bd00bd8]
+6.6-upstream-stable: released (6.6.17) [7e5ef49670766c9742ffcd9cead7cdb018268719]
+6.1-upstream-stable: released (6.1.78) [4e2c4846b2507f6dfc9bea72b7567c2693a82a16]
+5.10-upstream-stable: released (5.10.210) [b06e067e93fa4b98acfd3a9f38a398ab91bbc58b]
+4.19-upstream-stable: released (4.19.307) [4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26676 b/active/CVE-2024-26676
new file mode 100644
index 00000000..48769620
--- /dev/null
+++ b/active/CVE-2024-26676
@@ -0,0 +1,16 @@
+Description: af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC.
+References:
+Notes:
+ carnil> Introduced in 2aab4b969002 ("af_unix: fix struct pid leaks in OOB support").
+ carnil> Vulnerable versions: 5.15.103 6.1.20 6.2.7 6.3-rc2.
+Bugs:
+upstream: released (6.8-rc4) [1279f9d9dec2d7462823a18c29ad61359e0a007d]
+6.7-upstream-stable: released (6.7.5) [82ae47c5c3a6b27fdc0f9e83c1499cb439c56140]
+6.6-upstream-stable: released (6.6.17) [b74aa9ce13d02b7fd37c5325b99854f91b9b4276]
+6.1-upstream-stable: released (6.1.78) [e0e09186d8821ad59806115d347ea32efa43ca4b]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26677 b/active/CVE-2024-26677
new file mode 100644
index 00000000..16073634
--- /dev/null
+++ b/active/CVE-2024-26677
@@ -0,0 +1,16 @@
+Description: rxrpc: Fix delayed ACKs to not set the reference serial number
+References:
+Notes:
+ carnil> Introduced in 17926a79320a ("[AF_RXRPC]: Provide secure RxRPC sockets for use
+ carnil> by userspace and kernel both"). Vulnerable versions: 2.6.22-rc1.
+Bugs:
+upstream: released (6.8-rc4) [e7870cf13d20f56bfc19f9c3e89707c69cf104ef]
+6.7-upstream-stable: released (6.7.5) [63719f490e6a89896e9a463d2b45e8203eab23ae]
+6.6-upstream-stable: released (6.6.17) [200cb50b9e154434470c8969d32474d38475acc2]
+6.1-upstream-stable: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26678 b/active/CVE-2024-26678
new file mode 100644
index 00000000..400d1656
--- /dev/null
+++ b/active/CVE-2024-26678
@@ -0,0 +1,16 @@
+Description: x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section
+References:
+Notes:
+ carnil> Introduced in 3e3eabe26dc8 ("x86/boot: Increase section and file alignment to
+ carnil> 4k/512"). Vulnerable versions: 6.6.18 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc4) [1ad55cecf22f05f1c884adf63cc09d3c3e609ebf]
+6.7-upstream-stable: released (6.7.5) [4adeeff8c12321cd453412a659c3c0eeb9bb2397]
+6.6-upstream-stable: needed
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26679 b/active/CVE-2024-26679
new file mode 100644
index 00000000..e5909d3d
--- /dev/null
+++ b/active/CVE-2024-26679
@@ -0,0 +1,16 @@
+Description: inet: read sk->sk_family once in inet_recv_error()
+References:
+Notes:
+ carnil> Introduced in f4713a3dfad0 ("net-timestamp: make tcp_recvmsg call
+ carnil> ipv6_recv_error for AF_INET6 socks"). Vulnerable versions: 3.17.7 3.18-rc7.
+Bugs:
+upstream: released (6.8-rc4) [eef00a82c568944f113f2de738156ac591bbd5cd]
+6.7-upstream-stable: released (6.7.5) [307fa8a75ab7423fa5c73573ec3d192de5027830]
+6.6-upstream-stable: released (6.6.17) [4a5e31bdd3c1702b520506d9cf8c41085f75c7f2]
+6.1-upstream-stable: released (6.1.78) [54538752216bf89ee88d47ad07802063a498c299]
+5.10-upstream-stable: released (5.10.210) [88081ba415224cf413101def4343d660f56d082b]
+4.19-upstream-stable: released (4.19.307) [caa064c3c2394d03e289ebd6b0be5102eb8a5b40]
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
diff --git a/active/CVE-2024-26680 b/active/CVE-2024-26680
new file mode 100644
index 00000000..87c9d477
--- /dev/null
+++ b/active/CVE-2024-26680
@@ -0,0 +1,16 @@
+Description: net: atlantic: Fix DMA mapping for PTP hwts ring
+References:
+Notes:
+ carnil> Introduced in 94ad94558b0f ("net: aquantia: add PTP rings infrastructure").
+ carnil> Vulnerable versions: 5.5-rc1.
+Bugs:
+upstream: released (6.8-rc4) [2e7d3b67630dfd8f178c41fa2217aa00e79a5887]
+6.7-upstream-stable: released (6.7.5) [e42e334c645575be5432adee224975d4f536fdb1]
+6.6-upstream-stable: released (6.6.17) [004fe5b7f59286a926a45e0cafc7870e9cdddd56]
+6.1-upstream-stable: released (6.1.78) [466ceebe48cbba3f4506f165fca7111f9eb8bb12]
+5.10-upstream-stable: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26681 b/active/CVE-2024-26681
new file mode 100644
index 00000000..78cb7fe0
--- /dev/null
+++ b/active/CVE-2024-26681
@@ -0,0 +1,16 @@
+Description: netdevsim: avoid potential loop in nsim_dev_trap_report_work()
+References:
+Notes:
+ carnil> Introduced in 012ec02ae441 ("netdevsim: convert driver to use unlocked devlink
+ carnil> API during init/fini"). Vulnerable versions: 6.0-rc1.
+Bugs:
+upstream: released (6.8-rc4) [ba5e1272142d051dcc57ca1d3225ad8a089f9858]
+6.7-upstream-stable: released (6.7.5) [d91964cdada76740811b7c621239f9c407820dbc]
+6.6-upstream-stable: released (6.6.17) [6eecddd9c3c8d6e3a097531cdc6d500335b35e46]
+6.1-upstream-stable: released (6.1.78) [0193e0660cc6689c794794b471492923cfd7bfbc]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26682 b/active/CVE-2024-26682
new file mode 100644
index 00000000..cab217df
--- /dev/null
+++ b/active/CVE-2024-26682
@@ -0,0 +1,16 @@
+Description: wifi: mac80211: improve CSA/ECSA connection refusal
+References:
+Notes:
+ carnil> Introduced in c09c4f31998b ("wifi: mac80211: don't connect to an AP while it's
+ carnil> in a CSA process"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc4) [35e2385dbe787936c793d70755a5177d267a40aa]
+6.7-upstream-stable: released (6.7.5) [ea88bde8e3fefbe4268f6991375dd629895a090a]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26683 b/active/CVE-2024-26683
new file mode 100644
index 00000000..7d9a4977
--- /dev/null
+++ b/active/CVE-2024-26683
@@ -0,0 +1,16 @@
+Description: wifi: cfg80211: detect stuck ECSA element in probe resp
+References:
+Notes:
+ carnil> Introduced in c09c4f31998b ("wifi: mac80211: don't connect to an AP while it's
+ carnil> in a CSA process"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc4) [177fbbcb4ed6b306c1626a277fac3fb1c495a4c7]
+6.7-upstream-stable: released (6.7.5) [ce112c941c2b172afba3e913a90c380647d53975]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2024-26684 b/active/CVE-2024-26684
new file mode 100644
index 00000000..303f49a2
--- /dev/null
+++ b/active/CVE-2024-26684
@@ -0,0 +1,16 @@
+Description: net: stmmac: xgmac: fix handling of DPP safety error for DMA channels
+References:
+Notes:
+ carnil> Introduced in 56e58d6c8a56 ("net: stmmac: Implement Safety Features in XGMAC
+ carnil> core"). Vulnerable versions: 5.4-rc1.
+Bugs:
+upstream: released (6.8-rc4) [46eba193d04f8bd717e525eb4110f3c46c12aec3]
+6.7-upstream-stable: released (6.7.5) [3b48c9e258c8691c2f093ee07b1ea3764caaa1b2]
+6.6-upstream-stable: released (6.6.17) [7e0ff50131e9d1aa507be8e670d38e9300a5f5bf]
+6.1-upstream-stable: released (6.1.78) [e42ff0844fe418c7d03a14f9f90e1b91ba119591]
+5.10-upstream-stable: released (5.10.210) [2fc45a4631ac7837a5c497cb4f7e2115d950fc37]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.7.7-1)
+6.1-bookworm-security: needed
+5.10-bullseye-security: needed
+4.19-buster-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3