diff options
author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-02-16 12:21:32 +0100 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-02-16 12:21:32 +0100 |
commit | f235affc9df0f1882a4f36969355ad0eeb75b6fe (patch) | |
tree | 1c2804b1f470cadfce8ede306fdc6efb8a1284a1 | |
parent | 5785260f088ea7c4757beef3e4886fbd6c5f543f (diff) | |
download | vulns-f235affc9df0f1882a4f36969355ad0eeb75b6fe.tar.gz |
cve test entries updated with latest output from bippy
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r-- | cve/published/2021/CVE-2021-47181.json | 64 | ||||
-rw-r--r-- | cve/published/2021/CVE-2021-47181.mbox | 30 | ||||
-rw-r--r-- | cve/published/2021/CVE-2021-47182.json | 73 | ||||
-rw-r--r-- | cve/published/2021/CVE-2021-47182.mbox | 33 | ||||
-rw-r--r-- | cve/published/2023/CVE-2023-1851.json | 73 | ||||
-rw-r--r-- | cve/published/2023/CVE-2023-1851.mbox | 33 | ||||
-rw-r--r-- | cve/published/2023/CVE-2023-21657.json | 64 | ||||
-rw-r--r-- | cve/published/2023/CVE-2023-21657.mbox | 30 | ||||
-rw-r--r-- | cve/published/2023/CVE-2023-21658.json | 73 | ||||
-rw-r--r-- | cve/published/2023/CVE-2023-21658.mbox | 33 | ||||
-rw-r--r-- | cve/published/2023/CVE-2023-21659.json | 10 | ||||
-rw-r--r-- | cve/published/2023/CVE-2023-21659.mbox | 12 | ||||
-rw-r--r-- | cve/published/2024/CVE-2024-0052.json | 19 | ||||
-rw-r--r-- | cve/published/2024/CVE-2024-0052.mbox | 15 | ||||
-rw-r--r-- | cve/published/2024/CVE-2024-20607.json | 10 | ||||
-rw-r--r-- | cve/published/2024/CVE-2024-20607.mbox | 12 |
16 files changed, 486 insertions, 98 deletions
diff --git a/cve/published/2021/CVE-2021-47181.json b/cve/published/2021/CVE-2021-47181.json index 2397289e..173d2cbf 100644 --- a/cve/published/2021/CVE-2021-47181.json +++ b/cve/published/2021/CVE-2021-47181.json @@ -57,18 +57,78 @@ "lessThan": "5.15.11", "status": "affected", "versionType": "custom" + }, + { + "version": "93cd7100fe47", + "lessThan": "2983866fc137", + "status": "affected", + "versionType": "git" + }, + { + "version": "d2ca6859ea96", + "lessThan": "4dbf2224984f", + "status": "affected", + "versionType": "git" + }, + { + "version": "e7c8afee1491", + "lessThan": "9b3a3a363591", + "status": "affected", + "versionType": "git" + }, + { + "version": "13e45e7a262d", + "lessThan": "05da4194e81a", + "status": "affected", + "versionType": "git" + }, + { + "version": "fd6de5a0cd42", + "lessThan": "aae3448b78d9", + "status": "affected", + "versionType": "git" + }, + { + "version": "7193ad3e50e5", + "lessThan": "2b54f485f2c1", + "status": "affected", + "versionType": "git" + }, + { + "version": "36dfdf11af49", + "lessThan": "abd3a33b3f2b", + "status": "affected", + "versionType": "git" } ] } ], "references": [ { - "url": "https://git.kernel.org/stable/linux/c/f08adf5add9a071160c68bb2a61d697f39ab0758" + "url": "https://git.kernel.org/stable/linux/c/2983866fc137" + }, + { + "url": "https://git.kernel.org/stable/linux/c/4dbf2224984f" + }, + { + "url": "https://git.kernel.org/stable/linux/c/9b3a3a363591" + }, + { + "url": "https://git.kernel.org/stable/linux/c/05da4194e81a" + }, + { + "url": "https://git.kernel.org/stable/linux/c/aae3448b78d9" + }, + { + "url": "https://git.kernel.org/stable/linux/c/2b54f485f2c1" + }, + { + "url": "https://git.kernel.org/stable/linux/c/abd3a33b3f2b" } ], "title": "USB: gadget: bRequestType is a bitfield, not a enum", "x_generator": { - "engine": "bippy-e2c21c5ac1c5" + "engine": "bippy-989a34f9de21" } } }, diff --git a/cve/published/2021/CVE-2021-47181.mbox b/cve/published/2021/CVE-2021-47181.mbox index 37a0af3b..d5195871 100644 --- a/cve/published/2021/CVE-2021-47181.mbox +++ b/cve/published/2021/CVE-2021-47181.mbox @@ -1,5 +1,5 @@ -From bippy-42982939a884 Mon Sep 17 00:00:00 2001 -From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +From bippy-989a34f9de21 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@kernel.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org> Subject: CVE-2021-47181: USB: gadget: bRequestType is a bitfield, not a enum @@ -23,13 +23,13 @@ The Linux kernel CVE team has assigned CVE-2021-47181 to this issue. Affected versions ================= - Issue introduced in 4.4.295 and fixed in 4.4.296 - Issue introduced in 4.9.293 and fixed in 4.9.294 - Issue introduced in 4.14.258 and fixed in 4.14.259 - Issue introduced in 4.19.221 and fixed in 4.19.222 - Issue introduced in 5.4.165 and fixed in 5.4.168 - Issue introduced in 5.10.85 and fixed in 5.10.88 - Issue introduced in 5.15.8 and fixed in 5.15.11 + Issue introduced in 4.4.295 with commit 93cd7100fe47 and fixed in 4.4.296 with commit 2983866fc137 + Issue introduced in 4.9.293 with commit d2ca6859ea96 and fixed in 4.9.294 with commit 4dbf2224984f + Issue introduced in 4.14.258 with commit e7c8afee1491 and fixed in 4.14.259 with commit 9b3a3a363591 + Issue introduced in 4.19.221 with commit 13e45e7a262d and fixed in 4.19.222 with commit 05da4194e81a + Issue introduced in 5.4.165 with commit fd6de5a0cd42 and fixed in 5.4.168 with commit aae3448b78d9 + Issue introduced in 5.10.85 with commit 7193ad3e50e5 and fixed in 5.10.88 with commit 2b54f485f2c1 + Issue introduced in 5.15.8 with commit 36dfdf11af49 and fixed in 5.15.11 with commit abd3a33b3f2b Please note that only supported kernel versions have fixes applied to them. For a full list of currently supported kernel versions, please @@ -50,6 +50,12 @@ stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to -the latest release is impossible, the individual change to resolve this -issue can be found at: - https://git.kernel.org/stable/linux/c/f08adf5add9a071160c68bb2a61d697f39ab0758 +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/linux/c/2983866fc137 + https://git.kernel.org/stable/linux/c/4dbf2224984f + https://git.kernel.org/stable/linux/c/9b3a3a363591 + https://git.kernel.org/stable/linux/c/05da4194e81a + https://git.kernel.org/stable/linux/c/aae3448b78d9 + https://git.kernel.org/stable/linux/c/2b54f485f2c1 + https://git.kernel.org/stable/linux/c/abd3a33b3f2b diff --git a/cve/published/2021/CVE-2021-47182.json b/cve/published/2021/CVE-2021-47182.json index 768c98a4..2a27a7e0 100644 --- a/cve/published/2021/CVE-2021-47182.json +++ b/cve/published/2021/CVE-2021-47182.json @@ -63,18 +63,87 @@ "lessThan": "5.16", "status": "affected", "versionType": "custom" + }, + { + "version": "1da177e4c3f4", + "lessThan": "93cd7100fe47", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "d2ca6859ea96", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "e7c8afee1491", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "13e45e7a262d", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "fd6de5a0cd42", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "7193ad3e50e5", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "36dfdf11af49", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "153a2d7e3350", + "status": "affected", + "versionType": "git" } ] } ], "references": [ { - "url": "https://git.kernel.org/stable/linux/c/153a2d7e3350cc89d406ba2d35be8793a64c2038" + "url": "https://git.kernel.org/stable/linux/c/93cd7100fe47" + }, + { + "url": "https://git.kernel.org/stable/linux/c/d2ca6859ea96" + }, + { + "url": "https://git.kernel.org/stable/linux/c/e7c8afee1491" + }, + { + "url": "https://git.kernel.org/stable/linux/c/13e45e7a262d" + }, + { + "url": "https://git.kernel.org/stable/linux/c/fd6de5a0cd42" + }, + { + "url": "https://git.kernel.org/stable/linux/c/7193ad3e50e5" + }, + { + "url": "https://git.kernel.org/stable/linux/c/36dfdf11af49" + }, + { + "url": "https://git.kernel.org/stable/linux/c/153a2d7e3350" } ], "title": "USB: gadget: detect too-big endpoint 0 requests", "x_generator": { - "engine": "bippy-42982939a884" + "engine": "bippy-989a34f9de21" } } }, diff --git a/cve/published/2021/CVE-2021-47182.mbox b/cve/published/2021/CVE-2021-47182.mbox index 81be1776..6522b802 100644 --- a/cve/published/2021/CVE-2021-47182.mbox +++ b/cve/published/2021/CVE-2021-47182.mbox @@ -1,5 +1,5 @@ -From bippy-42982939a884 Mon Sep 17 00:00:00 2001 -From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +From bippy-989a34f9de21 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@kernel.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org> Subject: CVE-2021-47182: USB: gadget: detect too-big endpoint 0 requests @@ -20,14 +20,14 @@ The Linux kernel CVE team has assigned CVE-2021-47182 to this issue. Affected versions ================= - Fixed in 4.4.295 - Fixed in 4.9.293 - Fixed in 4.14.258 - Fixed in 4.19.221 - Fixed in 5.4.165 - Fixed in 5.10.85 - Fixed in 5.15.8 - Fixed in 5.16 + Fixed in 4.4.295 with commit 93cd7100fe47 + Fixed in 4.9.293 with commit d2ca6859ea96 + Fixed in 4.14.258 with commit e7c8afee1491 + Fixed in 4.19.221 with commit 13e45e7a262d + Fixed in 5.4.165 with commit fd6de5a0cd42 + Fixed in 5.10.85 with commit 7193ad3e50e5 + Fixed in 5.15.8 with commit 36dfdf11af49 + Fixed in 5.16 with commit 153a2d7e3350 Please note that only supported kernel versions have fixes applied to them. For a full list of currently supported kernel versions, please @@ -48,6 +48,13 @@ stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to -the latest release is impossible, the individual change to resolve this -issue can be found at: - https://git.kernel.org/stable/linux/c/153a2d7e3350cc89d406ba2d35be8793a64c2038 +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/linux/c/93cd7100fe47 + https://git.kernel.org/stable/linux/c/d2ca6859ea96 + https://git.kernel.org/stable/linux/c/e7c8afee1491 + https://git.kernel.org/stable/linux/c/13e45e7a262d + https://git.kernel.org/stable/linux/c/fd6de5a0cd42 + https://git.kernel.org/stable/linux/c/7193ad3e50e5 + https://git.kernel.org/stable/linux/c/36dfdf11af49 + https://git.kernel.org/stable/linux/c/153a2d7e3350 diff --git a/cve/published/2023/CVE-2023-1851.json b/cve/published/2023/CVE-2023-1851.json index 4dc80bb0..f75ce677 100644 --- a/cve/published/2023/CVE-2023-1851.json +++ b/cve/published/2023/CVE-2023-1851.json @@ -63,18 +63,87 @@ "lessThan": "6.7", "status": "affected", "versionType": "custom" + }, + { + "version": "c7aa12252f51", + "lessThan": "83724831dab1", + "status": "affected", + "versionType": "git" + }, + { + "version": "c7aa12252f51", + "lessThan": "df02150025a3", + "status": "affected", + "versionType": "git" + }, + { + "version": "c7aa12252f51", + "lessThan": "65c6ef02ff26", + "status": "affected", + "versionType": "git" + }, + { + "version": "c7aa12252f51", + "lessThan": "6adeb15cb6ad", + "status": "affected", + "versionType": "git" + }, + { + "version": "c7aa12252f51", + "lessThan": "802af3c88ad1", + "status": "affected", + "versionType": "git" + }, + { + "version": "c7aa12252f51", + "lessThan": "a4b0a9b80a96", + "status": "affected", + "versionType": "git" + }, + { + "version": "c7aa12252f51", + "lessThan": "fb195df90544", + "status": "affected", + "versionType": "git" + }, + { + "version": "c7aa12252f51", + "lessThan": "c95f919567d6", + "status": "affected", + "versionType": "git" } ] } ], "references": [ { - "url": "https://git.kernel.org/stable/linux/c/c95f919567d6f1914f13350af61a1b044ac85014" + "url": "https://git.kernel.org/stable/linux/c/83724831dab1" + }, + { + "url": "https://git.kernel.org/stable/linux/c/df02150025a3" + }, + { + "url": "https://git.kernel.org/stable/linux/c/65c6ef02ff26" + }, + { + "url": "https://git.kernel.org/stable/linux/c/6adeb15cb6ad" + }, + { + "url": "https://git.kernel.org/stable/linux/c/802af3c88ad1" + }, + { + "url": "https://git.kernel.org/stable/linux/c/a4b0a9b80a96" + }, + { + "url": "https://git.kernel.org/stable/linux/c/fb195df90544" + }, + { + "url": "https://git.kernel.org/stable/linux/c/c95f919567d6" } ], "title": "nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local", "x_generator": { - "engine": "bippy-e2c21c5ac1c5" + "engine": "bippy-989a34f9de21" } } }, diff --git a/cve/published/2023/CVE-2023-1851.mbox b/cve/published/2023/CVE-2023-1851.mbox index 345c4115..ee35d4f6 100644 --- a/cve/published/2023/CVE-2023-1851.mbox +++ b/cve/published/2023/CVE-2023-1851.mbox @@ -1,5 +1,5 @@ -From bippy-42982939a884 Mon Sep 17 00:00:00 2001 -From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +From bippy-989a34f9de21 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@kernel.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org> Subject: CVE-2023-1851: nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local @@ -43,14 +43,14 @@ The Linux kernel CVE team has assigned CVE-2023-1851 to this issue. Affected versions ================= - Issue introduced in 3.6 and fixed in 4.14.336 - Issue introduced in 3.6 and fixed in 4.19.305 - Issue introduced in 3.6 and fixed in 5.4.267 - Issue introduced in 3.6 and fixed in 5.10.208 - Issue introduced in 3.6 and fixed in 5.15.147 - Issue introduced in 3.6 and fixed in 6.1.72 - Issue introduced in 3.6 and fixed in 6.6.11 - Issue introduced in 3.6 and fixed in 6.7 + Issue introduced in 3.6 with commit c7aa12252f51 and fixed in 4.14.336 with commit 83724831dab1 + Issue introduced in 3.6 with commit c7aa12252f51 and fixed in 4.19.305 with commit df02150025a3 + Issue introduced in 3.6 with commit c7aa12252f51 and fixed in 5.4.267 with commit 65c6ef02ff26 + Issue introduced in 3.6 with commit c7aa12252f51 and fixed in 5.10.208 with commit 6adeb15cb6ad + Issue introduced in 3.6 with commit c7aa12252f51 and fixed in 5.15.147 with commit 802af3c88ad1 + Issue introduced in 3.6 with commit c7aa12252f51 and fixed in 6.1.72 with commit a4b0a9b80a96 + Issue introduced in 3.6 with commit c7aa12252f51 and fixed in 6.6.11 with commit fb195df90544 + Issue introduced in 3.6 with commit c7aa12252f51 and fixed in 6.7 with commit c95f919567d6 Please note that only supported kernel versions have fixes applied to them. For a full list of currently supported kernel versions, please @@ -71,6 +71,13 @@ stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to -the latest release is impossible, the individual change to resolve this -issue can be found at: - https://git.kernel.org/stable/linux/c/c95f919567d6f1914f13350af61a1b044ac85014 +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/linux/c/83724831dab1 + https://git.kernel.org/stable/linux/c/df02150025a3 + https://git.kernel.org/stable/linux/c/65c6ef02ff26 + https://git.kernel.org/stable/linux/c/6adeb15cb6ad + https://git.kernel.org/stable/linux/c/802af3c88ad1 + https://git.kernel.org/stable/linux/c/a4b0a9b80a96 + https://git.kernel.org/stable/linux/c/fb195df90544 + https://git.kernel.org/stable/linux/c/c95f919567d6 diff --git a/cve/published/2023/CVE-2023-21657.json b/cve/published/2023/CVE-2023-21657.json index 945857e3..f8d3ad89 100644 --- a/cve/published/2023/CVE-2023-21657.json +++ b/cve/published/2023/CVE-2023-21657.json @@ -57,18 +57,78 @@ "lessThan": "6.2", "status": "affected", "versionType": "custom" + }, + { + "version": "1da177e4c3f4", + "lessThan": "1d43de93b35d", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "669c76e55de3", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "9f95a161a7de", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "6416c2108ba5", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "35351e3060d6", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "747ca7c8a0c7", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "2c10b61421a2", + "status": "affected", + "versionType": "git" } ] } ], "references": [ { - "url": "https://git.kernel.org/stable/linux/c/2c10b61421a28e95a46ab489fd56c0f442ff6952" + "url": "https://git.kernel.org/stable/linux/c/1d43de93b35d" + }, + { + "url": "https://git.kernel.org/stable/linux/c/669c76e55de3" + }, + { + "url": "https://git.kernel.org/stable/linux/c/9f95a161a7de" + }, + { + "url": "https://git.kernel.org/stable/linux/c/6416c2108ba5" + }, + { + "url": "https://git.kernel.org/stable/linux/c/35351e3060d6" + }, + { + "url": "https://git.kernel.org/stable/linux/c/747ca7c8a0c7" + }, + { + "url": "https://git.kernel.org/stable/linux/c/2c10b61421a2" } ], "title": "kvm: initialize all of the kvm_debugregs structure before sending it to userspace", "x_generator": { - "engine": "bippy-e2c21c5ac1c5" + "engine": "bippy-989a34f9de21" } } }, diff --git a/cve/published/2023/CVE-2023-21657.mbox b/cve/published/2023/CVE-2023-21657.mbox index e345c517..197dc5bd 100644 --- a/cve/published/2023/CVE-2023-21657.mbox +++ b/cve/published/2023/CVE-2023-21657.mbox @@ -1,5 +1,5 @@ -From bippy-42982939a884 Mon Sep 17 00:00:00 2001 -From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +From bippy-989a34f9de21 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@kernel.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org> Subject: CVE-2023-21657: kvm: initialize all of the kvm_debugregs structure before sending it to userspace @@ -24,13 +24,13 @@ The Linux kernel CVE team has assigned CVE-2023-21657 to this issue. Affected versions ================= - Fixed in 4.14.306 - Fixed in 4.19.273 - Fixed in 5.4.232 - Fixed in 5.10.169 - Fixed in 5.15.95 - Fixed in 6.1.13 - Fixed in 6.2 + Fixed in 4.14.306 with commit 1d43de93b35d + Fixed in 4.19.273 with commit 669c76e55de3 + Fixed in 5.4.232 with commit 9f95a161a7de + Fixed in 5.10.169 with commit 6416c2108ba5 + Fixed in 5.15.95 with commit 35351e3060d6 + Fixed in 6.1.13 with commit 747ca7c8a0c7 + Fixed in 6.2 with commit 2c10b61421a2 Please note that only supported kernel versions have fixes applied to them. For a full list of currently supported kernel versions, please @@ -51,6 +51,12 @@ stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to -the latest release is impossible, the individual change to resolve this -issue can be found at: - https://git.kernel.org/stable/linux/c/2c10b61421a28e95a46ab489fd56c0f442ff6952 +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/linux/c/1d43de93b35d + https://git.kernel.org/stable/linux/c/669c76e55de3 + https://git.kernel.org/stable/linux/c/9f95a161a7de + https://git.kernel.org/stable/linux/c/6416c2108ba5 + https://git.kernel.org/stable/linux/c/35351e3060d6 + https://git.kernel.org/stable/linux/c/747ca7c8a0c7 + https://git.kernel.org/stable/linux/c/2c10b61421a2 diff --git a/cve/published/2023/CVE-2023-21658.json b/cve/published/2023/CVE-2023-21658.json index 42cf1e67..bf870b1c 100644 --- a/cve/published/2023/CVE-2023-21658.json +++ b/cve/published/2023/CVE-2023-21658.json @@ -63,18 +63,87 @@ "lessThan": "6.3", "status": "affected", "versionType": "custom" + }, + { + "version": "0252c3b4f018", + "lessThan": "052d22bf5453", + "status": "affected", + "versionType": "git" + }, + { + "version": "0252c3b4f018", + "lessThan": "70ae89da72f3", + "status": "affected", + "versionType": "git" + }, + { + "version": "0252c3b4f018", + "lessThan": "1b8b54fc55a4", + "status": "affected", + "versionType": "git" + }, + { + "version": "0252c3b4f018", + "lessThan": "e10a6d88ae9b", + "status": "affected", + "versionType": "git" + }, + { + "version": "0252c3b4f018", + "lessThan": "ebab1a86ca3e", + "status": "affected", + "versionType": "git" + }, + { + "version": "0252c3b4f018", + "lessThan": "a3a93b46833f", + "status": "affected", + "versionType": "git" + }, + { + "version": "0252c3b4f018", + "lessThan": "d299776014ba", + "status": "affected", + "versionType": "git" + }, + { + "version": "0252c3b4f018", + "lessThan": "4b6d621c9d85", + "status": "affected", + "versionType": "git" } ] } ], "references": [ { - "url": "https://git.kernel.org/stable/linux/c/4b6d621c9d859ff89e68cebf6178652592676013" + "url": "https://git.kernel.org/stable/linux/c/052d22bf5453" + }, + { + "url": "https://git.kernel.org/stable/linux/c/70ae89da72f3" + }, + { + "url": "https://git.kernel.org/stable/linux/c/1b8b54fc55a4" + }, + { + "url": "https://git.kernel.org/stable/linux/c/e10a6d88ae9b" + }, + { + "url": "https://git.kernel.org/stable/linux/c/ebab1a86ca3e" + }, + { + "url": "https://git.kernel.org/stable/linux/c/a3a93b46833f" + }, + { + "url": "https://git.kernel.org/stable/linux/c/d299776014ba" + }, + { + "url": "https://git.kernel.org/stable/linux/c/4b6d621c9d85" } ], "title": "memstick: fix memory leak if card device is never registered", "x_generator": { - "engine": "bippy-e2c21c5ac1c5" + "engine": "bippy-989a34f9de21" } } }, diff --git a/cve/published/2023/CVE-2023-21658.mbox b/cve/published/2023/CVE-2023-21658.mbox index 0c65b4c0..b2e61e52 100644 --- a/cve/published/2023/CVE-2023-21658.mbox +++ b/cve/published/2023/CVE-2023-21658.mbox @@ -1,5 +1,5 @@ -From bippy-42982939a884 Mon Sep 17 00:00:00 2001 -From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +From bippy-989a34f9de21 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@kernel.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org> Subject: CVE-2023-21658: memstick: fix memory leak if card device is never registered @@ -25,14 +25,14 @@ The Linux kernel CVE team has assigned CVE-2023-21658 to this issue. Affected versions ================= - Issue introduced in 2.6.29 and fixed in 4.14.314 - Issue introduced in 2.6.29 and fixed in 4.19.282 - Issue introduced in 2.6.29 and fixed in 5.4.242 - Issue introduced in 2.6.29 and fixed in 5.10.179 - Issue introduced in 2.6.29 and fixed in 5.15.109 - Issue introduced in 2.6.29 and fixed in 6.1.26 - Issue introduced in 2.6.29 and fixed in 6.2.13 - Issue introduced in 2.6.29 and fixed in 6.3 + Issue introduced in 2.6.29 with commit 0252c3b4f018 and fixed in 4.14.314 with commit 052d22bf5453 + Issue introduced in 2.6.29 with commit 0252c3b4f018 and fixed in 4.19.282 with commit 70ae89da72f3 + Issue introduced in 2.6.29 with commit 0252c3b4f018 and fixed in 5.4.242 with commit 1b8b54fc55a4 + Issue introduced in 2.6.29 with commit 0252c3b4f018 and fixed in 5.10.179 with commit e10a6d88ae9b + Issue introduced in 2.6.29 with commit 0252c3b4f018 and fixed in 5.15.109 with commit ebab1a86ca3e + Issue introduced in 2.6.29 with commit 0252c3b4f018 and fixed in 6.1.26 with commit a3a93b46833f + Issue introduced in 2.6.29 with commit 0252c3b4f018 and fixed in 6.2.13 with commit d299776014ba + Issue introduced in 2.6.29 with commit 0252c3b4f018 and fixed in 6.3 with commit 4b6d621c9d85 Please note that only supported kernel versions have fixes applied to them. For a full list of currently supported kernel versions, please @@ -53,6 +53,13 @@ stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to -the latest release is impossible, the individual change to resolve this -issue can be found at: - https://git.kernel.org/stable/linux/c/4b6d621c9d859ff89e68cebf6178652592676013 +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/linux/c/052d22bf5453 + https://git.kernel.org/stable/linux/c/70ae89da72f3 + https://git.kernel.org/stable/linux/c/1b8b54fc55a4 + https://git.kernel.org/stable/linux/c/e10a6d88ae9b + https://git.kernel.org/stable/linux/c/ebab1a86ca3e + https://git.kernel.org/stable/linux/c/a3a93b46833f + https://git.kernel.org/stable/linux/c/d299776014ba + https://git.kernel.org/stable/linux/c/4b6d621c9d85 diff --git a/cve/published/2023/CVE-2023-21659.json b/cve/published/2023/CVE-2023-21659.json index 6f5b3bd2..7dd57da9 100644 --- a/cve/published/2023/CVE-2023-21659.json +++ b/cve/published/2023/CVE-2023-21659.json @@ -21,18 +21,24 @@ "lessThan": "4.19.279", "status": "affected", "versionType": "custom" + }, + { + "version": "cb1f69d53ac8", + "lessThan": "2a8664583d4d", + "status": "affected", + "versionType": "git" } ] } ], "references": [ { - "url": "https://git.kernel.org/stable/linux/c/2a8664583d4d3655cfe5d36cf03f56b11530b69b" + "url": "https://git.kernel.org/stable/linux/c/2a8664583d4d" } ], "title": "fs: sysfs_emit_at: Remove PAGE_SIZE alignment check", "x_generator": { - "engine": "bippy-e2c21c5ac1c5" + "engine": "bippy-989a34f9de21" } } }, diff --git a/cve/published/2023/CVE-2023-21659.mbox b/cve/published/2023/CVE-2023-21659.mbox index 4addea76..81c58406 100644 --- a/cve/published/2023/CVE-2023-21659.mbox +++ b/cve/published/2023/CVE-2023-21659.mbox @@ -1,5 +1,5 @@ -From bippy-42982939a884 Mon Sep 17 00:00:00 2001 -From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +From bippy-989a34f9de21 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@kernel.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org> Subject: CVE-2023-21659: fs: sysfs_emit_at: Remove PAGE_SIZE alignment check @@ -46,7 +46,7 @@ The Linux kernel CVE team has assigned CVE-2023-21659 to this issue. Affected versions ================= - Issue introduced in 4.19.179 and fixed in 4.19.279 + Issue introduced in 4.19.179 with commit cb1f69d53ac8 and fixed in 4.19.279 with commit 2a8664583d4d Please note that only supported kernel versions have fixes applied to them. For a full list of currently supported kernel versions, please @@ -67,6 +67,6 @@ stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to -the latest release is impossible, the individual change to resolve this -issue can be found at: - https://git.kernel.org/stable/linux/c/2a8664583d4d3655cfe5d36cf03f56b11530b69b +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/linux/c/2a8664583d4d diff --git a/cve/published/2024/CVE-2024-0052.json b/cve/published/2024/CVE-2024-0052.json index 09a8cf25..834725e7 100644 --- a/cve/published/2024/CVE-2024-0052.json +++ b/cve/published/2024/CVE-2024-0052.json @@ -27,18 +27,33 @@ "lessThan": "6.7.1", "status": "affected", "versionType": "custom" + }, + { + "version": "2d1f649c7c08", + "lessThan": "9584c8d658c0", + "status": "affected", + "versionType": "git" + }, + { + "version": "2d1f649c7c08", + "lessThan": "0f91df0c0fae", + "status": "affected", + "versionType": "git" } ] } ], "references": [ { - "url": "https://git.kernel.org/stable/linux/c/11684134140bb708b6e6de969a060535630b1b53" + "url": "https://git.kernel.org/stable/linux/c/9584c8d658c0" + }, + { + "url": "https://git.kernel.org/stable/linux/c/0f91df0c0fae" } ], "title": "mm/memory_hotplug: fix memmap_on_memory sysfs value retrieval", "x_generator": { - "engine": "bippy-e2c21c5ac1c5" + "engine": "bippy-989a34f9de21" } } }, diff --git a/cve/published/2024/CVE-2024-0052.mbox b/cve/published/2024/CVE-2024-0052.mbox index f7b9992f..9f6ff4e0 100644 --- a/cve/published/2024/CVE-2024-0052.mbox +++ b/cve/published/2024/CVE-2024-0052.mbox @@ -1,5 +1,5 @@ -From bippy-42982939a884 Mon Sep 17 00:00:00 2001 -From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +From bippy-989a34f9de21 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@kernel.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org> Subject: CVE-2024-0052: mm/memory_hotplug: fix memmap_on_memory sysfs value retrieval @@ -26,8 +26,8 @@ The Linux kernel CVE team has assigned CVE-2024-0052 to this issue. Affected versions ================= - Issue introduced in 6.6 and fixed in 6.6.13 - Issue introduced in 6.6 and fixed in 6.7.1 + Issue introduced in 6.6 with commit 2d1f649c7c08 and fixed in 6.6.13 with commit 9584c8d658c0 + Issue introduced in 6.6 with commit 2d1f649c7c08 and fixed in 6.7.1 with commit 0f91df0c0fae Please note that only supported kernel versions have fixes applied to them. For a full list of currently supported kernel versions, please @@ -48,6 +48,7 @@ stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to -the latest release is impossible, the individual change to resolve this -issue can be found at: - https://git.kernel.org/stable/linux/c/11684134140bb708b6e6de969a060535630b1b53 +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/linux/c/9584c8d658c0 + https://git.kernel.org/stable/linux/c/0f91df0c0fae diff --git a/cve/published/2024/CVE-2024-20607.json b/cve/published/2024/CVE-2024-20607.json index d6a27078..dcc57d39 100644 --- a/cve/published/2024/CVE-2024-20607.json +++ b/cve/published/2024/CVE-2024-20607.json @@ -21,18 +21,24 @@ "lessThan": "6.7.4", "status": "affected", "versionType": "custom" + }, + { + "version": "ffa55858330f", + "lessThan": "46826a384406", + "status": "affected", + "versionType": "git" } ] } ], "references": [ { - "url": "https://git.kernel.org/stable/linux/c/d9407ff11809c6812bb84fe7be9c1367d758e5c8" + "url": "https://git.kernel.org/stable/linux/c/46826a384406" } ], "title": "pds_core: Prevent health thread from running during reset/remove", "x_generator": { - "engine": "bippy-e2c21c5ac1c5" + "engine": "bippy-989a34f9de21" } } }, diff --git a/cve/published/2024/CVE-2024-20607.mbox b/cve/published/2024/CVE-2024-20607.mbox index 1513fadc..abf9ade2 100644 --- a/cve/published/2024/CVE-2024-20607.mbox +++ b/cve/published/2024/CVE-2024-20607.mbox @@ -1,5 +1,5 @@ -From bippy-42982939a884 Mon Sep 17 00:00:00 2001 -From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +From bippy-989a34f9de21 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@kernel.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org> Subject: CVE-2024-20607: pds_core: Prevent health thread from running during reset/remove @@ -23,7 +23,7 @@ The Linux kernel CVE team has assigned CVE-2024-20607 to this issue. Affected versions ================= - Issue introduced in 6.7 and fixed in 6.7.4 + Issue introduced in 6.7 with commit ffa55858330f and fixed in 6.7.4 with commit 46826a384406 Please note that only supported kernel versions have fixes applied to them. For a full list of currently supported kernel versions, please @@ -44,6 +44,6 @@ stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to -the latest release is impossible, the individual change to resolve this -issue can be found at: - https://git.kernel.org/stable/linux/c/d9407ff11809c6812bb84fe7be9c1367d758e5c8 +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/linux/c/46826a384406 |