diff options
| author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-02-12 20:04:48 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-02-12 20:04:48 +0100 |
| commit | fdd137f8b3924679df6bb4e361ba228b9fe7d12b (patch) | |
| tree | b91cc373e0927136aff2b8be00339cf3a3708e25 | |
| parent | c85e9bbe202fe526e2ce8bddfd2c5ee907e48f72 (diff) | |
| download | vulns-fdd137f8b3924679df6bb4e361ba228b9fe7d12b.tar.gz | |
updates for entries based on latest bippy version
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | cve/published/2021/CVE-2021-47181.json | 2 | ||||
| -rw-r--r-- | cve/published/2021/CVE-2021-47181.mbox | 22 | ||||
| -rw-r--r-- | cve/published/2023/CVE-2023-1851.json | 2 | ||||
| -rw-r--r-- | cve/published/2023/CVE-2023-1851.mbox | 22 | ||||
| -rw-r--r-- | cve/published/2023/CVE-2023-21657.json | 2 | ||||
| -rw-r--r-- | cve/published/2023/CVE-2023-21657.mbox | 22 | ||||
| -rw-r--r-- | cve/published/2023/CVE-2023-21658.json | 2 | ||||
| -rw-r--r-- | cve/published/2023/CVE-2023-21658.mbox | 22 | ||||
| -rw-r--r-- | cve/published/2023/CVE-2023-21659.json | 2 | ||||
| -rw-r--r-- | cve/published/2023/CVE-2023-21659.mbox | 22 | ||||
| -rw-r--r-- | cve/published/2024/CVE-2024-0052.json | 2 | ||||
| -rw-r--r-- | cve/published/2024/CVE-2024-0052.mbox | 22 | ||||
| -rw-r--r-- | cve/published/2024/CVE-2024-20607.json | 2 | ||||
| -rw-r--r-- | cve/published/2024/CVE-2024-20607.mbox | 22 |
14 files changed, 84 insertions, 84 deletions
diff --git a/cve/published/2021/CVE-2021-47181.json b/cve/published/2021/CVE-2021-47181.json index 487ae1a6..2397289e 100644 --- a/cve/published/2021/CVE-2021-47181.json +++ b/cve/published/2021/CVE-2021-47181.json @@ -68,7 +68,7 @@ ], "title": "USB: gadget: bRequestType is a bitfield, not a enum", "x_generator": { - "engine": "bippy-0e8e3772d16e" + "engine": "bippy-e2c21c5ac1c5" } } }, diff --git a/cve/published/2021/CVE-2021-47181.mbox b/cve/published/2021/CVE-2021-47181.mbox index 1fd41ab6..20bd7adf 100644 --- a/cve/published/2021/CVE-2021-47181.mbox +++ b/cve/published/2021/CVE-2021-47181.mbox @@ -1,3 +1,5 @@ +From bippy-e2c21c5ac1c5 Mon Sep 17 00:00:00 2001 +From: Greg KH <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org> Subject: CVE-2021-47181: USB: gadget: bRequestType is a bitfield, not a enum @@ -18,15 +20,9 @@ Fix that up by only checking the single bit. The Linux kernel CVE team has assigned CVE-2021-47181 to this issue. -Mitigation -========== - -The individual change to resolve this issue can be found at: - https://git.kernel.org/stable/linux/c/f08adf5add9a071160c68bb2a61d697f39ab0758 - - Affected versions ================= + Issue introduced in 4.4.295 and fixed in 4.4.296 Issue introduced in 4.9.293 and fixed in 4.9.294 Issue introduced in 4.14.258 and fixed in 4.14.259 @@ -36,10 +32,14 @@ Affected versions Issue introduced in 5.15.8 and fixed in 5.15.11 -Recomendation -============= +Mitigation +========== + The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual -changes are not tested alone, but rather are part of a larger kernel +changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or -supported by the Linux kernel community at all. +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual change to resolve this +issue can be found at: + https://git.kernel.org/stable/linux/c/f08adf5add9a071160c68bb2a61d697f39ab0758 diff --git a/cve/published/2023/CVE-2023-1851.json b/cve/published/2023/CVE-2023-1851.json index bcac0cf9..4dc80bb0 100644 --- a/cve/published/2023/CVE-2023-1851.json +++ b/cve/published/2023/CVE-2023-1851.json @@ -74,7 +74,7 @@ ], "title": "nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local", "x_generator": { - "engine": "bippy-0e8e3772d16e" + "engine": "bippy-e2c21c5ac1c5" } } }, diff --git a/cve/published/2023/CVE-2023-1851.mbox b/cve/published/2023/CVE-2023-1851.mbox index 32c99bc6..544af21d 100644 --- a/cve/published/2023/CVE-2023-1851.mbox +++ b/cve/published/2023/CVE-2023-1851.mbox @@ -1,3 +1,5 @@ +From bippy-e2c21c5ac1c5 Mon Sep 17 00:00:00 2001 +From: Greg KH <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org> Subject: CVE-2023-1851: nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local @@ -38,15 +40,9 @@ appropriately released later. The Linux kernel CVE team has assigned CVE-2023-1851 to this issue. -Mitigation -========== - -The individual change to resolve this issue can be found at: - https://git.kernel.org/stable/linux/c/c95f919567d6f1914f13350af61a1b044ac85014 - - Affected versions ================= + Issue introduced in 3.6 and fixed in 4.14.336 Issue introduced in 3.6 and fixed in 4.19.305 Issue introduced in 3.6 and fixed in 5.4.267 @@ -57,10 +53,14 @@ Affected versions Issue introduced in 3.6 and fixed in 6.7 -Recomendation -============= +Mitigation +========== + The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual -changes are not tested alone, but rather are part of a larger kernel +changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or -supported by the Linux kernel community at all. +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual change to resolve this +issue can be found at: + https://git.kernel.org/stable/linux/c/c95f919567d6f1914f13350af61a1b044ac85014 diff --git a/cve/published/2023/CVE-2023-21657.json b/cve/published/2023/CVE-2023-21657.json index 5715edf7..945857e3 100644 --- a/cve/published/2023/CVE-2023-21657.json +++ b/cve/published/2023/CVE-2023-21657.json @@ -68,7 +68,7 @@ ], "title": "kvm: initialize all of the kvm_debugregs structure before sending it to userspace", "x_generator": { - "engine": "bippy-0e8e3772d16e" + "engine": "bippy-e2c21c5ac1c5" } } }, diff --git a/cve/published/2023/CVE-2023-21657.mbox b/cve/published/2023/CVE-2023-21657.mbox index 0cfad306..875aab2f 100644 --- a/cve/published/2023/CVE-2023-21657.mbox +++ b/cve/published/2023/CVE-2023-21657.mbox @@ -1,3 +1,5 @@ +From bippy-e2c21c5ac1c5 Mon Sep 17 00:00:00 2001 +From: Greg KH <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org> Subject: CVE-2023-21657: kvm: initialize all of the kvm_debugregs structure before sending it to userspace @@ -19,15 +21,9 @@ setting and reserved space zeroing out can be removed. The Linux kernel CVE team has assigned CVE-2023-21657 to this issue. -Mitigation -========== - -The individual change to resolve this issue can be found at: - https://git.kernel.org/stable/linux/c/2c10b61421a28e95a46ab489fd56c0f442ff6952 - - Affected versions ================= + Fixed in 4.14.306 Fixed in 4.19.273 Fixed in 5.4.232 @@ -37,10 +33,14 @@ Affected versions Fixed in 6.2 -Recomendation -============= +Mitigation +========== + The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual -changes are not tested alone, but rather are part of a larger kernel +changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or -supported by the Linux kernel community at all. +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual change to resolve this +issue can be found at: + https://git.kernel.org/stable/linux/c/2c10b61421a28e95a46ab489fd56c0f442ff6952 diff --git a/cve/published/2023/CVE-2023-21658.json b/cve/published/2023/CVE-2023-21658.json index 09c54779..42cf1e67 100644 --- a/cve/published/2023/CVE-2023-21658.json +++ b/cve/published/2023/CVE-2023-21658.json @@ -74,7 +74,7 @@ ], "title": "memstick: fix memory leak if card device is never registered", "x_generator": { - "engine": "bippy-0e8e3772d16e" + "engine": "bippy-e2c21c5ac1c5" } } }, diff --git a/cve/published/2023/CVE-2023-21658.mbox b/cve/published/2023/CVE-2023-21658.mbox index 79474e74..d7ef6c6b 100644 --- a/cve/published/2023/CVE-2023-21658.mbox +++ b/cve/published/2023/CVE-2023-21658.mbox @@ -1,3 +1,5 @@ +From bippy-e2c21c5ac1c5 Mon Sep 17 00:00:00 2001 +From: Greg KH <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org> Subject: CVE-2023-21658: memstick: fix memory leak if card device is never registered @@ -20,15 +22,9 @@ before the memory for the device is freed. The Linux kernel CVE team has assigned CVE-2023-21658 to this issue. -Mitigation -========== - -The individual change to resolve this issue can be found at: - https://git.kernel.org/stable/linux/c/4b6d621c9d859ff89e68cebf6178652592676013 - - Affected versions ================= + Issue introduced in 2.6.29 and fixed in 4.14.314 Issue introduced in 2.6.29 and fixed in 4.19.282 Issue introduced in 2.6.29 and fixed in 5.4.242 @@ -39,10 +35,14 @@ Affected versions Issue introduced in 2.6.29 and fixed in 6.3 -Recomendation -============= +Mitigation +========== + The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual -changes are not tested alone, but rather are part of a larger kernel +changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or -supported by the Linux kernel community at all. +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual change to resolve this +issue can be found at: + https://git.kernel.org/stable/linux/c/4b6d621c9d859ff89e68cebf6178652592676013 diff --git a/cve/published/2023/CVE-2023-21659.json b/cve/published/2023/CVE-2023-21659.json index 2b004ed5..6f5b3bd2 100644 --- a/cve/published/2023/CVE-2023-21659.json +++ b/cve/published/2023/CVE-2023-21659.json @@ -32,7 +32,7 @@ ], "title": "fs: sysfs_emit_at: Remove PAGE_SIZE alignment check", "x_generator": { - "engine": "bippy-0e8e3772d16e" + "engine": "bippy-e2c21c5ac1c5" } } }, diff --git a/cve/published/2023/CVE-2023-21659.mbox b/cve/published/2023/CVE-2023-21659.mbox index 622065de..1e978286 100644 --- a/cve/published/2023/CVE-2023-21659.mbox +++ b/cve/published/2023/CVE-2023-21659.mbox @@ -1,3 +1,5 @@ +From bippy-e2c21c5ac1c5 Mon Sep 17 00:00:00 2001 +From: Greg KH <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org> Subject: CVE-2023-21659: fs: sysfs_emit_at: Remove PAGE_SIZE alignment check @@ -41,22 +43,20 @@ Then run: The Linux kernel CVE team has assigned CVE-2023-21659 to this issue. -Mitigation -========== - -The individual change to resolve this issue can be found at: - https://git.kernel.org/stable/linux/c/2a8664583d4d3655cfe5d36cf03f56b11530b69b - - Affected versions ================= + Issue introduced in 4.19.179 and fixed in 4.19.279 -Recomendation -============= +Mitigation +========== + The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual -changes are not tested alone, but rather are part of a larger kernel +changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or -supported by the Linux kernel community at all. +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual change to resolve this +issue can be found at: + https://git.kernel.org/stable/linux/c/2a8664583d4d3655cfe5d36cf03f56b11530b69b diff --git a/cve/published/2024/CVE-2024-0052.json b/cve/published/2024/CVE-2024-0052.json index f5c8f35f..09a8cf25 100644 --- a/cve/published/2024/CVE-2024-0052.json +++ b/cve/published/2024/CVE-2024-0052.json @@ -38,7 +38,7 @@ ], "title": "mm/memory_hotplug: fix memmap_on_memory sysfs value retrieval", "x_generator": { - "engine": "bippy-0e8e3772d16e" + "engine": "bippy-e2c21c5ac1c5" } } }, diff --git a/cve/published/2024/CVE-2024-0052.mbox b/cve/published/2024/CVE-2024-0052.mbox index 4e37e04a..240ad6b0 100644 --- a/cve/published/2024/CVE-2024-0052.mbox +++ b/cve/published/2024/CVE-2024-0052.mbox @@ -1,3 +1,5 @@ +From bippy-e2c21c5ac1c5 Mon Sep 17 00:00:00 2001 +From: Greg KH <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org> Subject: CVE-2024-0052: mm/memory_hotplug: fix memmap_on_memory sysfs value retrieval @@ -21,23 +23,21 @@ Force, Y, or N. The Linux kernel CVE team has assigned CVE-2024-0052 to this issue. -Mitigation -========== - -The individual change to resolve this issue can be found at: - https://git.kernel.org/stable/linux/c/11684134140bb708b6e6de969a060535630b1b53 - - Affected versions ================= + Issue introduced in 6.6 and fixed in 6.6.13 Issue introduced in 6.6 and fixed in 6.7.1 -Recomendation -============= +Mitigation +========== + The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual -changes are not tested alone, but rather are part of a larger kernel +changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or -supported by the Linux kernel community at all. +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual change to resolve this +issue can be found at: + https://git.kernel.org/stable/linux/c/11684134140bb708b6e6de969a060535630b1b53 diff --git a/cve/published/2024/CVE-2024-20607.json b/cve/published/2024/CVE-2024-20607.json index fdc89501..d6a27078 100644 --- a/cve/published/2024/CVE-2024-20607.json +++ b/cve/published/2024/CVE-2024-20607.json @@ -32,7 +32,7 @@ ], "title": "pds_core: Prevent health thread from running during reset/remove", "x_generator": { - "engine": "bippy-0e8e3772d16e" + "engine": "bippy-e2c21c5ac1c5" } } }, diff --git a/cve/published/2024/CVE-2024-20607.mbox b/cve/published/2024/CVE-2024-20607.mbox index 10bcfa58..7dbf8c99 100644 --- a/cve/published/2024/CVE-2024-20607.mbox +++ b/cve/published/2024/CVE-2024-20607.mbox @@ -1,3 +1,5 @@ +From bippy-e2c21c5ac1c5 Mon Sep 17 00:00:00 2001 +From: Greg KH <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org> Subject: CVE-2024-20607: pds_core: Prevent health thread from running during reset/remove @@ -18,22 +20,20 @@ remove to make sure the timer doesn't ever get rearmed. The Linux kernel CVE team has assigned CVE-2024-20607 to this issue. -Mitigation -========== - -The individual change to resolve this issue can be found at: - https://git.kernel.org/stable/linux/c/d9407ff11809c6812bb84fe7be9c1367d758e5c8 - - Affected versions ================= + Issue introduced in 6.7 and fixed in 6.7.4 -Recomendation -============= +Mitigation +========== + The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual -changes are not tested alone, but rather are part of a larger kernel +changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or -supported by the Linux kernel community at all. +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual change to resolve this +issue can be found at: + https://git.kernel.org/stable/linux/c/d9407ff11809c6812bb84fe7be9c1367d758e5c8 |