diff options
| author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-04-10 17:08:02 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-04-10 17:08:02 +0200 |
| commit | 0ef1727ea91cc32578c85280d2d6369213f26015 (patch) | |
| tree | b60eaa8e37c74f7ce3d2b1a71bcfb15089318a1b | |
| parent | ade715bdc758f1cf318dfbb794eaa1048e4f7d08 (diff) | |
| download | vulns-0ef1727ea91cc32578c85280d2d6369213f26015.tar.gz | |
update cves with latest stable release information
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
26 files changed, 260 insertions, 112 deletions
diff --git a/cve/published/2023/CVE-2023-52488.json b/cve/published/2023/CVE-2023-52488.json index 595e72f5..cafdc98b 100644 --- a/cve/published/2023/CVE-2023-52488.json +++ b/cve/published/2023/CVE-2023-52488.json @@ -19,6 +19,12 @@ "versions": [ { "version": "dfeae619d781", + "lessThan": "e635f652696e", + "status": "affected", + "versionType": "git" + }, + { + "version": "dfeae619d781", "lessThan": "416b10d2817c", "status": "affected", "versionType": "git" @@ -60,6 +66,12 @@ "versionType": "custom" }, { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "6.1.76", "lessThanOrEqual": "6.1.*", "status": "unaffected", @@ -88,6 +100,9 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/e635f652696ef6f1230621cfd89c350cb5ec6169" + }, + { "url": "https://git.kernel.org/stable/c/416b10d2817c94db86829fb92ad43ce7d002c573" }, { @@ -102,7 +117,7 @@ ], "title": "serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO", "x_generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-d175d3acf727" } } }, diff --git a/cve/published/2023/CVE-2023-52488.mbox b/cve/published/2023/CVE-2023-52488.mbox index 46d0b896..c4d7e4a5 100644 --- a/cve/published/2023/CVE-2023-52488.mbox +++ b/cve/published/2023/CVE-2023-52488.mbox @@ -1,4 +1,4 @@ -From bippy-851b3ed3d212 Mon Sep 17 00:00:00 2001 +From bippy-d175d3acf727 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> @@ -35,6 +35,7 @@ The Linux kernel CVE team has assigned CVE-2023-52488 to this issue. Affected and fixed versions =========================== + Issue introduced in 3.16 with commit dfeae619d781 and fixed in 5.15.154 with commit e635f652696e Issue introduced in 3.16 with commit dfeae619d781 and fixed in 6.1.76 with commit 416b10d2817c Issue introduced in 3.16 with commit dfeae619d781 and fixed in 6.6.15 with commit 084c24e788d9 Issue introduced in 3.16 with commit dfeae619d781 and fixed in 6.7.3 with commit aa7cb4787698 @@ -67,6 +68,7 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/e635f652696ef6f1230621cfd89c350cb5ec6169 https://git.kernel.org/stable/c/416b10d2817c94db86829fb92ad43ce7d002c573 https://git.kernel.org/stable/c/084c24e788d9cf29c55564de368bf5284f2bb5db https://git.kernel.org/stable/c/aa7cb4787698add9367b19f7afc667662c9bdb23 diff --git a/cve/published/2024/CVE-2024-26629.json b/cve/published/2024/CVE-2024-26629.json index b5727246..066b9d2b 100644 --- a/cve/published/2024/CVE-2024-26629.json +++ b/cve/published/2024/CVE-2024-26629.json @@ -18,6 +18,12 @@ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "versions": [ { + "version": "e2fc17fcc503", + "lessThan": "c6f8b3fcc627", + "status": "affected", + "versionType": "git" + }, + { "version": "ce3c4ad7f4ce", "lessThan": "e4cf8941664c", "status": "affected", @@ -60,6 +66,12 @@ "versionType": "custom" }, { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "6.1.79", "lessThanOrEqual": "6.1.*", "status": "unaffected", @@ -88,6 +100,9 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/c6f8b3fcc62725e4129f2c0fd550d022d4a7685a" + }, + { "url": "https://git.kernel.org/stable/c/e4cf8941664cae2f89f0189c29fe2ce8c6be0d03" }, { @@ -102,7 +117,7 @@ ], "title": "nfsd: fix RELEASE_LOCKOWNER", "x_generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-d175d3acf727" } } }, diff --git a/cve/published/2024/CVE-2024-26629.mbox b/cve/published/2024/CVE-2024-26629.mbox index 3d7a840c..18c7c3c5 100644 --- a/cve/published/2024/CVE-2024-26629.mbox +++ b/cve/published/2024/CVE-2024-26629.mbox @@ -1,4 +1,4 @@ -From bippy-d3b290d2becc Mon Sep 17 00:00:00 2001 +From bippy-d175d3acf727 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> @@ -80,6 +80,7 @@ The Linux kernel CVE team has assigned CVE-2024-26629 to this issue. Affected and fixed versions =========================== + Issue introduced in 5.15.45 with commit e2fc17fcc503 and fixed in 5.15.154 with commit c6f8b3fcc627 Issue introduced in 5.19 with commit ce3c4ad7f4ce and fixed in 6.1.79 with commit e4cf8941664c Issue introduced in 5.19 with commit ce3c4ad7f4ce and fixed in 6.6.15 with commit b7d2eee1f538 Issue introduced in 5.19 with commit ce3c4ad7f4ce and fixed in 6.7.3 with commit 8f5b860de870 @@ -90,7 +91,6 @@ Affected and fixed versions Issue introduced in 4.19.306 with commit 10d75984495f Issue introduced in 5.4.197 with commit a2235bc65ade Issue introduced in 5.10.120 with commit 3097f38e9126 - Issue introduced in 5.15.45 with commit e2fc17fcc503 Issue introduced in 5.17.13 with commit ba747abfca27 Issue introduced in 5.18.2 with commit e8020d96dd5b @@ -121,6 +121,7 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/c6f8b3fcc62725e4129f2c0fd550d022d4a7685a https://git.kernel.org/stable/c/e4cf8941664cae2f89f0189c29fe2ce8c6be0d03 https://git.kernel.org/stable/c/b7d2eee1f53899b53f069bba3a59a419fc3d331b https://git.kernel.org/stable/c/8f5b860de87039b007e84a28a5eefc888154e098 diff --git a/cve/published/2024/CVE-2024-26642.json b/cve/published/2024/CVE-2024-26642.json index 21ac4cb7..d1f021d0 100644 --- a/cve/published/2024/CVE-2024-26642.json +++ b/cve/published/2024/CVE-2024-26642.json @@ -19,6 +19,12 @@ "versions": [ { "version": "761da2935d6e", + "lessThan": "7cdc1be24cc1", + "status": "affected", + "versionType": "git" + }, + { + "version": "761da2935d6e", "lessThan": "72c1efe3f247", "status": "affected", "versionType": "git" @@ -60,6 +66,12 @@ "versionType": "custom" }, { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "6.1.84", "lessThanOrEqual": "6.1.*", "status": "unaffected", @@ -88,6 +100,9 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199" + }, + { "url": "https://git.kernel.org/stable/c/72c1efe3f247a581667b7d368fff3bd9a03cd57a" }, { @@ -102,7 +117,7 @@ ], "title": "netfilter: nf_tables: disallow anonymous set with timeout flag", "x_generator": { - "engine": "bippy-d3b290d2becc" + "engine": "bippy-d175d3acf727" } } }, diff --git a/cve/published/2024/CVE-2024-26642.mbox b/cve/published/2024/CVE-2024-26642.mbox index eb59b56d..fea26384 100644 --- a/cve/published/2024/CVE-2024-26642.mbox +++ b/cve/published/2024/CVE-2024-26642.mbox @@ -1,4 +1,4 @@ -From bippy-d3b290d2becc Mon Sep 17 00:00:00 2001 +From bippy-d175d3acf727 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> @@ -20,6 +20,7 @@ The Linux kernel CVE team has assigned CVE-2024-26642 to this issue. Affected and fixed versions =========================== + Issue introduced in 4.1 with commit 761da2935d6e and fixed in 5.15.154 with commit 7cdc1be24cc1 Issue introduced in 4.1 with commit 761da2935d6e and fixed in 6.1.84 with commit 72c1efe3f247 Issue introduced in 4.1 with commit 761da2935d6e and fixed in 6.6.24 with commit c0c2176d1814 Issue introduced in 4.1 with commit 761da2935d6e and fixed in 6.7.12 with commit 8e07c1669558 @@ -52,6 +53,7 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199 https://git.kernel.org/stable/c/72c1efe3f247a581667b7d368fff3bd9a03cd57a https://git.kernel.org/stable/c/c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12 https://git.kernel.org/stable/c/8e07c16695583a66e81f67ce4c46e94dece47ba7 diff --git a/cve/published/2024/CVE-2024-26643.json b/cve/published/2024/CVE-2024-26643.json index 25e043d3..3f302446 100644 --- a/cve/published/2024/CVE-2024-26643.json +++ b/cve/published/2024/CVE-2024-26643.json @@ -18,6 +18,12 @@ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "versions": [ { + "version": "d19e8bf3ea41", + "lessThan": "291cca35818b", + "status": "affected", + "versionType": "git" + }, + { "version": "ea3eb9f2192e", "lessThan": "406b0241d0eb", "status": "affected", @@ -60,6 +66,12 @@ "versionType": "custom" }, { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "6.1.84", "lessThanOrEqual": "6.1.*", "status": "unaffected", @@ -88,6 +100,9 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/291cca35818bd52a407bc37ab45a15816039e363" + }, + { "url": "https://git.kernel.org/stable/c/406b0241d0eb598a0b330ab20ae325537d8d8163" }, { @@ -102,7 +117,7 @@ ], "title": "netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout", "x_generator": { - "engine": "bippy-5f0117140d9a" + "engine": "bippy-d175d3acf727" } } }, diff --git a/cve/published/2024/CVE-2024-26643.mbox b/cve/published/2024/CVE-2024-26643.mbox index fafaed0a..812aa9f1 100644 --- a/cve/published/2024/CVE-2024-26643.mbox +++ b/cve/published/2024/CVE-2024-26643.mbox @@ -1,4 +1,4 @@ -From bippy-d3b290d2becc Mon Sep 17 00:00:00 2001 +From bippy-d175d3acf727 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> @@ -34,13 +34,13 @@ The Linux kernel CVE team has assigned CVE-2024-26643 to this issue. Affected and fixed versions =========================== + Issue introduced in 5.15.134 with commit d19e8bf3ea41 and fixed in 5.15.154 with commit 291cca35818b Issue introduced in 6.1.56 with commit ea3eb9f2192e and fixed in 6.1.84 with commit 406b0241d0eb Issue introduced in 6.5 with commit 5f68718b34a5 and fixed in 6.6.24 with commit b2d6f9a5b1cf Issue introduced in 6.5 with commit 5f68718b34a5 and fixed in 6.7.12 with commit 5224afbc30c3 Issue introduced in 6.5 with commit 5f68718b34a5 and fixed in 6.8 with commit 552705a3650b Issue introduced in 5.4.262 with commit bbdb3b65aa91 Issue introduced in 5.10.198 with commit 448be0774882 - Issue introduced in 5.15.134 with commit d19e8bf3ea41 Issue introduced in 6.4.11 with commit 0624f190b574 Please see https://www.kernel.org for a full list of currently supported @@ -70,6 +70,7 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/291cca35818bd52a407bc37ab45a15816039e363 https://git.kernel.org/stable/c/406b0241d0eb598a0b330ab20ae325537d8d8163 https://git.kernel.org/stable/c/b2d6f9a5b1cf968f1eaa71085ceeb09c2cb276b1 https://git.kernel.org/stable/c/5224afbc30c3ca9ba23e752f0f138729b2c48dd8 diff --git a/cve/published/2024/CVE-2024-26654.json b/cve/published/2024/CVE-2024-26654.json index f5033b97..f502bf7d 100644 --- a/cve/published/2024/CVE-2024-26654.json +++ b/cve/published/2024/CVE-2024-26654.json @@ -19,6 +19,12 @@ "versions": [ { "version": "198de43d758c", + "lessThan": "8c9902216816", + "status": "affected", + "versionType": "git" + }, + { + "version": "198de43d758c", "lessThan": "9d66ae0e7bb7", "status": "affected", "versionType": "git" @@ -66,6 +72,12 @@ "versionType": "custom" }, { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "6.1.84", "lessThanOrEqual": "6.1.*", "status": "unaffected", @@ -100,6 +112,9 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/8c990221681688da34295d6d76cc2f5b963e83f5" + }, + { "url": "https://git.kernel.org/stable/c/9d66ae0e7bb78b54e1e0525456c6b54e1d132046" }, { @@ -117,7 +132,7 @@ ], "title": "ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs", "x_generator": { - "engine": "bippy-d3b290d2becc" + "engine": "bippy-d175d3acf727" } } }, diff --git a/cve/published/2024/CVE-2024-26654.mbox b/cve/published/2024/CVE-2024-26654.mbox index 2bed24eb..89c91e41 100644 --- a/cve/published/2024/CVE-2024-26654.mbox +++ b/cve/published/2024/CVE-2024-26654.mbox @@ -1,4 +1,4 @@ -From bippy-d3b290d2becc Mon Sep 17 00:00:00 2001 +From bippy-d175d3acf727 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> @@ -42,6 +42,7 @@ The Linux kernel CVE team has assigned CVE-2024-26654 to this issue. Affected and fixed versions =========================== + Issue introduced in 2.6.23 with commit 198de43d758c and fixed in 5.15.154 with commit 8c9902216816 Issue introduced in 2.6.23 with commit 198de43d758c and fixed in 6.1.84 with commit 9d66ae0e7bb7 Issue introduced in 2.6.23 with commit 198de43d758c and fixed in 6.6.24 with commit 61d4787692c1 Issue introduced in 2.6.23 with commit 198de43d758c and fixed in 6.7.12 with commit e955e8a7f38a @@ -75,6 +76,7 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/8c990221681688da34295d6d76cc2f5b963e83f5 https://git.kernel.org/stable/c/9d66ae0e7bb78b54e1e0525456c6b54e1d132046 https://git.kernel.org/stable/c/61d4787692c1fccdc268ffa7a891f9c149f50901 https://git.kernel.org/stable/c/e955e8a7f38a856fc6534ba4e6bffd4d5cc80ac3 diff --git a/cve/published/2024/CVE-2024-26687.json b/cve/published/2024/CVE-2024-26687.json index 2079c123..a496a6a1 100644 --- a/cve/published/2024/CVE-2024-26687.json +++ b/cve/published/2024/CVE-2024-26687.json @@ -19,6 +19,12 @@ "versions": [ { "version": "d46a78b05c0e", + "lessThan": "ea592baf9e41", + "status": "affected", + "versionType": "git" + }, + { + "version": "d46a78b05c0e", "lessThan": "585a344af6bc", "status": "affected", "versionType": "git" @@ -60,6 +66,12 @@ "versionType": "custom" }, { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "6.1.81", "lessThanOrEqual": "6.1.*", "status": "unaffected", @@ -88,6 +100,9 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/ea592baf9e41779fe9a0424c03dd2f324feca3b3" + }, + { "url": "https://git.kernel.org/stable/c/585a344af6bcac222608a158fc2830ff02712af5" }, { @@ -102,7 +117,7 @@ ], "title": "xen/events: close evtchn after mapping cleanup", "x_generator": { - "engine": "bippy-d3b290d2becc" + "engine": "bippy-d175d3acf727" } } }, diff --git a/cve/published/2024/CVE-2024-26687.mbox b/cve/published/2024/CVE-2024-26687.mbox index 3f82f4a1..11bd862b 100644 --- a/cve/published/2024/CVE-2024-26687.mbox +++ b/cve/published/2024/CVE-2024-26687.mbox @@ -1,4 +1,4 @@ -From bippy-851b3ed3d212 Mon Sep 17 00:00:00 2001 +From bippy-d175d3acf727 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> @@ -123,6 +123,7 @@ The Linux kernel CVE team has assigned CVE-2024-26687 to this issue. Affected and fixed versions =========================== + Issue introduced in 2.6.37 with commit d46a78b05c0e and fixed in 5.15.154 with commit ea592baf9e41 Issue introduced in 2.6.37 with commit d46a78b05c0e and fixed in 6.1.81 with commit 585a344af6bc Issue introduced in 2.6.37 with commit d46a78b05c0e and fixed in 6.6.19 with commit 20980195ec8d Issue introduced in 2.6.37 with commit d46a78b05c0e and fixed in 6.7.6 with commit 9be71aa12afa @@ -155,6 +156,7 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/ea592baf9e41779fe9a0424c03dd2f324feca3b3 https://git.kernel.org/stable/c/585a344af6bcac222608a158fc2830ff02712af5 https://git.kernel.org/stable/c/20980195ec8d2e41653800c45c8c367fa1b1f2b4 https://git.kernel.org/stable/c/9be71aa12afa91dfe457b3fb4a444c42b1ee036b diff --git a/cve/published/2024/CVE-2024-26810.json b/cve/published/2024/CVE-2024-26810.json index 0f61cb73..d413947e 100644 --- a/cve/published/2024/CVE-2024-26810.json +++ b/cve/published/2024/CVE-2024-26810.json @@ -19,6 +19,12 @@ "versions": [ { "version": "89e1f7d4c66d", + "lessThan": "ec73e0797292", + "status": "affected", + "versionType": "git" + }, + { + "version": "89e1f7d4c66d", "lessThan": "3fe0ac10bd11", "status": "affected", "versionType": "git" @@ -66,6 +72,12 @@ "versionType": "custom" }, { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "6.1.84", "lessThanOrEqual": "6.1.*", "status": "unaffected", @@ -100,6 +112,9 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/ec73e079729258a05452356cf6d098bf1504d5a6" + }, + { "url": "https://git.kernel.org/stable/c/3fe0ac10bd117df847c93408a9d428a453cd60e5" }, { @@ -117,7 +132,7 @@ ], "title": "vfio/pci: Lock external INTx masking ops", "x_generator": { - "engine": "bippy-5f0117140d9a" + "engine": "bippy-d175d3acf727" } } }, diff --git a/cve/published/2024/CVE-2024-26810.mbox b/cve/published/2024/CVE-2024-26810.mbox index 677b338c..ba257404 100644 --- a/cve/published/2024/CVE-2024-26810.mbox +++ b/cve/published/2024/CVE-2024-26810.mbox @@ -1,19 +1,8 @@ -From bippy-5f0117140d9a Mon Sep 17 00:00:00 2001 +From bippy-d175d3acf727 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> Subject: CVE-2024-26810: vfio/pci: Lock external INTx masking ops -Message-Id: <2024040548-CVE-2024-26810-4371@gregkh> -Content-Length: 2722 -Lines: 64 -X-Developer-Signature: v=1; a=openpgp-sha256; l=2787; - i=gregkh@linuxfoundation.org; h=from:subject:message-id; - bh=43dO4/I2YrJZYYCHMwKDVu8s55cuWGx80F3aebviusU=; - b=owGbwMvMwCRo6H6F97bub03G02pJDGn8WwM+f+BTenctfsvp3EPsbq0uLCfW9Xn617gtrHb6K - 3nzeXxCRywLgyATg6yYIsuXbTxH91ccUvQytD0NM4eVCWQIAxenAEzERYxhnrpA7ylzE79Pusvm - 3HsYEZkfd/vuKob5jgrqm6qWl3F8lZNWfFn0UGnK+kl3AA== -X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; - fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Description =========== @@ -41,6 +30,7 @@ The Linux kernel CVE team has assigned CVE-2024-26810 to this issue. Affected and fixed versions =========================== + Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 5.15.154 with commit ec73e0797292 Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 6.1.84 with commit 3fe0ac10bd11 Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 6.6.24 with commit 04a4a017b9ff Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 6.7.12 with commit 6fe478d855b2 @@ -74,6 +64,7 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/ec73e079729258a05452356cf6d098bf1504d5a6 https://git.kernel.org/stable/c/3fe0ac10bd117df847c93408a9d428a453cd60e5 https://git.kernel.org/stable/c/04a4a017b9ffd7b0f427b8c376688d14cb614651 https://git.kernel.org/stable/c/6fe478d855b20ac1eb5da724afe16af5a2aaaa40 diff --git a/cve/published/2024/CVE-2024-26811.json b/cve/published/2024/CVE-2024-26811.json index b1ad0073..6abc0b1d 100644 --- a/cve/published/2024/CVE-2024-26811.json +++ b/cve/published/2024/CVE-2024-26811.json @@ -19,6 +19,24 @@ "versions": [ { "version": "1da177e4c3f4", + "lessThan": "51a6c2af9d20", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "a637fabac554", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "76af689a45aa", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", "lessThan": "a677ebd8ca2f", "status": "affected", "versionType": "git" @@ -32,6 +50,24 @@ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "versions": [ { + "version": "6.1.85", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.26", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.5", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "6.9-rc3", "lessThanOrEqual": "*", "status": "unaffected", @@ -42,6 +78,15 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/51a6c2af9d20203ddeeaf73314ba8854b38d01bd" + }, + { + "url": "https://git.kernel.org/stable/c/a637fabac554270a851033f5ab402ecb90bc479c" + }, + { + "url": "https://git.kernel.org/stable/c/76af689a45aa44714b46d1a7de4ffdf851ded896" + }, + { "url": "https://git.kernel.org/stable/c/a677ebd8ca2f2632ccdecbad7b87641274e15aac" } ], diff --git a/cve/published/2024/CVE-2024-26811.mbox b/cve/published/2024/CVE-2024-26811.mbox index 6ffcaeb2..ff4978a6 100644 --- a/cve/published/2024/CVE-2024-26811.mbox +++ b/cve/published/2024/CVE-2024-26811.mbox @@ -3,17 +3,6 @@ From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> Subject: CVE-2024-26811: ksmbd: validate payload size in ipc response -Message-Id: <2024040822-CVE-2024-26811-f7f5@gregkh> -Content-Length: 1716 -Lines: 50 -X-Developer-Signature: v=1; a=openpgp-sha256; l=1767; - i=gregkh@linuxfoundation.org; h=from:subject:message-id; - bh=kcFzNQJ9BibkR/h3H4D+gvp1kndx7apoxbMTgLAtuP0=; - b=owGbwMvMwCRo6H6F97bub03G02pJDGnCB9aZTout7bX7803Vx/hgbcrb17OKpHuVnxVsiNjkZ - fCM91B/RywLgyATg6yYIsuXbTxH91ccUvQytD0NM4eVCWQIAxenAEzkPwPDgsYuOeZA+QUW+l8n - LFvjJ27wo2sKE8OCFQdFGfWy7WrtGHp1Pa16Nrzb0CYLAA== -X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; - fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Description =========== @@ -33,6 +22,9 @@ The Linux kernel CVE team has assigned CVE-2024-26811 to this issue. Affected and fixed versions =========================== + Fixed in 6.1.85 with commit 51a6c2af9d20 + Fixed in 6.6.26 with commit a637fabac554 + Fixed in 6.8.5 with commit 76af689a45aa Fixed in 6.9-rc3 with commit a677ebd8ca2f Please see https://www.kernel.org for a full list of currently supported @@ -64,4 +56,7 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/51a6c2af9d20203ddeeaf73314ba8854b38d01bd + https://git.kernel.org/stable/c/a637fabac554270a851033f5ab402ecb90bc479c + https://git.kernel.org/stable/c/76af689a45aa44714b46d1a7de4ffdf851ded896 https://git.kernel.org/stable/c/a677ebd8ca2f2632ccdecbad7b87641274e15aac diff --git a/cve/published/2024/CVE-2024-26812.json b/cve/published/2024/CVE-2024-26812.json index 396ec6af..3d7ba820 100644 --- a/cve/published/2024/CVE-2024-26812.json +++ b/cve/published/2024/CVE-2024-26812.json @@ -19,6 +19,12 @@ "versions": [ { "version": "89e1f7d4c66d", + "lessThan": "4cb0d7532126", + "status": "affected", + "versionType": "git" + }, + { + "version": "89e1f7d4c66d", "lessThan": "7d29d4c72c1e", "status": "affected", "versionType": "git" @@ -66,6 +72,12 @@ "versionType": "custom" }, { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "6.1.84", "lessThanOrEqual": "6.1.*", "status": "unaffected", @@ -100,6 +112,9 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/4cb0d7532126d23145329826c38054b4e9a05e7c" + }, + { "url": "https://git.kernel.org/stable/c/7d29d4c72c1e196cce6969c98072a272d1a703b3" }, { @@ -117,7 +132,7 @@ ], "title": "vfio/pci: Create persistent INTx handler", "x_generator": { - "engine": "bippy-5f0117140d9a" + "engine": "bippy-d175d3acf727" } } }, diff --git a/cve/published/2024/CVE-2024-26812.mbox b/cve/published/2024/CVE-2024-26812.mbox index dfab9e74..374c493f 100644 --- a/cve/published/2024/CVE-2024-26812.mbox +++ b/cve/published/2024/CVE-2024-26812.mbox @@ -1,19 +1,8 @@ -From bippy-5f0117140d9a Mon Sep 17 00:00:00 2001 +From bippy-d175d3acf727 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> Subject: CVE-2024-26812: vfio/pci: Create persistent INTx handler -Message-Id: <2024040550-CVE-2024-26812-1e08@gregkh> -Content-Length: 3222 -Lines: 71 -X-Developer-Signature: v=1; a=openpgp-sha256; l=3294; - i=gregkh@linuxfoundation.org; h=from:subject:message-id; - bh=MmBtDknmH07Nu+WhNmaP/CyyyFuencf4xeZLYCFesr4=; - b=owGbwMvMwCRo6H6F97bub03G02pJDGn8W4M0N09U2/giJfKwh8LXErPu2xEPzvtdfjXVYw8bw - 4pVSfcWdsSyMAgyMciKKbJ82cZzdH/FIUUvQ9vTMHNYmUCGMHBxCsBEHrxiWLDEJzJ1g9iXY31t - h+IkL+m4C8mEajPM03hw1c44w23zgde3K2/e7BJftYTDCwA= -X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; - fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Description =========== @@ -48,6 +37,7 @@ The Linux kernel CVE team has assigned CVE-2024-26812 to this issue. Affected and fixed versions =========================== + Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 5.15.154 with commit 4cb0d7532126 Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 6.1.84 with commit 7d29d4c72c1e Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 6.6.24 with commit 69276a555c74 Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 6.7.12 with commit 4c089cefe309 @@ -81,6 +71,7 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/4cb0d7532126d23145329826c38054b4e9a05e7c https://git.kernel.org/stable/c/7d29d4c72c1e196cce6969c98072a272d1a703b3 https://git.kernel.org/stable/c/69276a555c740acfbff13fb5769ee9c92e1c828e https://git.kernel.org/stable/c/4c089cefe30924fbe20dd1ee92774ea1f5eca834 diff --git a/cve/published/2024/CVE-2024-26813.json b/cve/published/2024/CVE-2024-26813.json index 1b0dde3d..fdb3f84b 100644 --- a/cve/published/2024/CVE-2024-26813.json +++ b/cve/published/2024/CVE-2024-26813.json @@ -19,6 +19,12 @@ "versions": [ { "version": "57f972e2b341", + "lessThan": "cc5838f19d39", + "status": "affected", + "versionType": "git" + }, + { + "version": "57f972e2b341", "lessThan": "7932db06c82c", "status": "affected", "versionType": "git" @@ -66,6 +72,12 @@ "versionType": "custom" }, { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "6.1.84", "lessThanOrEqual": "6.1.*", "status": "unaffected", @@ -100,6 +112,9 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/cc5838f19d39a5fef04c468199699d2a4578be3a" + }, + { "url": "https://git.kernel.org/stable/c/7932db06c82c5b2f42a4d1a849d97dba9ce4a362" }, { @@ -117,7 +132,7 @@ ], "title": "vfio/platform: Create persistent IRQ handlers", "x_generator": { - "engine": "bippy-5f0117140d9a" + "engine": "bippy-d175d3acf727" } } }, diff --git a/cve/published/2024/CVE-2024-26813.mbox b/cve/published/2024/CVE-2024-26813.mbox index 98cfdbf6..f20d7fce 100644 --- a/cve/published/2024/CVE-2024-26813.mbox +++ b/cve/published/2024/CVE-2024-26813.mbox @@ -1,19 +1,8 @@ -From bippy-5f0117140d9a Mon Sep 17 00:00:00 2001 +From bippy-d175d3acf727 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> Subject: CVE-2024-26813: vfio/platform: Create persistent IRQ handlers -Message-Id: <2024040551-CVE-2024-26813-b9e8@gregkh> -Content-Length: 3274 -Lines: 72 -X-Developer-Signature: v=1; a=openpgp-sha256; l=3347; - i=gregkh@linuxfoundation.org; h=from:subject:message-id; - bh=ZxXywnZuUp2WIGH2hV1lIJmjjW6/Vj3uSdSMo8JMdXo=; - b=owGbwMvMwCRo6H6F97bub03G02pJDGn8W4O95x87c9hefeNXrqvflB/cWLLwrthZ1ogJiTeXm - G+qZ//B0BHLwiDIxCArpsjyZRvP0f0VhxS9DG1Pw8xhZQIZwsDFKQATMRZimF9uZrKJ7/cyZp0P - 21Nk+C5MuT9DqpdhQb+0kEJmV8imVT8sxYL0Nq4/cm3NJgA= -X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; - fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Description =========== @@ -49,6 +38,7 @@ The Linux kernel CVE team has assigned CVE-2024-26813 to this issue. Affected and fixed versions =========================== + Issue introduced in 4.1 with commit 57f972e2b341 and fixed in 5.15.154 with commit cc5838f19d39 Issue introduced in 4.1 with commit 57f972e2b341 and fixed in 6.1.84 with commit 7932db06c82c Issue introduced in 4.1 with commit 57f972e2b341 and fixed in 6.6.24 with commit 62d4e43a569b Issue introduced in 4.1 with commit 57f972e2b341 and fixed in 6.7.12 with commit d6bedd6acc0b @@ -82,6 +72,7 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/cc5838f19d39a5fef04c468199699d2a4578be3a https://git.kernel.org/stable/c/7932db06c82c5b2f42a4d1a849d97dba9ce4a362 https://git.kernel.org/stable/c/62d4e43a569b67929eb3319780be5359694c8086 https://git.kernel.org/stable/c/d6bedd6acc0bcb1e7e010bc046032e47f08d379f diff --git a/cve/published/2024/CVE-2024-26814.json b/cve/published/2024/CVE-2024-26814.json index f966a685..39e3f2eb 100644 --- a/cve/published/2024/CVE-2024-26814.json +++ b/cve/published/2024/CVE-2024-26814.json @@ -19,6 +19,12 @@ "versions": [ { "version": "cc0ee20bd969", + "lessThan": "250219c6a556", + "status": "affected", + "versionType": "git" + }, + { + "version": "cc0ee20bd969", "lessThan": "083e750c9f5f", "status": "affected", "versionType": "git" @@ -66,6 +72,12 @@ "versionType": "custom" }, { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "6.1.84", "lessThanOrEqual": "6.1.*", "status": "unaffected", @@ -100,6 +112,9 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/250219c6a556f8c69c5910fca05a59037e24147d" + }, + { "url": "https://git.kernel.org/stable/c/083e750c9f5f4c3bf61161330fb84d7c8e8bb417" }, { @@ -117,7 +132,7 @@ ], "title": "vfio/fsl-mc: Block calling interrupt handler without trigger", "x_generator": { - "engine": "bippy-5f0117140d9a" + "engine": "bippy-d175d3acf727" } } }, diff --git a/cve/published/2024/CVE-2024-26814.mbox b/cve/published/2024/CVE-2024-26814.mbox index 66d4d409..78990903 100644 --- a/cve/published/2024/CVE-2024-26814.mbox +++ b/cve/published/2024/CVE-2024-26814.mbox @@ -1,19 +1,8 @@ -From bippy-5f0117140d9a Mon Sep 17 00:00:00 2001 +From bippy-d175d3acf727 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> Subject: CVE-2024-26814: vfio/fsl-mc: Block calling interrupt handler without trigger -Message-Id: <2024040551-CVE-2024-26814-b578@gregkh> -Content-Length: 2775 -Lines: 63 -X-Developer-Signature: v=1; a=openpgp-sha256; l=2839; - i=gregkh@linuxfoundation.org; h=from:subject:message-id; - bh=hK4y8ZHy4Y3cEHdLD/RmjjAL5EDq6RP2iSieINvugME=; - b=owGbwMvMwCRo6H6F97bub03G02pJDGn8W4PPLVi4emn11oT/LJ0snbyr5GVkt9961+4ZWHolc - EZ+x5/bHbEsDIJMDLJiiixftvEc3V9xSNHL0PY0zBxWJpAhDFycAjCRZc8Z5vArP9yt/LyMp3Ke - vpRr8ubDqX33pjEsuJHsUr5zime9WNRi8w3M/ozyRjO0AA== -X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; - fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Description =========== @@ -40,6 +29,7 @@ The Linux kernel CVE team has assigned CVE-2024-26814 to this issue. Affected and fixed versions =========================== + Issue introduced in 5.10 with commit cc0ee20bd969 and fixed in 5.15.154 with commit 250219c6a556 Issue introduced in 5.10 with commit cc0ee20bd969 and fixed in 6.1.84 with commit 083e750c9f5f Issue introduced in 5.10 with commit cc0ee20bd969 and fixed in 6.6.24 with commit ee0bd4ad780d Issue introduced in 5.10 with commit cc0ee20bd969 and fixed in 6.7.12 with commit de87511fb040 @@ -73,6 +63,7 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/250219c6a556f8c69c5910fca05a59037e24147d https://git.kernel.org/stable/c/083e750c9f5f4c3bf61161330fb84d7c8e8bb417 https://git.kernel.org/stable/c/ee0bd4ad780dfbb60355b99f25063357ab488267 https://git.kernel.org/stable/c/de87511fb0404d23b6da5f4660383b6ed095e28d diff --git a/cve/published/2024/CVE-2024-26815.mbox b/cve/published/2024/CVE-2024-26815.mbox index afba19c4..5006413d 100644 --- a/cve/published/2024/CVE-2024-26815.mbox +++ b/cve/published/2024/CVE-2024-26815.mbox @@ -3,17 +3,6 @@ From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> Subject: CVE-2024-26815: net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check -Message-Id: <2024041006-CVE-2024-26815-7f4e@gregkh> -Content-Length: 4526 -Lines: 101 -X-Developer-Signature: v=1; a=openpgp-sha256; l=4628; - i=gregkh@linuxfoundation.org; h=from:subject:message-id; - bh=u43zagPQUo1mLf3DaD2zFeUefE1SgcSRl5SMAUCKK/Y=; - b=owGbwMvMwCRo6H6F97bub03G02pJDGliRbcLQjxFJsivX3FkQrzFPUvuf79233/1g+NURd3F7 - 4a1pxzlO2JZGASZGGTFFFm+bOM5ur/ikKKXoe1pmDmsTCBDGLg4BWAiMpUMc8VL0xv8/p78dVLz - +gmfepXrPXmajxnmh83MjtXYYL+wt87I51mMkF7LibNHAA== -X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; - fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Description =========== diff --git a/cve/published/2024/CVE-2024-26816.mbox b/cve/published/2024/CVE-2024-26816.mbox index 13e622af..8feab0f1 100644 --- a/cve/published/2024/CVE-2024-26816.mbox +++ b/cve/published/2024/CVE-2024-26816.mbox @@ -3,17 +3,6 @@ From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> Subject: CVE-2024-26816: x86, relocs: Ignore relocations in .notes section -Message-Id: <2024041039-CVE-2024-26816-5054@gregkh> -Content-Length: 3419 -Lines: 71 -X-Developer-Signature: v=1; a=openpgp-sha256; l=3491; - i=gregkh@linuxfoundation.org; h=from:subject:message-id; - bh=hG7tZP8ZwTX4QUGau2HLVyQLV73ukDUxCPKsQwAkWKo=; - b=owGbwMvMwCRo6H6F97bub03G02pJDGlisxSk/HueBMqbGOfYHv9Qc3zxyoCSzb03bTqPh4Quq - PnCx7O6I5aFQZCJQVZMkeXLNp6j+ysOKXoZ2p6GmcPKBDKEgYtTACayTJRhwVxJU0/HLdEbpv6K - 3L+jL/rH3+8ZoQwLzr2b4hOSl214+FeS0iGr67z7Y/ftAQA= -X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; - fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Description =========== diff --git a/cve/published/2024/CVE-2024-27437.json b/cve/published/2024/CVE-2024-27437.json index 18e826fe..88929a25 100644 --- a/cve/published/2024/CVE-2024-27437.json +++ b/cve/published/2024/CVE-2024-27437.json @@ -19,6 +19,12 @@ "versions": [ { "version": "89e1f7d4c66d", + "lessThan": "b7a2f0955ffc", + "status": "affected", + "versionType": "git" + }, + { + "version": "89e1f7d4c66d", "lessThan": "139dfcc4d723", "status": "affected", "versionType": "git" @@ -66,6 +72,12 @@ "versionType": "custom" }, { + "version": "5.15.154", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "6.1.84", "lessThanOrEqual": "6.1.*", "status": "unaffected", @@ -100,6 +112,9 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/b7a2f0955ffceffadfe098b40b50307431f45438" + }, + { "url": "https://git.kernel.org/stable/c/139dfcc4d723ab13469881200c7d80f49d776060" }, { @@ -117,7 +132,7 @@ ], "title": "vfio/pci: Disable auto-enable of exclusive INTx IRQ", "x_generator": { - "engine": "bippy-5f0117140d9a" + "engine": "bippy-d175d3acf727" } } }, diff --git a/cve/published/2024/CVE-2024-27437.mbox b/cve/published/2024/CVE-2024-27437.mbox index 8bd7312a..f265d46f 100644 --- a/cve/published/2024/CVE-2024-27437.mbox +++ b/cve/published/2024/CVE-2024-27437.mbox @@ -1,19 +1,8 @@ -From bippy-5f0117140d9a Mon Sep 17 00:00:00 2001 +From bippy-d175d3acf727 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> Subject: CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ -Message-Id: <2024040551-CVE-2024-27437-cc07@gregkh> -Content-Length: 2685 -Lines: 62 -X-Developer-Signature: v=1; a=openpgp-sha256; l=2748; - i=gregkh@linuxfoundation.org; h=from:subject:message-id; - bh=RQ/BESDjypLXsfoWnQMJz5sGhitFIRHe+xj6QV5nk8M=; - b=owGbwMvMwCRo6H6F97bub03G02pJDGn8W4NnfnB4ssBPQOPvbYa9xUuL1qn7srGFzwi6+/x7u - 98pr0sWHbEsDIJMDLJiiixftvEc3V9xSNHL0PY0zBxWJpAhDFycAjCRxBcMc0X8Jx8+Pfe4oLj3 - rnVzBVZOu8c+eynD/Bjf2gBnpr6XaSw1Db6Lf+55/4jzCAA= -X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; - fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Description =========== @@ -39,6 +28,7 @@ The Linux kernel CVE team has assigned CVE-2024-27437 to this issue. Affected and fixed versions =========================== + Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 5.15.154 with commit b7a2f0955ffc Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 6.1.84 with commit 139dfcc4d723 Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 6.6.24 with commit 2a4a666c4510 Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 6.7.12 with commit 3b3491ad0f80 @@ -72,6 +62,7 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/b7a2f0955ffceffadfe098b40b50307431f45438 https://git.kernel.org/stable/c/139dfcc4d723ab13469881200c7d80f49d776060 https://git.kernel.org/stable/c/2a4a666c45107206605b7b5bc20545f8aabc4fa2 https://git.kernel.org/stable/c/3b3491ad0f80d913e7d255941d4470f4a4d9bfda |