diff options
| author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-03-27 14:51:28 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-03-27 14:51:43 +0100 |
| commit | e11fe7c476b0e92bd301ed46662fc10d39432a2c (patch) | |
| tree | 6f9dcda346f99893c44cacaae451026376bac654 | |
| parent | d3f6df4c1f6b9bc50d0d125a664eefad395990a6 (diff) | |
| download | vulns-e11fe7c476b0e92bd301ed46662fc10d39432a2c.tar.gz | |
create CVE-2024-26651
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | cve/published/2024/CVE-2024-26651 (renamed from cve/reserved/2024/CVE-2024-26651) | 0 | ||||
| -rw-r--r-- | cve/published/2024/CVE-2024-26651.json | 193 | ||||
| -rw-r--r-- | cve/published/2024/CVE-2024-26651.mbox | 79 | ||||
| -rw-r--r-- | cve/published/2024/CVE-2024-26651.sha1 | 1 |
4 files changed, 273 insertions, 0 deletions
diff --git a/cve/reserved/2024/CVE-2024-26651 b/cve/published/2024/CVE-2024-26651 index e69de29b..e69de29b 100644 --- a/cve/reserved/2024/CVE-2024-26651 +++ b/cve/published/2024/CVE-2024-26651 diff --git a/cve/published/2024/CVE-2024-26651.json b/cve/published/2024/CVE-2024-26651.json new file mode 100644 index 00000000..9c7b3645 --- /dev/null +++ b/cve/published/2024/CVE-2024-26651.json @@ -0,0 +1,193 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsr9800: Add check for usbnet_get_endpoints\n\nAdd check for usbnet_get_endpoints() and return the error if it fails\nin order to transfer the error." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "19a38d8e0aa3", + "lessThan": "424eba06ed40", + "status": "affected", + "versionType": "git" + }, + { + "version": "19a38d8e0aa3", + "lessThan": "8a8b6a24684b", + "status": "affected", + "versionType": "git" + }, + { + "version": "19a38d8e0aa3", + "lessThan": "6b4a39acafaf", + "status": "affected", + "versionType": "git" + }, + { + "version": "19a38d8e0aa3", + "lessThan": "276873ae26c8", + "status": "affected", + "versionType": "git" + }, + { + "version": "19a38d8e0aa3", + "lessThan": "9c402819620a", + "status": "affected", + "versionType": "git" + }, + { + "version": "19a38d8e0aa3", + "lessThan": "e39a3a14eafc", + "status": "affected", + "versionType": "git" + }, + { + "version": "19a38d8e0aa3", + "lessThan": "efba65777f98", + "status": "affected", + "versionType": "git" + }, + { + "version": "19a38d8e0aa3", + "lessThan": "f546cc19f9b8", + "status": "affected", + "versionType": "git" + }, + { + "version": "19a38d8e0aa3", + "lessThan": "07161b2416f7", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "3.14", + "status": "affected" + }, + { + "version": "0", + "lessThan": "3.14", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.311", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.273", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.214", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.153", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.83", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.23", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.11", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.2", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9-rc1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/424eba06ed405d557077339edb19ce0ebe39e7c7" + }, + { + "url": "https://git.kernel.org/stable/c/8a8b6a24684bc278036c3f159f7b3a31ad89546a" + }, + { + "url": "https://git.kernel.org/stable/c/6b4a39acafaf0186ed8e97c16e0aa6fca0e52009" + }, + { + "url": "https://git.kernel.org/stable/c/276873ae26c8d75b00747c1dadb9561d6ef20581" + }, + { + "url": "https://git.kernel.org/stable/c/9c402819620a842cbfe39359a3ddfaac9adc8384" + }, + { + "url": "https://git.kernel.org/stable/c/e39a3a14eafcf17f03c037290b78c8f483529028" + }, + { + "url": "https://git.kernel.org/stable/c/efba65777f98457773c5b65e3135c6132d3b015f" + }, + { + "url": "https://git.kernel.org/stable/c/f546cc19f9b82975238d0ba413adc27714750774" + }, + { + "url": "https://git.kernel.org/stable/c/07161b2416f740a2cb87faa5566873f401440a61" + } + ], + "title": "sr9800: Add check for usbnet_get_endpoints", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2024-26651", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2024/CVE-2024-26651.mbox b/cve/published/2024/CVE-2024-26651.mbox new file mode 100644 index 00000000..5640712b --- /dev/null +++ b/cve/published/2024/CVE-2024-26651.mbox @@ -0,0 +1,79 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2024-26651: sr9800: Add check for usbnet_get_endpoints +Message-Id: <2024032721-CVE-2024-26651-34b3@gregkh> +Content-Length: 2890 +Lines: 62 +X-Developer-Signature: v=1; a=openpgp-sha256; l=2953; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=z0/rgo7JDvp6cPPJlKVqORnFMHMujyiavPTAB/6vGys=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGksKpGZck1rK6UzUq/9qw/LnMWr57rnHHMJG89S+fQp/ + RsXnVPriGVhEGRikBVTZPmyjefo/opDil6Gtqdh5rAygQxh4OIUgIk8kWOYX71BZNaya6zMS3xX + 5TUs+GyidaVCm2HB7upPbxQObbkacfFp7YMoH5uT+w6KAAA= +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +sr9800: Add check for usbnet_get_endpoints + +Add check for usbnet_get_endpoints() and return the error if it fails +in order to transfer the error. + +The Linux kernel CVE team has assigned CVE-2024-26651 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 3.14 with commit 19a38d8e0aa3 and fixed in 4.19.311 with commit 424eba06ed40 + Issue introduced in 3.14 with commit 19a38d8e0aa3 and fixed in 5.4.273 with commit 8a8b6a24684b + Issue introduced in 3.14 with commit 19a38d8e0aa3 and fixed in 5.10.214 with commit 6b4a39acafaf + Issue introduced in 3.14 with commit 19a38d8e0aa3 and fixed in 5.15.153 with commit 276873ae26c8 + Issue introduced in 3.14 with commit 19a38d8e0aa3 and fixed in 6.1.83 with commit 9c402819620a + Issue introduced in 3.14 with commit 19a38d8e0aa3 and fixed in 6.6.23 with commit e39a3a14eafc + Issue introduced in 3.14 with commit 19a38d8e0aa3 and fixed in 6.7.11 with commit efba65777f98 + Issue introduced in 3.14 with commit 19a38d8e0aa3 and fixed in 6.8.2 with commit f546cc19f9b8 + Issue introduced in 3.14 with commit 19a38d8e0aa3 and fixed in 6.9-rc1 with commit 07161b2416f7 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2024-26651 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + drivers/net/usb/sr9800.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/424eba06ed405d557077339edb19ce0ebe39e7c7 + https://git.kernel.org/stable/c/8a8b6a24684bc278036c3f159f7b3a31ad89546a + https://git.kernel.org/stable/c/6b4a39acafaf0186ed8e97c16e0aa6fca0e52009 + https://git.kernel.org/stable/c/276873ae26c8d75b00747c1dadb9561d6ef20581 + https://git.kernel.org/stable/c/9c402819620a842cbfe39359a3ddfaac9adc8384 + https://git.kernel.org/stable/c/e39a3a14eafcf17f03c037290b78c8f483529028 + https://git.kernel.org/stable/c/efba65777f98457773c5b65e3135c6132d3b015f + https://git.kernel.org/stable/c/f546cc19f9b82975238d0ba413adc27714750774 + https://git.kernel.org/stable/c/07161b2416f740a2cb87faa5566873f401440a61 diff --git a/cve/published/2024/CVE-2024-26651.sha1 b/cve/published/2024/CVE-2024-26651.sha1 new file mode 100644 index 00000000..e65f83fa --- /dev/null +++ b/cve/published/2024/CVE-2024-26651.sha1 @@ -0,0 +1 @@ +07161b2416f740a2cb87faa5566873f401440a61 |