diff options
author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-04-04 11:52:07 +0200 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-04-04 11:52:07 +0200 |
commit | eccfdf3df72b9881c975f090b754da90d4f4e662 (patch) | |
tree | 656e4a3561aa8e7a98971c006e493816e61220f7 | |
parent | 89030c5fcd83eeb56af69059cf8615944b327dd0 (diff) | |
download | vulns-eccfdf3df72b9881c975f090b754da90d4f4e662.tar.gz |
assign some requested CVEs
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r-- | cve/published/2024/CVE-2024-26808 (renamed from cve/reserved/2024/CVE-2024-26808) | 0 | ||||
-rw-r--r-- | cve/published/2024/CVE-2024-26808.json | 148 | ||||
-rw-r--r-- | cve/published/2024/CVE-2024-26808.mbox | 74 | ||||
-rw-r--r-- | cve/published/2024/CVE-2024-26808.sha1 | 1 | ||||
-rw-r--r-- | cve/published/2024/CVE-2024-26809 (renamed from cve/reserved/2024/CVE-2024-26809) | 0 | ||||
-rw-r--r-- | cve/published/2024/CVE-2024-26809.json | 153 | ||||
-rw-r--r-- | cve/published/2024/CVE-2024-26809.mbox | 84 | ||||
-rw-r--r-- | cve/published/2024/CVE-2024-26809.sha1 | 1 |
8 files changed, 461 insertions, 0 deletions
diff --git a/cve/reserved/2024/CVE-2024-26808 b/cve/published/2024/CVE-2024-26808 index e69de29b..e69de29b 100644 --- a/cve/reserved/2024/CVE-2024-26808 +++ b/cve/published/2024/CVE-2024-26808 diff --git a/cve/published/2024/CVE-2024-26808.json b/cve/published/2024/CVE-2024-26808.json new file mode 100644 index 00000000..fab58853 --- /dev/null +++ b/cve/published/2024/CVE-2024-26808.json @@ -0,0 +1,148 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain\n\nRemove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER\nevent is reported, otherwise a stale reference to netdevice remains in\nthe hook list." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "60a3815da702", + "lessThan": "9489e214ea8f", + "status": "affected", + "versionType": "git" + }, + { + "version": "60a3815da702", + "lessThan": "70f17b48c866", + "status": "affected", + "versionType": "git" + }, + { + "version": "60a3815da702", + "lessThan": "af149a46890e", + "status": "affected", + "versionType": "git" + }, + { + "version": "60a3815da702", + "lessThan": "e5888acbf1a3", + "status": "affected", + "versionType": "git" + }, + { + "version": "60a3815da702", + "lessThan": "36a0a80f3220", + "status": "affected", + "versionType": "git" + }, + { + "version": "60a3815da702", + "lessThan": "01acb2e8666a", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "5.10", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.10", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.210", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.149", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.76", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.15", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.3", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/9489e214ea8f2a90345516016aa51f2db3a8cc2f" + }, + { + "url": "https://git.kernel.org/stable/c/70f17b48c86622217a58d5099d29242fc9adac58" + }, + { + "url": "https://git.kernel.org/stable/c/af149a46890e8285d1618bd68b8d159bdb87fdb3" + }, + { + "url": "https://git.kernel.org/stable/c/e5888acbf1a3d8d021990ce6c6061fd5b2bb21b4" + }, + { + "url": "https://git.kernel.org/stable/c/36a0a80f32209238469deb481967d777a3d539ee" + }, + { + "url": "https://git.kernel.org/stable/c/01acb2e8666a6529697141a6017edbf206921913" + } + ], + "title": "netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain", + "x_generator": { + "engine": "bippy-e0c11145c45e" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2024-26808", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2024/CVE-2024-26808.mbox b/cve/published/2024/CVE-2024-26808.mbox new file mode 100644 index 00000000..36af2e43 --- /dev/null +++ b/cve/published/2024/CVE-2024-26808.mbox @@ -0,0 +1,74 @@ +From bippy-e0c11145c45e Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain +Message-Id: <2024040458-CVE-2024-26808-2df2@gregkh> +Content-Length: 2474 +Lines: 57 +X-Developer-Signature: v=1; a=openpgp-sha256; l=2532; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=CjhNjaNcef3vjGNosEJVrRyHEtVSx12fJ+VwUclfKGM=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGl8Ffa3nbJqDuw//spcsDetI5Dh7ftja+rnVsdnGv2fM + LvFa61ARywLgyATg6yYIsuXbTxH91ccUvQytD0NM4eVCWQIAxenAEwku4hhfpnciVli5yYoHjb2 + fctspc8sL/7RiWGexiz+rZ7HzJ1fSH9ZsvDwyoIzfFx6AA== +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain + +Remove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER +event is reported, otherwise a stale reference to netdevice remains in +the hook list. + +The Linux kernel CVE team has assigned CVE-2024-26808 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 5.10 with commit 60a3815da702 and fixed in 5.10.210 with commit 9489e214ea8f + Issue introduced in 5.10 with commit 60a3815da702 and fixed in 5.15.149 with commit 70f17b48c866 + Issue introduced in 5.10 with commit 60a3815da702 and fixed in 6.1.76 with commit af149a46890e + Issue introduced in 5.10 with commit 60a3815da702 and fixed in 6.6.15 with commit e5888acbf1a3 + Issue introduced in 5.10 with commit 60a3815da702 and fixed in 6.7.3 with commit 36a0a80f3220 + Issue introduced in 5.10 with commit 60a3815da702 and fixed in 6.8 with commit 01acb2e8666a + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2024-26808 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + net/netfilter/nft_chain_filter.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/9489e214ea8f2a90345516016aa51f2db3a8cc2f + https://git.kernel.org/stable/c/70f17b48c86622217a58d5099d29242fc9adac58 + https://git.kernel.org/stable/c/af149a46890e8285d1618bd68b8d159bdb87fdb3 + https://git.kernel.org/stable/c/e5888acbf1a3d8d021990ce6c6061fd5b2bb21b4 + https://git.kernel.org/stable/c/36a0a80f32209238469deb481967d777a3d539ee + https://git.kernel.org/stable/c/01acb2e8666a6529697141a6017edbf206921913 diff --git a/cve/published/2024/CVE-2024-26808.sha1 b/cve/published/2024/CVE-2024-26808.sha1 new file mode 100644 index 00000000..41746079 --- /dev/null +++ b/cve/published/2024/CVE-2024-26808.sha1 @@ -0,0 +1 @@ +01acb2e8666a6529697141a6017edbf206921913 diff --git a/cve/reserved/2024/CVE-2024-26809 b/cve/published/2024/CVE-2024-26809 index e69de29b..e69de29b 100644 --- a/cve/reserved/2024/CVE-2024-26809 +++ b/cve/published/2024/CVE-2024-26809 diff --git a/cve/published/2024/CVE-2024-26809.json b/cve/published/2024/CVE-2024-26809.json new file mode 100644 index 00000000..b36e228d --- /dev/null +++ b/cve/published/2024/CVE-2024-26809.json @@ -0,0 +1,153 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: release elements in clone only from destroy path\n\nClone already always provides a current view of the lookup table, use it\nto destroy the set, otherwise it is possible to destroy elements twice.\n\nThis fix requires:\n\n 212ed75dc5fb (\"netfilter: nf_tables: integrate pipapo into commit protocol\")\n\nwhich came after:\n\n 9827a0e6e23b (\"netfilter: nft_set_pipapo: release elements in clone from abort path\")." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "4a6430b99f67", + "lessThan": "b36b83297ff4", + "status": "affected", + "versionType": "git" + }, + { + "version": "5ccecafc728b", + "lessThan": "362508506bf5", + "status": "affected", + "versionType": "git" + }, + { + "version": "9827a0e6e23b", + "lessThan": "5ad233dc731a", + "status": "affected", + "versionType": "git" + }, + { + "version": "9827a0e6e23b", + "lessThan": "ff9005077141", + "status": "affected", + "versionType": "git" + }, + { + "version": "9827a0e6e23b", + "lessThan": "821e28d5b506", + "status": "affected", + "versionType": "git" + }, + { + "version": "9827a0e6e23b", + "lessThan": "9384b4d85c46", + "status": "affected", + "versionType": "git" + }, + { + "version": "9827a0e6e23b", + "lessThan": "b0e256f3dd2b", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "5.10.214", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.153", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.83", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.23", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.11", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.2", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9-rc1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/b36b83297ff4910dfc8705402c8abffd4bbf8144" + }, + { + "url": "https://git.kernel.org/stable/c/362508506bf545e9ce18c72a2c48dcbfb891ab9c" + }, + { + "url": "https://git.kernel.org/stable/c/5ad233dc731ab64cdc47b84a5c1f78fff6c024af" + }, + { + "url": "https://git.kernel.org/stable/c/ff90050771412b91e928093ccd8736ae680063c2" + }, + { + "url": "https://git.kernel.org/stable/c/821e28d5b506e6a73ccc367ff792bd894050d48b" + }, + { + "url": "https://git.kernel.org/stable/c/9384b4d85c46ce839f51af01374062ce6318b2f2" + }, + { + "url": "https://git.kernel.org/stable/c/b0e256f3dd2ba6532f37c5c22e07cb07a36031ee" + } + ], + "title": "netfilter: nft_set_pipapo: release elements in clone only from destroy path", + "x_generator": { + "engine": "bippy-e0c11145c45e" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2024-26809", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2024/CVE-2024-26809.mbox b/cve/published/2024/CVE-2024-26809.mbox new file mode 100644 index 00000000..4d2410ea --- /dev/null +++ b/cve/published/2024/CVE-2024-26809.mbox @@ -0,0 +1,84 @@ +From bippy-e0c11145c45e Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2024-26809: netfilter: nft_set_pipapo: release elements in clone only from destroy path +Message-Id: <2024040401-CVE-2024-26809-b0d1@gregkh> +Content-Length: 2897 +Lines: 67 +X-Developer-Signature: v=1; a=openpgp-sha256; l=2965; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=viJyPOgjqhfS8ZbxQyzlqOaVTarGe5h3qsiMfNcoCh8=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGl8FY5G/1jznEyiQnN1Z6b+MXv21u+I6ZmPpwVWVpqwz + ryR4f6rI5aFQZCJQVZMkeXLNp6j+ysOKXoZ2p6GmcPKBDKEgYtTACZy3IJhfjrfrJ6pLQxZzKfm + Lq3VFXjU8nxPDMOC/Qr2pn6PTtwPPv1O542Exyvne70cAA== +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +netfilter: nft_set_pipapo: release elements in clone only from destroy path + +Clone already always provides a current view of the lookup table, use it +to destroy the set, otherwise it is possible to destroy elements twice. + +This fix requires: + + 212ed75dc5fb ("netfilter: nf_tables: integrate pipapo into commit protocol") + +which came after: + + 9827a0e6e23b ("netfilter: nft_set_pipapo: release elements in clone from abort path"). + +The Linux kernel CVE team has assigned CVE-2024-26809 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 5.10.130 with commit 4a6430b99f67 and fixed in 5.10.214 with commit b36b83297ff4 + Issue introduced in 5.15.54 with commit 5ccecafc728b and fixed in 5.15.153 with commit 362508506bf5 + Issue introduced in 5.19 with commit 9827a0e6e23b and fixed in 6.1.83 with commit 5ad233dc731a + Issue introduced in 5.19 with commit 9827a0e6e23b and fixed in 6.6.23 with commit ff9005077141 + Issue introduced in 5.19 with commit 9827a0e6e23b and fixed in 6.7.11 with commit 821e28d5b506 + Issue introduced in 5.19 with commit 9827a0e6e23b and fixed in 6.8.2 with commit 9384b4d85c46 + Issue introduced in 5.19 with commit 9827a0e6e23b and fixed in 6.9-rc1 with commit b0e256f3dd2b + Issue introduced in 5.18.11 with commit d2b18d110685 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2024-26809 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + net/netfilter/nft_set_pipapo.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/b36b83297ff4910dfc8705402c8abffd4bbf8144 + https://git.kernel.org/stable/c/362508506bf545e9ce18c72a2c48dcbfb891ab9c + https://git.kernel.org/stable/c/5ad233dc731ab64cdc47b84a5c1f78fff6c024af + https://git.kernel.org/stable/c/ff90050771412b91e928093ccd8736ae680063c2 + https://git.kernel.org/stable/c/821e28d5b506e6a73ccc367ff792bd894050d48b + https://git.kernel.org/stable/c/9384b4d85c46ce839f51af01374062ce6318b2f2 + https://git.kernel.org/stable/c/b0e256f3dd2ba6532f37c5c22e07cb07a36031ee diff --git a/cve/published/2024/CVE-2024-26809.sha1 b/cve/published/2024/CVE-2024-26809.sha1 new file mode 100644 index 00000000..5525f119 --- /dev/null +++ b/cve/published/2024/CVE-2024-26809.sha1 @@ -0,0 +1 @@ +b0e256f3dd2ba6532f37c5c22e07cb07a36031ee |