aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLee Jones <lee@kernel.org>2024-03-18 10:15:21 +0000
committerLee Jones <lee@kernel.org>2024-03-18 10:15:38 +0000
commit2ba96318c24a8f4061f320646979f66655188b6f (patch)
treec815b0b3f41a2c5f6a061a45aabeaa42f3ebdb28
parent900e07d83a888f65549c47071a83bbe6063bd6c0 (diff)
downloadvulns-2ba96318c24a8f4061f320646979f66655188b6f.tar.gz
published: Create and publish a bunch of v6.7.3 re-reviews
Signed-off-by: Lee Jones <lee@kernel.org>
Diffstat
-rw-r--r--cve/published/2023/CVE-2023-52614 (renamed from cve/reserved/2023/CVE-2023-52614)0
-rw-r--r--cve/published/2023/CVE-2023-52614.json133
-rw-r--r--cve/published/2023/CVE-2023-52614.mbox88
-rw-r--r--cve/published/2023/CVE-2023-52614.sha11
-rw-r--r--cve/published/2023/CVE-2023-52615 (renamed from cve/reserved/2023/CVE-2023-52615)0
-rw-r--r--cve/published/2023/CVE-2023-52615.json178
-rw-r--r--cve/published/2023/CVE-2023-52615.mbox86
-rw-r--r--cve/published/2023/CVE-2023-52615.sha11
-rw-r--r--cve/published/2023/CVE-2023-52616 (renamed from cve/reserved/2023/CVE-2023-52616)0
-rw-r--r--cve/published/2023/CVE-2023-52616.json148
-rw-r--r--cve/published/2023/CVE-2023-52616.mbox82
-rw-r--r--cve/published/2023/CVE-2023-52616.sha11
-rw-r--r--cve/published/2024/CVE-2024-26634 (renamed from cve/reserved/2024/CVE-2024-26634)0
-rw-r--r--cve/published/2024/CVE-2024-26634.json108
-rw-r--r--cve/published/2024/CVE-2024-26634.mbox83
-rw-r--r--cve/published/2024/CVE-2024-26634.sha11
-rw-r--r--cve/published/2024/CVE-2024-26635 (renamed from cve/reserved/2024/CVE-2024-26635)0
-rw-r--r--cve/published/2024/CVE-2024-26635.json178
-rw-r--r--cve/published/2024/CVE-2024-26635.mbox134
-rw-r--r--cve/published/2024/CVE-2024-26635.sha11
-rw-r--r--cve/published/2024/CVE-2024-26636 (renamed from cve/reserved/2024/CVE-2024-26636)0
-rw-r--r--cve/published/2024/CVE-2024-26636.json178
-rw-r--r--cve/published/2024/CVE-2024-26636.mbox152
-rw-r--r--cve/published/2024/CVE-2024-26636.sha11
-rw-r--r--cve/published/2024/CVE-2024-26637 (renamed from cve/reserved/2024/CVE-2024-26637)0
-rw-r--r--cve/published/2024/CVE-2024-26637.json88
-rw-r--r--cve/published/2024/CVE-2024-26637.mbox75
-rw-r--r--cve/published/2024/CVE-2024-26637.sha11
-rw-r--r--cve/published/2024/CVE-2024-26638 (renamed from cve/reserved/2024/CVE-2024-26638)0
-rw-r--r--cve/published/2024/CVE-2024-26638.json118
-rw-r--r--cve/published/2024/CVE-2024-26638.mbox101
-rw-r--r--cve/published/2024/CVE-2024-26638.sha11
32 files changed, 1938 insertions, 0 deletions
diff --git a/cve/reserved/2023/CVE-2023-52614 b/cve/published/2023/CVE-2023-52614
index e69de29b..e69de29b 100644
--- a/cve/reserved/2023/CVE-2023-52614
+++ b/cve/published/2023/CVE-2023-52614
diff --git a/cve/published/2023/CVE-2023-52614.json b/cve/published/2023/CVE-2023-52614.json
new file mode 100644
index 00000000..f1da279f
--- /dev/null
+++ b/cve/published/2023/CVE-2023-52614.json
@@ -0,0 +1,133 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM / devfreq: Fix buffer overflow in trans_stat_show\n\nFix buffer overflow in trans_stat_show().\n\nConvert simple snprintf to the more secure scnprintf with size of\nPAGE_SIZE.\n\nAdd condition checking if we are exceeding PAGE_SIZE and exit early from\nloop. Also add at the end a warning that we exceeded PAGE_SIZE and that\nstats is disabled.\n\nReturn -EFBIG in the case where we don't have enough space to write the\nfull transition table.\n\nAlso document in the ABI that this function can return -EFBIG error."
+ }
+ ],
+ "affected": [
+ {
+ "product": "Linux",
+ "vendor": "Linux",
+ "defaultStatus": "unaffected",
+ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+ "versions": [
+ {
+ "version": "e552bbaf5b98",
+ "lessThan": "796d3fad8c35",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "e552bbaf5b98",
+ "lessThan": "8a7729cda2dd",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "e552bbaf5b98",
+ "lessThan": "a979f56aa4b9",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "e552bbaf5b98",
+ "lessThan": "eaef4650fa20",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "e552bbaf5b98",
+ "lessThan": "08e23d05fa6d",
+ "status": "affected",
+ "versionType": "git"
+ }
+ ]
+ },
+ {
+ "product": "Linux",
+ "vendor": "Linux",
+ "defaultStatus": "affected",
+ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+ "versions": [
+ {
+ "version": "3.8",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "3.8",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.15.149",
+ "lessThanOrEqual": "5.15.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.1.76",
+ "lessThanOrEqual": "6.1.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.6.15",
+ "lessThanOrEqual": "6.6.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.7.3",
+ "lessThanOrEqual": "6.7.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.8",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://git.kernel.org/stable/c/796d3fad8c35ee9df9027899fb90ceaeb41b958f"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/8a7729cda2dd276d7a3994638038fb89035b6f2c"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/a979f56aa4b93579cf0e4265ae04d7e9300fd3e8"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/eaef4650fa2050147ca25fd7ee43bc0082e03c87"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/08e23d05fa6dc4fc13da0ccf09defdd4bbc92ff4"
+ }
+ ],
+ "title": "PM / devfreq: Fix buffer overflow in trans_stat_show",
+ "x_generator": {
+ "engine": "bippy-8df59b4913de"
+ }
+ }
+ },
+ "cveMetadata": {
+ "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
+ "cveID": "CVE-2023-52614",
+ "requesterUserId": "lee@kernel.org",
+ "serial": "1",
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
diff --git a/cve/published/2023/CVE-2023-52614.mbox b/cve/published/2023/CVE-2023-52614.mbox
new file mode 100644
index 00000000..5c2c656b
--- /dev/null
+++ b/cve/published/2023/CVE-2023-52614.mbox
@@ -0,0 +1,88 @@
+From bippy-8df59b4913de Mon Sep 17 00:00:00 2001
+From: Lee Jones <lee@kernel.org>
+To: <linux-cve-announce@vger.kernel.org>
+Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
+Subject: CVE-2023-52614: PM / devfreq: Fix buffer overflow in trans_stat_show
+X-Developer-Signature: v=1; a=openpgp-sha256; l=2669; i=lee@kernel.org;
+ h=from:subject; bh=mYchYbJUv47Z04cdeHPsCuEM8bNNOqpOK1Qsqpylq+w=;
+ b=owEBbQKS/ZANAwAKAVGvii+H/HdhAcsmYgBl+BQimoWkK1Lm1FtrUG/bD8sS6nwu9VpXX6HhY
+ UAVPMnQQwSJAjMEAAEKAB0WIQR2tsk1o74gmpTwh0hRr4ovh/x3YQUCZfgUIgAKCRBRr4ovh/x3
+ YUfdD/9xOMbsewM78tNMVMoCqS89zgAFy/REFaTUUGFyb3+shVztLHuQun0qUe7mKGcEreSGeic
+ lXt41A5CjFSdJ+O3vZ81AD7YYtdeSswu/f2TgW0dDklyxd94WDKHPTRaBiz3MnaRjkln6a66jve
+ nKVhwdwC+SF9j4mpnMcmUZ9yxdZ/5mAirLgEbRBRo3dW5YrBfomn44dkNzYRqFWtsoY7SdAY8wI
+ hhUbxHHr9o7Gaz2sfHhyoHKqoUOVP6oRDDp7q80ehKDhD7/r2twLoVKP87d3DkgzPoXA190PJZy
+ ++M/KfK6VIF8ZutP/DTi4UREO6LxakYCPUDO3doZW4/QV4h8z0ZrVOvXBHHc4xJgsvIcocZEB5u
+ FnQRK2ANmB95Z+3CHaws/iHYXsITNSIh6JmzR58VKRluFVBUxjnWtcIBkMVSv6RxfC4QJZ9ySC3
+ NT6L0gffje1vjHtwA1B1rtSl5lBgXVq1YvWbVV9tImOG5Gvddi4RQ4WoR/UxMCSnB1g9Zl3IjcW
+ IyCBHbrukH3KCfPl87CBTXmvcvmTYVx6Q1bQmX1Ax2X6gZcMVDrIDhKiEDLEiTw72YRZtFUWjMk
+ GQnkyFCVpyNxkWhX2t5Tv4Em+x4aL0jayqZ9ImV6k4GklzRfnSEgx4XPmYxLeqer+atrjZHJDvZ
+ AS5Gbt/0uVXlN8w==
+X-Developer-Key: i=lee@kernel.org; a=openpgp;
+ fpr=76B6C935A3BE209A94F0874851AF8A2F87FC7761
+
+Description
+===========
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+PM / devfreq: Fix buffer overflow in trans_stat_show
+
+Fix buffer overflow in trans_stat_show().
+
+Convert simple snprintf to the more secure scnprintf with size of
+PAGE_SIZE.
+
+Add condition checking if we are exceeding PAGE_SIZE and exit early from
+loop. Also add at the end a warning that we exceeded PAGE_SIZE and that
+stats is disabled.
+
+Return -EFBIG in the case where we don't have enough space to write the
+full transition table.
+
+Also document in the ABI that this function can return -EFBIG error.
+
+The Linux kernel CVE team has assigned CVE-2023-52614 to this issue.
+
+
+Affected and fixed versions
+===========================
+
+ Issue introduced in 3.8 with commit e552bbaf5b98 and fixed in 5.15.149 with commit 796d3fad8c35
+ Issue introduced in 3.8 with commit e552bbaf5b98 and fixed in 6.1.76 with commit 8a7729cda2dd
+ Issue introduced in 3.8 with commit e552bbaf5b98 and fixed in 6.6.15 with commit a979f56aa4b9
+ Issue introduced in 3.8 with commit e552bbaf5b98 and fixed in 6.7.3 with commit eaef4650fa20
+ Issue introduced in 3.8 with commit e552bbaf5b98 and fixed in 6.8 with commit 08e23d05fa6d
+
+Please see https://www.kernel.org or a full list of currently supported
+kernel versions by the kernel community.
+
+Unaffected versions might change over time as fixes are backported to
+older supported kernel versions. The official CVE entry at
+ https://cve.org/CVERecord/?id=CVE-2023-52614
+will be updated if fixes are backported, please check that for the most
+up to date information about this issue.
+
+
+Affected files
+==============
+
+The file(s) affected by this issue are:
+ Documentation/ABI/testing/sysfs-class-devfreq
+ drivers/devfreq/devfreq.c
+
+
+Mitigation
+==========
+
+The Linux kernel CVE team recommends that you update to the latest
+stable kernel version for this, and many other bugfixes. Individual
+changes are never tested alone, but rather are part of a larger kernel
+release. Cherry-picking individual commits is not recommended or
+supported by the Linux kernel community at all. If however, updating to
+the latest release is impossible, the individual changes to resolve this
+issue can be found at these commits:
+ https://git.kernel.org/stable/c/796d3fad8c35ee9df9027899fb90ceaeb41b958f
+ https://git.kernel.org/stable/c/8a7729cda2dd276d7a3994638038fb89035b6f2c
+ https://git.kernel.org/stable/c/a979f56aa4b93579cf0e4265ae04d7e9300fd3e8
+ https://git.kernel.org/stable/c/eaef4650fa2050147ca25fd7ee43bc0082e03c87
+ https://git.kernel.org/stable/c/08e23d05fa6dc4fc13da0ccf09defdd4bbc92ff4
diff --git a/cve/published/2023/CVE-2023-52614.sha1 b/cve/published/2023/CVE-2023-52614.sha1
new file mode 100644
index 00000000..2d1b52e0
--- /dev/null
+++ b/cve/published/2023/CVE-2023-52614.sha1
@@ -0,0 +1 @@
+08e23d05fa6dc4fc13da0ccf09defdd4bbc92ff4
diff --git a/cve/reserved/2023/CVE-2023-52615 b/cve/published/2023/CVE-2023-52615
index e69de29b..e69de29b 100644
--- a/cve/reserved/2023/CVE-2023-52615
+++ b/cve/published/2023/CVE-2023-52615
diff --git a/cve/published/2023/CVE-2023-52615.json b/cve/published/2023/CVE-2023-52615.json
new file mode 100644
index 00000000..21222d0c
--- /dev/null
+++ b/cve/published/2023/CVE-2023-52615.json
@@ -0,0 +1,178 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwrng: core - Fix page fault dead lock on mmap-ed hwrng\n\nThere is a dead-lock in the hwrng device read path. This triggers\nwhen the user reads from /dev/hwrng into memory also mmap-ed from\n/dev/hwrng. The resulting page fault triggers a recursive read\nwhich then dead-locks.\n\nFix this by using a stack buffer when calling copy_to_user."
+ }
+ ],
+ "affected": [
+ {
+ "product": "Linux",
+ "vendor": "Linux",
+ "defaultStatus": "unaffected",
+ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+ "versions": [
+ {
+ "version": "9996508b3353",
+ "lessThan": "eafd83b92f6c",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "9996508b3353",
+ "lessThan": "5030d4c79886",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "9996508b3353",
+ "lessThan": "c6a8111aacbf",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "9996508b3353",
+ "lessThan": "26cc6d7006f9",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "9996508b3353",
+ "lessThan": "aa8aa16ed9ad",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "9996508b3353",
+ "lessThan": "ecabe8cd456d",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "9996508b3353",
+ "lessThan": "6822a1427178",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "9996508b3353",
+ "lessThan": "78aafb3884f6",
+ "status": "affected",
+ "versionType": "git"
+ }
+ ]
+ },
+ {
+ "product": "Linux",
+ "vendor": "Linux",
+ "defaultStatus": "affected",
+ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+ "versions": [
+ {
+ "version": "2.6.33",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "2.6.33",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "4.19.307",
+ "lessThanOrEqual": "4.19.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.4.269",
+ "lessThanOrEqual": "5.4.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.10.210",
+ "lessThanOrEqual": "5.10.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.15.149",
+ "lessThanOrEqual": "5.15.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.1.76",
+ "lessThanOrEqual": "6.1.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.6.15",
+ "lessThanOrEqual": "6.6.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.7.3",
+ "lessThanOrEqual": "6.7.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.8",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://git.kernel.org/stable/c/eafd83b92f6c044007a3591cbd476bcf90455990"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/5030d4c798863ccb266563201b341a099e8cdd48"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/c6a8111aacbfe7a8a70f46cc0de8eed00561693c"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/26cc6d7006f922df6cc4389248032d955750b2a0"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/aa8aa16ed9adf1df05bb339d588cf485a011839e"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/ecabe8cd456d3bf81e92c53b074732f3140f170d"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/6822a14271786150e178869f1495cc03e74c5029"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/78aafb3884f6bc6636efcc1760c891c8500b9922"
+ }
+ ],
+ "title": "hwrng: core - Fix page fault dead lock on mmap-ed hwrng",
+ "x_generator": {
+ "engine": "bippy-8df59b4913de"
+ }
+ }
+ },
+ "cveMetadata": {
+ "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
+ "cveID": "CVE-2023-52615",
+ "requesterUserId": "lee@kernel.org",
+ "serial": "1",
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
diff --git a/cve/published/2023/CVE-2023-52615.mbox b/cve/published/2023/CVE-2023-52615.mbox
new file mode 100644
index 00000000..8d196544
--- /dev/null
+++ b/cve/published/2023/CVE-2023-52615.mbox
@@ -0,0 +1,86 @@
+From bippy-8df59b4913de Mon Sep 17 00:00:00 2001
+From: Lee Jones <lee@kernel.org>
+To: <linux-cve-announce@vger.kernel.org>
+Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
+Subject: CVE-2023-52615: hwrng: core - Fix page fault dead lock on mmap-ed hwrng
+X-Developer-Signature: v=1; a=openpgp-sha256; l=2993; i=lee@kernel.org;
+ h=from:subject; bh=IDt93Cfp8sq44YaG9jTFob0DfIAbvvavIeEHR2bnShA=;
+ b=owEBbQKS/ZANAwAKAVGvii+H/HdhAcsmYgBl+BQiVz+34fUMjqRwU2lHO1u2j62XDTenksSWq
+ vMLi0eotHOJAjMEAAEKAB0WIQR2tsk1o74gmpTwh0hRr4ovh/x3YQUCZfgUIgAKCRBRr4ovh/x3
+ YdXFD/9dsjWfT4J5sC042TkBRbOWCE9k7L+0ZDUSWbD1YMss8OKnta6VcVgkfmKTpXdTNbF8wLw
+ ZC04w4DLzK0bx3gVWWE1Gwz28NJ4B8z1g/eVJxp0DL1B9hKHmsPJ+G43GsoTF455y0yiRj08ySR
+ hK4JmCkf8CkU3IGwvCgdqZR+KveFxCULnouy1NzLkBrV+O6CLsz4C+opK553LfC9MImqqDNWr8S
+ hWL3H767tn03zHInCw3Mz2BobBCe6f7S2w/DnpjUQ/r/LlMLh269FI4krC7ZWQujaeoDZaG7UIP
+ infImJRq3UTmqgzAJnKSo1Q9H1WW8+IB5tiFv1zLotFk+9QGMojUv67yZn5y9tNJDLCvsjvUlZb
+ 1tljj/uNbcQat0D8mlDsC3cvgB8KLphTttmn4ImyEfiaeRyb0IhH6a7ldiLHITGzmEj2n7iGhnl
+ Lo6bbqbiVS6dLdGnWrj+PMg6F1UqFqiCbpKrANekLRVdj4ET15As5a1nZYFixC4//linFgvDCGT
+ 9xYDBl7BALIUqywTPOwXT57Mzi6kZjUEFB2GdBEFCgHNoIy+v1v4+BR+XfdXJB7b2RcwwrydeK3
+ Y5nwbvgFA1VzsDIQhGepp6hOhTV/A/FcFlIOMBCW59Ws7oRC6Vr/TusUgQq6ZeaxH0EOHe4ZEkT
+ /CeEWzCzqWQWYcg==
+X-Developer-Key: i=lee@kernel.org; a=openpgp;
+ fpr=76B6C935A3BE209A94F0874851AF8A2F87FC7761
+
+Description
+===========
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+hwrng: core - Fix page fault dead lock on mmap-ed hwrng
+
+There is a dead-lock in the hwrng device read path. This triggers
+when the user reads from /dev/hwrng into memory also mmap-ed from
+/dev/hwrng. The resulting page fault triggers a recursive read
+which then dead-locks.
+
+Fix this by using a stack buffer when calling copy_to_user.
+
+The Linux kernel CVE team has assigned CVE-2023-52615 to this issue.
+
+
+Affected and fixed versions
+===========================
+
+ Issue introduced in 2.6.33 with commit 9996508b3353 and fixed in 4.19.307 with commit eafd83b92f6c
+ Issue introduced in 2.6.33 with commit 9996508b3353 and fixed in 5.4.269 with commit 5030d4c79886
+ Issue introduced in 2.6.33 with commit 9996508b3353 and fixed in 5.10.210 with commit c6a8111aacbf
+ Issue introduced in 2.6.33 with commit 9996508b3353 and fixed in 5.15.149 with commit 26cc6d7006f9
+ Issue introduced in 2.6.33 with commit 9996508b3353 and fixed in 6.1.76 with commit aa8aa16ed9ad
+ Issue introduced in 2.6.33 with commit 9996508b3353 and fixed in 6.6.15 with commit ecabe8cd456d
+ Issue introduced in 2.6.33 with commit 9996508b3353 and fixed in 6.7.3 with commit 6822a1427178
+ Issue introduced in 2.6.33 with commit 9996508b3353 and fixed in 6.8 with commit 78aafb3884f6
+
+Please see https://www.kernel.org or a full list of currently supported
+kernel versions by the kernel community.
+
+Unaffected versions might change over time as fixes are backported to
+older supported kernel versions. The official CVE entry at
+ https://cve.org/CVERecord/?id=CVE-2023-52615
+will be updated if fixes are backported, please check that for the most
+up to date information about this issue.
+
+
+Affected files
+==============
+
+The file(s) affected by this issue are:
+ drivers/char/hw_random/core.c
+
+
+Mitigation
+==========
+
+The Linux kernel CVE team recommends that you update to the latest
+stable kernel version for this, and many other bugfixes. Individual
+changes are never tested alone, but rather are part of a larger kernel
+release. Cherry-picking individual commits is not recommended or
+supported by the Linux kernel community at all. If however, updating to
+the latest release is impossible, the individual changes to resolve this
+issue can be found at these commits:
+ https://git.kernel.org/stable/c/eafd83b92f6c044007a3591cbd476bcf90455990
+ https://git.kernel.org/stable/c/5030d4c798863ccb266563201b341a099e8cdd48
+ https://git.kernel.org/stable/c/c6a8111aacbfe7a8a70f46cc0de8eed00561693c
+ https://git.kernel.org/stable/c/26cc6d7006f922df6cc4389248032d955750b2a0
+ https://git.kernel.org/stable/c/aa8aa16ed9adf1df05bb339d588cf485a011839e
+ https://git.kernel.org/stable/c/ecabe8cd456d3bf81e92c53b074732f3140f170d
+ https://git.kernel.org/stable/c/6822a14271786150e178869f1495cc03e74c5029
+ https://git.kernel.org/stable/c/78aafb3884f6bc6636efcc1760c891c8500b9922
diff --git a/cve/published/2023/CVE-2023-52615.sha1 b/cve/published/2023/CVE-2023-52615.sha1
new file mode 100644
index 00000000..d8c966ac
--- /dev/null
+++ b/cve/published/2023/CVE-2023-52615.sha1
@@ -0,0 +1 @@
+78aafb3884f6bc6636efcc1760c891c8500b9922
diff --git a/cve/reserved/2023/CVE-2023-52616 b/cve/published/2023/CVE-2023-52616
index e69de29b..e69de29b 100644
--- a/cve/reserved/2023/CVE-2023-52616
+++ b/cve/published/2023/CVE-2023-52616
diff --git a/cve/published/2023/CVE-2023-52616.json b/cve/published/2023/CVE-2023-52616.json
new file mode 100644
index 00000000..0d739392
--- /dev/null
+++ b/cve/published/2023/CVE-2023-52616.json
@@ -0,0 +1,148 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init\n\nWhen the mpi_ec_ctx structure is initialized, some fields are not\ncleared, causing a crash when referencing the field when the\nstructure was released. Initially, this issue was ignored because\nmemory for mpi_ec_ctx is allocated with the __GFP_ZERO flag.\nFor example, this error will be triggered when calculating the\nZa value for SM2 separately."
+ }
+ ],
+ "affected": [
+ {
+ "product": "Linux",
+ "vendor": "Linux",
+ "defaultStatus": "unaffected",
+ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+ "versions": [
+ {
+ "version": "d58bb7e55a8a",
+ "lessThan": "0c3687822259",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "d58bb7e55a8a",
+ "lessThan": "2bb86817b33c",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "d58bb7e55a8a",
+ "lessThan": "bb44477d4506",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "d58bb7e55a8a",
+ "lessThan": "7ebf812b7019",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "d58bb7e55a8a",
+ "lessThan": "7abdfd45a650",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "d58bb7e55a8a",
+ "lessThan": "ba3c55742030",
+ "status": "affected",
+ "versionType": "git"
+ }
+ ]
+ },
+ {
+ "product": "Linux",
+ "vendor": "Linux",
+ "defaultStatus": "affected",
+ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+ "versions": [
+ {
+ "version": "5.10",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "5.10",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.10.210",
+ "lessThanOrEqual": "5.10.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.15.149",
+ "lessThanOrEqual": "5.15.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.1.79",
+ "lessThanOrEqual": "6.1.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.6.15",
+ "lessThanOrEqual": "6.6.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.7.3",
+ "lessThanOrEqual": "6.7.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.8",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://git.kernel.org/stable/c/0c3687822259a7628c85cd21a3445cbe3c367165"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/2bb86817b33c9d704e127f92b838035a72c315b6"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/bb44477d4506e52785693a39f03cdc6a2c5e8598"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/7ebf812b7019fd2d4d5a7ca45ef4bf3a6f4bda0a"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/7abdfd45a650c714d5ebab564bb1b988f14d9b49"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/ba3c5574203034781ac4231acf117da917efcd2a"
+ }
+ ],
+ "title": "crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init",
+ "x_generator": {
+ "engine": "bippy-8df59b4913de"
+ }
+ }
+ },
+ "cveMetadata": {
+ "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
+ "cveID": "CVE-2023-52616",
+ "requesterUserId": "lee@kernel.org",
+ "serial": "1",
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
diff --git a/cve/published/2023/CVE-2023-52616.mbox b/cve/published/2023/CVE-2023-52616.mbox
new file mode 100644
index 00000000..9649983c
--- /dev/null
+++ b/cve/published/2023/CVE-2023-52616.mbox
@@ -0,0 +1,82 @@
+From bippy-8df59b4913de Mon Sep 17 00:00:00 2001
+From: Lee Jones <lee@kernel.org>
+To: <linux-cve-announce@vger.kernel.org>
+Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
+Subject: CVE-2023-52616: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
+X-Developer-Signature: v=1; a=openpgp-sha256; l=2692; i=lee@kernel.org;
+ h=from:subject; bh=Y2C1XOrm26ah5eIYvFy2mVkhN2UAmY3CAB2v9vA91/8=;
+ b=owEBbQKS/ZANAwAKAVGvii+H/HdhAcsmYgBl+BQiGU9CoHr6WivBEMInpGidUSWB6ghFp17/5
+ OzngnHzKDeJAjMEAAEKAB0WIQR2tsk1o74gmpTwh0hRr4ovh/x3YQUCZfgUIgAKCRBRr4ovh/x3
+ YWi9D/9SnPQ62m12+CI8SYt0mYg7b66/RGnPwFqqJUw1mMX3ezokMIiRyd5VeLMAE6WXERY4lLS
+ dxpf3RDGtKnq77RHOg+iSx2ytbDL3ABi5FX15EnWKWFqcOK3NI85F7DBIpGAWjCMRpHv7BZ3kNL
+ 18iQPQWhHjmHcnQsZeLcHsKpWgN1gVxqpCD2/j6rxBtj5DoBqVe4qVZ8u5YB6cSpK2hUk+Cxn5x
+ h+auGaNKlpTxhVJL5vwILui6qI3AgOMdsFJdAL/ytdmg9yjM64lU1loolYZ0KYrNkXEZY+EJpwH
+ AwqXtuRbM2BLGMEctU+NyOQ+jSVmbYiZ90a3kbVzioY77VC4RXwHApgzzvWRcbVjXQ61fBo4HVu
+ RvR75An65ALotcucni/sKLeITamD+/OMzGlqGM/IQ3b0qTe8wVCU1ymTHIY1ui5YvzXoJUdsrC0
+ Utxs+7w0I/tDvTZSieNImQOTioqcseRpOsu/s4JEeLYryRygF1dfoZDbIVCVfhvAhd4KLB636u8
+ +kloMQ+MPXoK0REBM0FKAo8p5ZV/G+ABf0Qg2SsJ/dxelTtbS0lO4dX9vNtGnG5qpSwe9Ef3C1m
+ 6fL0GWHuGB1hBOM7rUmyoqRbieuk0HzzqAErfU/QHHL7OxydpbUHB6seX2ikPMQe1rk6biOOejX
+ afjvHSTbpBBdWNg==
+X-Developer-Key: i=lee@kernel.org; a=openpgp;
+ fpr=76B6C935A3BE209A94F0874851AF8A2F87FC7761
+
+Description
+===========
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
+
+When the mpi_ec_ctx structure is initialized, some fields are not
+cleared, causing a crash when referencing the field when the
+structure was released. Initially, this issue was ignored because
+memory for mpi_ec_ctx is allocated with the __GFP_ZERO flag.
+For example, this error will be triggered when calculating the
+Za value for SM2 separately.
+
+The Linux kernel CVE team has assigned CVE-2023-52616 to this issue.
+
+
+Affected and fixed versions
+===========================
+
+ Issue introduced in 5.10 with commit d58bb7e55a8a and fixed in 5.10.210 with commit 0c3687822259
+ Issue introduced in 5.10 with commit d58bb7e55a8a and fixed in 5.15.149 with commit 2bb86817b33c
+ Issue introduced in 5.10 with commit d58bb7e55a8a and fixed in 6.1.79 with commit bb44477d4506
+ Issue introduced in 5.10 with commit d58bb7e55a8a and fixed in 6.6.15 with commit 7ebf812b7019
+ Issue introduced in 5.10 with commit d58bb7e55a8a and fixed in 6.7.3 with commit 7abdfd45a650
+ Issue introduced in 5.10 with commit d58bb7e55a8a and fixed in 6.8 with commit ba3c55742030
+
+Please see https://www.kernel.org or a full list of currently supported
+kernel versions by the kernel community.
+
+Unaffected versions might change over time as fixes are backported to
+older supported kernel versions. The official CVE entry at
+ https://cve.org/CVERecord/?id=CVE-2023-52616
+will be updated if fixes are backported, please check that for the most
+up to date information about this issue.
+
+
+Affected files
+==============
+
+The file(s) affected by this issue are:
+ lib/crypto/mpi/ec.c
+
+
+Mitigation
+==========
+
+The Linux kernel CVE team recommends that you update to the latest
+stable kernel version for this, and many other bugfixes. Individual
+changes are never tested alone, but rather are part of a larger kernel
+release. Cherry-picking individual commits is not recommended or
+supported by the Linux kernel community at all. If however, updating to
+the latest release is impossible, the individual changes to resolve this
+issue can be found at these commits:
+ https://git.kernel.org/stable/c/0c3687822259a7628c85cd21a3445cbe3c367165
+ https://git.kernel.org/stable/c/2bb86817b33c9d704e127f92b838035a72c315b6
+ https://git.kernel.org/stable/c/bb44477d4506e52785693a39f03cdc6a2c5e8598
+ https://git.kernel.org/stable/c/7ebf812b7019fd2d4d5a7ca45ef4bf3a6f4bda0a
+ https://git.kernel.org/stable/c/7abdfd45a650c714d5ebab564bb1b988f14d9b49
+ https://git.kernel.org/stable/c/ba3c5574203034781ac4231acf117da917efcd2a
diff --git a/cve/published/2023/CVE-2023-52616.sha1 b/cve/published/2023/CVE-2023-52616.sha1
new file mode 100644
index 00000000..8aa1e44a
--- /dev/null
+++ b/cve/published/2023/CVE-2023-52616.sha1
@@ -0,0 +1 @@
+ba3c5574203034781ac4231acf117da917efcd2a
diff --git a/cve/reserved/2024/CVE-2024-26634 b/cve/published/2024/CVE-2024-26634
index e69de29b..e69de29b 100644
--- a/cve/reserved/2024/CVE-2024-26634
+++ b/cve/published/2024/CVE-2024-26634
diff --git a/cve/published/2024/CVE-2024-26634.json b/cve/published/2024/CVE-2024-26634.json
new file mode 100644
index 00000000..30254dd1
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26634.json
@@ -0,0 +1,108 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix removing a namespace with conflicting altnames\n\nMark reports a BUG() when a net namespace is removed.\n\n kernel BUG at net/core/dev.c:11520!\n\nPhysical interfaces moved outside of init_net get \"refunded\"\nto init_net when that namespace disappears. The main interface\nname may get overwritten in the process if it would have\nconflicted. We need to also discard all conflicting altnames.\nRecent fixes addressed ensuring that altnames get moved\nwith the main interface, which surfaced this problem."
+ }
+ ],
+ "affected": [
+ {
+ "product": "Linux",
+ "vendor": "Linux",
+ "defaultStatus": "unaffected",
+ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+ "versions": [
+ {
+ "version": "673edcffa096",
+ "lessThan": "a2232f29bf52",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "7663d522099e",
+ "lessThan": "e855dded4b70",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "7663d522099e",
+ "lessThan": "8072699aa9e6",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "7663d522099e",
+ "lessThan": "d09486a04f5d",
+ "status": "affected",
+ "versionType": "git"
+ }
+ ]
+ },
+ {
+ "product": "Linux",
+ "vendor": "Linux",
+ "defaultStatus": "affected",
+ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+ "versions": [
+ {
+ "version": "6.1.76",
+ "lessThanOrEqual": "6.1.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.6.15",
+ "lessThanOrEqual": "6.6.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.7.3",
+ "lessThanOrEqual": "6.7.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.8",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://git.kernel.org/stable/c/a2232f29bf52c24f827865b3c90829c44b6c695b"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/e855dded4b70d1975ee7b9fed0c700391e3c8ea6"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/8072699aa9e67d1727692cfb3c347263bb627fb9"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/d09486a04f5da0a812c26217213b89a3b1acf836"
+ }
+ ],
+ "title": "net: fix removing a namespace with conflicting altnames",
+ "x_generator": {
+ "engine": "bippy-8df59b4913de"
+ }
+ }
+ },
+ "cveMetadata": {
+ "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
+ "cveID": "CVE-2024-26634",
+ "requesterUserId": "lee@kernel.org",
+ "serial": "1",
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
diff --git a/cve/published/2024/CVE-2024-26634.mbox b/cve/published/2024/CVE-2024-26634.mbox
new file mode 100644
index 00000000..477d97f4
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26634.mbox
@@ -0,0 +1,83 @@
+From bippy-8df59b4913de Mon Sep 17 00:00:00 2001
+From: Lee Jones <lee@kernel.org>
+To: <linux-cve-announce@vger.kernel.org>
+Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
+Subject: CVE-2024-26634: net: fix removing a namespace with conflicting altnames
+X-Developer-Signature: v=1; a=openpgp-sha256; l=2455; i=lee@kernel.org;
+ h=from:subject; bh=FQyAevjXSuvGEKyiEqO0qtLIE3mDDZilCpK5Tb8S9DY=;
+ b=owEBbQKS/ZANAwAKAVGvii+H/HdhAcsmYgBl+BQjXDAkAzz/WmDTd5tV2AUWoxADR8dSlvyQn
+ 6vhIv2AmR6JAjMEAAEKAB0WIQR2tsk1o74gmpTwh0hRr4ovh/x3YQUCZfgUIwAKCRBRr4ovh/x3
+ YWicEACQi6O2DG3L71ZarWdxoNMPR2WeyjC8bKRl086xrxBeI+56ay8W1dqO8BmBxf33mbBSzQY
+ OSJsbVgJfu88D5gKO3zOn5g+pTaMJh1iqNSaC6ErCMY1r/ZB7ZmmdMmH04AttC53X2F324VezCL
+ yl6fFcyPDAwfAM2wr5xmguVY4SbxWmRj+nAzLWTIlz5LNxadds+RZG4yMUUbHGFJ4Yp6ots+7K9
+ brv2NJjQ0eY1bznMQBzPLeiEUzGNIFG8anC2CGeJ29i0o20LsXD6kyAACG9InLUMh3Zc4jnW7q/
+ i2uIBCkRtmY2dIpTCfXXgwiZw8r76zap/kW7N3fvMjddRZU+BJ08nt67Gcp+QMg8lJZ8pNcnqhy
+ ED/8CitHWeUMicr1TWhDMxG5wKL8dtDVxogegKNaikzv/yT5vQJCC7XQ9IZRknV2wwtTNy0v/fm
+ gCM+p+5uNJrC69wEAwWid+50vCxbsqXy1Q662aiBfGgG0Y1KF1pbOqqUyoM59iQBhwG9X2FmHEn
+ Az2ZF33vVnzudCl3cCpXU9rYglONmkS4MgLP094kWN0tjB8zWAIW/jsdH/IB85XacJoQRHjzh1S
+ 27Gpn4rdNxiu42Xz9pUjyrcwLGVdtsURfvBVGHaO5Vzae5oNqwAgfaM6aYO98HWm+AjtkyFOPg0
+ vpSIn4h/ePz3ibg==
+X-Developer-Key: i=lee@kernel.org; a=openpgp;
+ fpr=76B6C935A3BE209A94F0874851AF8A2F87FC7761
+
+Description
+===========
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+net: fix removing a namespace with conflicting altnames
+
+Mark reports a BUG() when a net namespace is removed.
+
+ kernel BUG at net/core/dev.c:11520!
+
+Physical interfaces moved outside of init_net get "refunded"
+to init_net when that namespace disappears. The main interface
+name may get overwritten in the process if it would have
+conflicted. We need to also discard all conflicting altnames.
+Recent fixes addressed ensuring that altnames get moved
+with the main interface, which surfaced this problem.
+
+The Linux kernel CVE team has assigned CVE-2024-26634 to this issue.
+
+
+Affected and fixed versions
+===========================
+
+ Issue introduced in 6.1.60 with commit 673edcffa096 and fixed in 6.1.76 with commit a2232f29bf52
+ Issue introduced in 6.6 with commit 7663d522099e and fixed in 6.6.15 with commit e855dded4b70
+ Issue introduced in 6.6 with commit 7663d522099e and fixed in 6.7.3 with commit 8072699aa9e6
+ Issue introduced in 6.6 with commit 7663d522099e and fixed in 6.8 with commit d09486a04f5d
+
+Please see https://www.kernel.org or a full list of currently supported
+kernel versions by the kernel community.
+
+Unaffected versions might change over time as fixes are backported to
+older supported kernel versions. The official CVE entry at
+ https://cve.org/CVERecord/?id=CVE-2024-26634
+will be updated if fixes are backported, please check that for the most
+up to date information about this issue.
+
+
+Affected files
+==============
+
+The file(s) affected by this issue are:
+ net/core/dev.c
+ net/core/dev.h
+
+
+Mitigation
+==========
+
+The Linux kernel CVE team recommends that you update to the latest
+stable kernel version for this, and many other bugfixes. Individual
+changes are never tested alone, but rather are part of a larger kernel
+release. Cherry-picking individual commits is not recommended or
+supported by the Linux kernel community at all. If however, updating to
+the latest release is impossible, the individual changes to resolve this
+issue can be found at these commits:
+ https://git.kernel.org/stable/c/a2232f29bf52c24f827865b3c90829c44b6c695b
+ https://git.kernel.org/stable/c/e855dded4b70d1975ee7b9fed0c700391e3c8ea6
+ https://git.kernel.org/stable/c/8072699aa9e67d1727692cfb3c347263bb627fb9
+ https://git.kernel.org/stable/c/d09486a04f5da0a812c26217213b89a3b1acf836
diff --git a/cve/published/2024/CVE-2024-26634.sha1 b/cve/published/2024/CVE-2024-26634.sha1
new file mode 100644
index 00000000..76204662
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26634.sha1
@@ -0,0 +1 @@
+d09486a04f5da0a812c26217213b89a3b1acf836
diff --git a/cve/reserved/2024/CVE-2024-26635 b/cve/published/2024/CVE-2024-26635
index e69de29b..e69de29b 100644
--- a/cve/reserved/2024/CVE-2024-26635
+++ b/cve/published/2024/CVE-2024-26635
diff --git a/cve/published/2024/CVE-2024-26635.json b/cve/published/2024/CVE-2024-26635.json
new file mode 100644
index 00000000..bf82f1ce
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26635.json
@@ -0,0 +1,178 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nllc: Drop support for ETH_P_TR_802_2.\n\nsyzbot reported an uninit-value bug below. [0]\n\nllc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2\n(0x0011), and syzbot abused the latter to trigger the bug.\n\n write$tun(r0, &(0x7f0000000040)={@val={0x0, 0x11}, @val, @mpls={[], @llc={@snap={0xaa, 0x1, ')', \"90e5dd\"}}}}, 0x16)\n\nllc_conn_handler() initialises local variables {saddr,daddr}.mac\nbased on skb in llc_pdu_decode_sa()/llc_pdu_decode_da() and passes\nthem to __llc_lookup().\n\nHowever, the initialisation is done only when skb->protocol is\nhtons(ETH_P_802_2), otherwise, __llc_lookup_established() and\n__llc_lookup_listener() will read garbage.\n\nThe missing initialisation existed prior to commit 211ed865108e\n(\"net: delete all instances of special processing for token ring\").\n\nIt removed the part to kick out the token ring stuff but forgot to\nclose the door allowing ETH_P_TR_802_2 packets to sneak into llc_rcv().\n\nLet's remove llc_tr_packet_type and complete the deprecation.\n\n[0]:\nBUG: KMSAN: uninit-value in __llc_lookup_established+0xe9d/0xf90\n __llc_lookup_established+0xe9d/0xf90\n __llc_lookup net/llc/llc_conn.c:611 [inline]\n llc_conn_handler+0x4bd/0x1360 net/llc/llc_conn.c:791\n llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206\n __netif_receive_skb_one_core net/core/dev.c:5527 [inline]\n __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5641\n netif_receive_skb_internal net/core/dev.c:5727 [inline]\n netif_receive_skb+0x58/0x660 net/core/dev.c:5786\n tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555\n tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n call_write_iter include/linux/fs.h:2020 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x8ef/0x1490 fs/read_write.c:584\n ksys_write+0x20f/0x4c0 fs/read_write.c:637\n __do_sys_write fs/read_write.c:649 [inline]\n __se_sys_write fs/read_write.c:646 [inline]\n __x64_sys_write+0x93/0xd0 fs/read_write.c:646\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nLocal variable daddr created at:\n llc_conn_handler+0x53/0x1360 net/llc/llc_conn.c:783\n llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206\n\nCPU: 1 PID: 5004 Comm: syz-executor994 Not tainted 6.6.0-syzkaller-14500-g1c41041124bd #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023"
+ }
+ ],
+ "affected": [
+ {
+ "product": "Linux",
+ "vendor": "Linux",
+ "defaultStatus": "unaffected",
+ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+ "versions": [
+ {
+ "version": "211ed865108e",
+ "lessThan": "165ad1e22779",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "211ed865108e",
+ "lessThan": "b8e8838f82f3",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "211ed865108e",
+ "lessThan": "9ccdef19cf94",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "211ed865108e",
+ "lessThan": "c0fe2fe7a5a2",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "211ed865108e",
+ "lessThan": "660c3053d992",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "211ed865108e",
+ "lessThan": "f1f34a515fb1",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "211ed865108e",
+ "lessThan": "df57fc2f2abf",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "211ed865108e",
+ "lessThan": "e3f9bed9bee2",
+ "status": "affected",
+ "versionType": "git"
+ }
+ ]
+ },
+ {
+ "product": "Linux",
+ "vendor": "Linux",
+ "defaultStatus": "affected",
+ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+ "versions": [
+ {
+ "version": "3.5",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "3.5",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "4.19.307",
+ "lessThanOrEqual": "4.19.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.4.269",
+ "lessThanOrEqual": "5.4.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.10.210",
+ "lessThanOrEqual": "5.10.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.15.149",
+ "lessThanOrEqual": "5.15.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.1.76",
+ "lessThanOrEqual": "6.1.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.6.15",
+ "lessThanOrEqual": "6.6.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.7.3",
+ "lessThanOrEqual": "6.7.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.8",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://git.kernel.org/stable/c/165ad1e22779685c3ed3dd349c6c4c632309cc62"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/b8e8838f82f332ae80c643dbb1ca4418d0628097"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/9ccdef19cf9497c2803b005369668feb91cacdfd"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/c0fe2fe7a5a291dfcf6dc64301732c8d3dc6a828"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/660c3053d992b68fee893a0e9ec9159228cffdc6"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/f1f34a515fb1e25e85dee94f781e7869ae351fb8"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/df57fc2f2abf548aa889a36ab0bdcc94a75399dc"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/e3f9bed9bee261e3347131764e42aeedf1ffea61"
+ }
+ ],
+ "title": "llc: Drop support for ETH_P_TR_802_2.",
+ "x_generator": {
+ "engine": "bippy-8df59b4913de"
+ }
+ }
+ },
+ "cveMetadata": {
+ "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
+ "cveID": "CVE-2024-26635",
+ "requesterUserId": "lee@kernel.org",
+ "serial": "1",
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
diff --git a/cve/published/2024/CVE-2024-26635.mbox b/cve/published/2024/CVE-2024-26635.mbox
new file mode 100644
index 00000000..76f6a784
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26635.mbox
@@ -0,0 +1,134 @@
+From bippy-8df59b4913de Mon Sep 17 00:00:00 2001
+From: Lee Jones <lee@kernel.org>
+To: <linux-cve-announce@vger.kernel.org>
+Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
+Subject: CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2.
+X-Developer-Signature: v=1; a=openpgp-sha256; l=5100; i=lee@kernel.org;
+ h=from:subject; bh=gU6nqW41Uop8Ie712h6bQSjVaTTdenqnYr/T91p/TIU=;
+ b=owEBbQKS/ZANAwAKAVGvii+H/HdhAcsmYgBl+BQjYpATKzX6eAEUSOUG8ry0mYhQzYbi8Qbw6
+ DhoZfr72NCJAjMEAAEKAB0WIQR2tsk1o74gmpTwh0hRr4ovh/x3YQUCZfgUIwAKCRBRr4ovh/x3
+ YWy+D/98ROAOdoF5oDlMPdSd+quWvYQ/3tgtLNAZxvLmMrcV+PJT316jRpIsgTVWdjIZbqtxWWL
+ OvDgzzBjEoIW2PS8iGImwFGnSsPirTfG2wfz/w6xAgzrDd4lp/WZYyfzZnTTE8SAYmlkrKJunx5
+ Fe7eYXnxt6cMe9rpoeGBN84KOxugzzh3CmThJG2YwsWRV5VZ7AllFmaL/oRvcED0sljSYoGDF4d
+ pnGZQ5wlS6Rzyr9MLv+uXTazjnlLJ76l0LIkUog6vjB7vmCMyTlfLJB5XsTC6BMZ50zZJVAVdkb
+ NAof5SD0X8yivZFH+KlAup36KP8xBh+cBzQePQYswthSSbgKhYZhADprJjxz83I797MoflAUt0N
+ qam52zsaBlOmtBIJCgLGcBXJP2u0am4aJZNxIJ+Wb3X3FJ4zCpNXMirE1DYe7SpQxBKxrcn0zTW
+ swpi2fIcToC3awp8GMYtDpXdSblglj1RGHZc82GrKZ5gBKB5FN9mggx1DNTbqhXGBF8pQ/4bpKa
+ raNb8LvDEwHupax8tsIo6eCEyI9krXLhfFqY1ig2emq4YF+cjMdcq3CzE79qbGN3k2dzBZ7uOPr
+ 7QyRMcc6rCo0AxSYCxs3thGcJ/HJuP4ZsR1fmF7cQk05HpW3HDZRgEHsRthLYclhOIC1SyroXQ2
+ kQjpSkyj5BrP2Og==
+X-Developer-Key: i=lee@kernel.org; a=openpgp;
+ fpr=76B6C935A3BE209A94F0874851AF8A2F87FC7761
+
+Description
+===========
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+llc: Drop support for ETH_P_TR_802_2.
+
+syzbot reported an uninit-value bug below. [0]
+
+llc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2
+(0x0011), and syzbot abused the latter to trigger the bug.
+
+ write$tun(r0, &(0x7f0000000040)={@val={0x0, 0x11}, @val, @mpls={[], @llc={@snap={0xaa, 0x1, ')', "90e5dd"}}}}, 0x16)
+
+llc_conn_handler() initialises local variables {saddr,daddr}.mac
+based on skb in llc_pdu_decode_sa()/llc_pdu_decode_da() and passes
+them to __llc_lookup().
+
+However, the initialisation is done only when skb->protocol is
+htons(ETH_P_802_2), otherwise, __llc_lookup_established() and
+__llc_lookup_listener() will read garbage.
+
+The missing initialisation existed prior to commit 211ed865108e
+("net: delete all instances of special processing for token ring").
+
+It removed the part to kick out the token ring stuff but forgot to
+close the door allowing ETH_P_TR_802_2 packets to sneak into llc_rcv().
+
+Let's remove llc_tr_packet_type and complete the deprecation.
+
+[0]:
+BUG: KMSAN: uninit-value in __llc_lookup_established+0xe9d/0xf90
+ __llc_lookup_established+0xe9d/0xf90
+ __llc_lookup net/llc/llc_conn.c:611 [inline]
+ llc_conn_handler+0x4bd/0x1360 net/llc/llc_conn.c:791
+ llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206
+ __netif_receive_skb_one_core net/core/dev.c:5527 [inline]
+ __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5641
+ netif_receive_skb_internal net/core/dev.c:5727 [inline]
+ netif_receive_skb+0x58/0x660 net/core/dev.c:5786
+ tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555
+ tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002
+ tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048
+ call_write_iter include/linux/fs.h:2020 [inline]
+ new_sync_write fs/read_write.c:491 [inline]
+ vfs_write+0x8ef/0x1490 fs/read_write.c:584
+ ksys_write+0x20f/0x4c0 fs/read_write.c:637
+ __do_sys_write fs/read_write.c:649 [inline]
+ __se_sys_write fs/read_write.c:646 [inline]
+ __x64_sys_write+0x93/0xd0 fs/read_write.c:646
+ do_syscall_x64 arch/x86/entry/common.c:51 [inline]
+ do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
+ entry_SYSCALL_64_after_hwframe+0x63/0x6b
+
+Local variable daddr created at:
+ llc_conn_handler+0x53/0x1360 net/llc/llc_conn.c:783
+ llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206
+
+CPU: 1 PID: 5004 Comm: syz-executor994 Not tainted 6.6.0-syzkaller-14500-g1c41041124bd #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
+
+The Linux kernel CVE team has assigned CVE-2024-26635 to this issue.
+
+
+Affected and fixed versions
+===========================
+
+ Issue introduced in 3.5 with commit 211ed865108e and fixed in 4.19.307 with commit 165ad1e22779
+ Issue introduced in 3.5 with commit 211ed865108e and fixed in 5.4.269 with commit b8e8838f82f3
+ Issue introduced in 3.5 with commit 211ed865108e and fixed in 5.10.210 with commit 9ccdef19cf94
+ Issue introduced in 3.5 with commit 211ed865108e and fixed in 5.15.149 with commit c0fe2fe7a5a2
+ Issue introduced in 3.5 with commit 211ed865108e and fixed in 6.1.76 with commit 660c3053d992
+ Issue introduced in 3.5 with commit 211ed865108e and fixed in 6.6.15 with commit f1f34a515fb1
+ Issue introduced in 3.5 with commit 211ed865108e and fixed in 6.7.3 with commit df57fc2f2abf
+ Issue introduced in 3.5 with commit 211ed865108e and fixed in 6.8 with commit e3f9bed9bee2
+
+Please see https://www.kernel.org or a full list of currently supported
+kernel versions by the kernel community.
+
+Unaffected versions might change over time as fixes are backported to
+older supported kernel versions. The official CVE entry at
+ https://cve.org/CVERecord/?id=CVE-2024-26635
+will be updated if fixes are backported, please check that for the most
+up to date information about this issue.
+
+
+Affected files
+==============
+
+The file(s) affected by this issue are:
+ include/net/llc_pdu.h
+ net/llc/llc_core.c
+
+
+Mitigation
+==========
+
+The Linux kernel CVE team recommends that you update to the latest
+stable kernel version for this, and many other bugfixes. Individual
+changes are never tested alone, but rather are part of a larger kernel
+release. Cherry-picking individual commits is not recommended or
+supported by the Linux kernel community at all. If however, updating to
+the latest release is impossible, the individual changes to resolve this
+issue can be found at these commits:
+ https://git.kernel.org/stable/c/165ad1e22779685c3ed3dd349c6c4c632309cc62
+ https://git.kernel.org/stable/c/b8e8838f82f332ae80c643dbb1ca4418d0628097
+ https://git.kernel.org/stable/c/9ccdef19cf9497c2803b005369668feb91cacdfd
+ https://git.kernel.org/stable/c/c0fe2fe7a5a291dfcf6dc64301732c8d3dc6a828
+ https://git.kernel.org/stable/c/660c3053d992b68fee893a0e9ec9159228cffdc6
+ https://git.kernel.org/stable/c/f1f34a515fb1e25e85dee94f781e7869ae351fb8
+ https://git.kernel.org/stable/c/df57fc2f2abf548aa889a36ab0bdcc94a75399dc
+ https://git.kernel.org/stable/c/e3f9bed9bee261e3347131764e42aeedf1ffea61
diff --git a/cve/published/2024/CVE-2024-26635.sha1 b/cve/published/2024/CVE-2024-26635.sha1
new file mode 100644
index 00000000..c1834d4f
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26635.sha1
@@ -0,0 +1 @@
+e3f9bed9bee261e3347131764e42aeedf1ffea61
diff --git a/cve/reserved/2024/CVE-2024-26636 b/cve/published/2024/CVE-2024-26636
index e69de29b..e69de29b 100644
--- a/cve/reserved/2024/CVE-2024-26636
+++ b/cve/published/2024/CVE-2024-26636
diff --git a/cve/published/2024/CVE-2024-26636.json b/cve/published/2024/CVE-2024-26636.json
new file mode 100644
index 00000000..0665d285
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26636.json
@@ -0,0 +1,178 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nllc: make llc_ui_sendmsg() more robust against bonding changes\n\nsyzbot was able to trick llc_ui_sendmsg(), allocating an skb with no\nheadroom, but subsequently trying to push 14 bytes of Ethernet header [1]\n\nLike some others, llc_ui_sendmsg() releases the socket lock before\ncalling sock_alloc_send_skb().\nThen it acquires it again, but does not redo all the sanity checks\nthat were performed.\n\nThis fix:\n\n- Uses LL_RESERVED_SPACE() to reserve space.\n- Check all conditions again after socket lock is held again.\n- Do not account Ethernet header for mtu limitation.\n\n[1]\n\nskbuff: skb_under_panic: text:ffff800088baa334 len:1514 put:14 head:ffff0000c9c37000 data:ffff0000c9c36ff2 tail:0x5dc end:0x6c0 dev:bond0\n\n kernel BUG at net/core/skbuff.c:193 !\nInternal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\nModules linked in:\nCPU: 0 PID: 6875 Comm: syz-executor.0 Not tainted 6.7.0-rc8-syzkaller-00101-g0802e17d9aca-dirty #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : skb_panic net/core/skbuff.c:189 [inline]\n pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\n lr : skb_panic net/core/skbuff.c:189 [inline]\n lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\nsp : ffff800096f97000\nx29: ffff800096f97010 x28: ffff80008cc8d668 x27: dfff800000000000\nx26: ffff0000cb970c90 x25: 00000000000005dc x24: ffff0000c9c36ff2\nx23: ffff0000c9c37000 x22: 00000000000005ea x21: 00000000000006c0\nx20: 000000000000000e x19: ffff800088baa334 x18: 1fffe000368261ce\nx17: ffff80008e4ed000 x16: ffff80008a8310f8 x15: 0000000000000001\nx14: 1ffff00012df2d58 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000001 x10: 0000000000ff0100 x9 : e28a51f1087e8400\nx8 : e28a51f1087e8400 x7 : ffff80008028f8d0 x6 : 0000000000000000\nx5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff800082b78714\nx2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000089\nCall trace:\n skb_panic net/core/skbuff.c:189 [inline]\n skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\n skb_push+0xf0/0x108 net/core/skbuff.c:2451\n eth_header+0x44/0x1f8 net/ethernet/eth.c:83\n dev_hard_header include/linux/netdevice.h:3188 [inline]\n llc_mac_hdr_init+0x110/0x17c net/llc/llc_output.c:33\n llc_sap_action_send_xid_c+0x170/0x344 net/llc/llc_s_ac.c:85\n llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline]\n llc_sap_next_state net/llc/llc_sap.c:182 [inline]\n llc_sap_state_process+0x1ec/0x774 net/llc/llc_sap.c:209\n llc_build_and_send_xid_pkt+0x12c/0x1c0 net/llc/llc_sap.c:270\n llc_ui_sendmsg+0x7bc/0xb1c net/llc/af_llc.c:997\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_sendmsg+0x194/0x274 net/socket.c:767\n splice_to_socket+0x7cc/0xd58 fs/splice.c:881\n do_splice_from fs/splice.c:933 [inline]\n direct_splice_actor+0xe4/0x1c0 fs/splice.c:1142\n splice_direct_to_actor+0x2a0/0x7e4 fs/splice.c:1088\n do_splice_direct+0x20c/0x348 fs/splice.c:1194\n do_sendfile+0x4bc/0xc70 fs/read_write.c:1254\n __do_sys_sendfile64 fs/read_write.c:1322 [inline]\n __se_sys_sendfile64 fs/read_write.c:1308 [inline]\n __arm64_sys_sendfile64+0x160/0x3b4 fs/read_write.c:1308\n __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155\n el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595\nCode: aa1803e6 aa1903e7 a90023f5 94792f6a (d4210000)"
+ }
+ ],
+ "affected": [
+ {
+ "product": "Linux",
+ "vendor": "Linux",
+ "defaultStatus": "unaffected",
+ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+ "versions": [
+ {
+ "version": "1da177e4c3f4",
+ "lessThan": "84e9d10419f6",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "1da177e4c3f4",
+ "lessThan": "b643d0defcba",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "1da177e4c3f4",
+ "lessThan": "04f2a74b562f",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "1da177e4c3f4",
+ "lessThan": "c22044270da6",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "1da177e4c3f4",
+ "lessThan": "6d53b813ff8b",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "1da177e4c3f4",
+ "lessThan": "cafd3ad3fe03",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "1da177e4c3f4",
+ "lessThan": "c451c008f563",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "1da177e4c3f4",
+ "lessThan": "dad555c816a5",
+ "status": "affected",
+ "versionType": "git"
+ }
+ ]
+ },
+ {
+ "product": "Linux",
+ "vendor": "Linux",
+ "defaultStatus": "affected",
+ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+ "versions": [
+ {
+ "version": "2.6.12",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "2.6.12",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "4.19.307",
+ "lessThanOrEqual": "4.19.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.4.269",
+ "lessThanOrEqual": "5.4.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.10.210",
+ "lessThanOrEqual": "5.10.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.15.149",
+ "lessThanOrEqual": "5.15.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.1.76",
+ "lessThanOrEqual": "6.1.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.6.15",
+ "lessThanOrEqual": "6.6.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.7.3",
+ "lessThanOrEqual": "6.7.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.8",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://git.kernel.org/stable/c/84e9d10419f6f4f3f3cd8f9aaf44a48719aa4b1b"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/b643d0defcbacd7fe548bc65c3e4e6f17dc5eb2d"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/04f2a74b562f3a7498be0399309669f342793d8c"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/c22044270da68881074fda81a7d34812726cb249"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/6d53b813ff8b177f86f149c2f744442681f720e4"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/cafd3ad3fe03ef4d6632747be9ee15dc0029db4b"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/c451c008f563d56d5e676c9dcafae565fcad84bb"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/dad555c816a50c6a6a8a86be1f9177673918c647"
+ }
+ ],
+ "title": "llc: make llc_ui_sendmsg() more robust against bonding changes",
+ "x_generator": {
+ "engine": "bippy-8df59b4913de"
+ }
+ }
+ },
+ "cveMetadata": {
+ "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
+ "cveID": "CVE-2024-26636",
+ "requesterUserId": "lee@kernel.org",
+ "serial": "1",
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
diff --git a/cve/published/2024/CVE-2024-26636.mbox b/cve/published/2024/CVE-2024-26636.mbox
new file mode 100644
index 00000000..e020b034
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26636.mbox
@@ -0,0 +1,152 @@
+From bippy-8df59b4913de Mon Sep 17 00:00:00 2001
+From: Lee Jones <lee@kernel.org>
+To: <linux-cve-announce@vger.kernel.org>
+Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
+Subject: CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes
+X-Developer-Signature: v=1; a=openpgp-sha256; l=6392; i=lee@kernel.org;
+ h=from:subject; bh=9oQLmemMyMSDZhlIrFy7aMzRxWWw1mompIN4G7VADoE=;
+ b=owEBbQKS/ZANAwAKAVGvii+H/HdhAcsmYgBl+BQjlUe/WtVrDnHtnqmX9ZT5VTY3xpFKQdfgs
+ GqHjVpDd7+JAjMEAAEKAB0WIQR2tsk1o74gmpTwh0hRr4ovh/x3YQUCZfgUIwAKCRBRr4ovh/x3
+ YfkAD/9M/wZ/wLK8gNXIrlWV9I8DsrBYwtcebAIdS4CJVGm77uWoTmMsrbODZWArBonzes53u7k
+ lKjlkf7BnGW/RSBUldFXSdjWYpKxLAw2O6kHqehYReIhJJ5dW3r8zfaOw3QsAXBW9cFXuC5PsBH
+ u1mo1T3VkImsmI+jsko3IsOumZDq7lmpSassfKOSROvuECTZGIAdilPhYHEi+6URJWPnxv2ulsr
+ tVofJ+tzTn3iclO0b5suzaZEhHUtURuFVNEt3xAhtXsXIlrGnCDRxSZd9bReSjXeIv4/SZy94Nk
+ LPKRf7MAVO1ZIdjdhk8IpLbrOpP+DrTvvTxdwaPX4ZUXZo5nszCpPDgvTWe9bsKuv5cB4PTlP4e
+ xyRsMm+Jz2klJQtHCcKMRCPBO3BeR//e5rCS5bBYcNMFkVHXvow6TwjcyPvhFCQmbEMu0webH5s
+ 3HEjmxNcpRjFH78sxCCu53P+r6TKnkkZZ1e2KhVvi6HbdR3g6lyjN3tku4k+oWVBBwXqZXg6Ja5
+ yqt0/ouUl8IYQ40c0cJDaxVN2mt/yym8sqLFLlDnecYLgJH+sn1TEO4HsK34qVPgiPpgipJ6+em
+ c0cm4dFh9O7QcGB4sAG02RThoovwTRrjHD8u58tlKkR0K/MUn5EqCmSPPqNwh+7sSkZABEboHtM
+ bZ0kdyPxUnX71Hg==
+X-Developer-Key: i=lee@kernel.org; a=openpgp;
+ fpr=76B6C935A3BE209A94F0874851AF8A2F87FC7761
+
+Description
+===========
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+llc: make llc_ui_sendmsg() more robust against bonding changes
+
+syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no
+headroom, but subsequently trying to push 14 bytes of Ethernet header [1]
+
+Like some others, llc_ui_sendmsg() releases the socket lock before
+calling sock_alloc_send_skb().
+Then it acquires it again, but does not redo all the sanity checks
+that were performed.
+
+This fix:
+
+- Uses LL_RESERVED_SPACE() to reserve space.
+- Check all conditions again after socket lock is held again.
+- Do not account Ethernet header for mtu limitation.
+
+[1]
+
+skbuff: skb_under_panic: text:ffff800088baa334 len:1514 put:14 head:ffff0000c9c37000 data:ffff0000c9c36ff2 tail:0x5dc end:0x6c0 dev:bond0
+
+ kernel BUG at net/core/skbuff.c:193 !
+Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
+Modules linked in:
+CPU: 0 PID: 6875 Comm: syz-executor.0 Not tainted 6.7.0-rc8-syzkaller-00101-g0802e17d9aca-dirty #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
+pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
+ pc : skb_panic net/core/skbuff.c:189 [inline]
+ pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203
+ lr : skb_panic net/core/skbuff.c:189 [inline]
+ lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203
+sp : ffff800096f97000
+x29: ffff800096f97010 x28: ffff80008cc8d668 x27: dfff800000000000
+x26: ffff0000cb970c90 x25: 00000000000005dc x24: ffff0000c9c36ff2
+x23: ffff0000c9c37000 x22: 00000000000005ea x21: 00000000000006c0
+x20: 000000000000000e x19: ffff800088baa334 x18: 1fffe000368261ce
+x17: ffff80008e4ed000 x16: ffff80008a8310f8 x15: 0000000000000001
+x14: 1ffff00012df2d58 x13: 0000000000000000 x12: 0000000000000000
+x11: 0000000000000001 x10: 0000000000ff0100 x9 : e28a51f1087e8400
+x8 : e28a51f1087e8400 x7 : ffff80008028f8d0 x6 : 0000000000000000
+x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff800082b78714
+x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000089
+Call trace:
+ skb_panic net/core/skbuff.c:189 [inline]
+ skb_under_panic+0x13c/0x140 net/core/skbuff.c:203
+ skb_push+0xf0/0x108 net/core/skbuff.c:2451
+ eth_header+0x44/0x1f8 net/ethernet/eth.c:83
+ dev_hard_header include/linux/netdevice.h:3188 [inline]
+ llc_mac_hdr_init+0x110/0x17c net/llc/llc_output.c:33
+ llc_sap_action_send_xid_c+0x170/0x344 net/llc/llc_s_ac.c:85
+ llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline]
+ llc_sap_next_state net/llc/llc_sap.c:182 [inline]
+ llc_sap_state_process+0x1ec/0x774 net/llc/llc_sap.c:209
+ llc_build_and_send_xid_pkt+0x12c/0x1c0 net/llc/llc_sap.c:270
+ llc_ui_sendmsg+0x7bc/0xb1c net/llc/af_llc.c:997
+ sock_sendmsg_nosec net/socket.c:730 [inline]
+ __sock_sendmsg net/socket.c:745 [inline]
+ sock_sendmsg+0x194/0x274 net/socket.c:767
+ splice_to_socket+0x7cc/0xd58 fs/splice.c:881
+ do_splice_from fs/splice.c:933 [inline]
+ direct_splice_actor+0xe4/0x1c0 fs/splice.c:1142
+ splice_direct_to_actor+0x2a0/0x7e4 fs/splice.c:1088
+ do_splice_direct+0x20c/0x348 fs/splice.c:1194
+ do_sendfile+0x4bc/0xc70 fs/read_write.c:1254
+ __do_sys_sendfile64 fs/read_write.c:1322 [inline]
+ __se_sys_sendfile64 fs/read_write.c:1308 [inline]
+ __arm64_sys_sendfile64+0x160/0x3b4 fs/read_write.c:1308
+ __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
+ invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51
+ el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136
+ do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155
+ el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678
+ el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696
+ el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595
+Code: aa1803e6 aa1903e7 a90023f5 94792f6a (d4210000)
+
+The Linux kernel CVE team has assigned CVE-2024-26636 to this issue.
+
+
+Affected and fixed versions
+===========================
+
+ Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 4.19.307 with commit 84e9d10419f6
+ Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 5.4.269 with commit b643d0defcba
+ Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 5.10.210 with commit 04f2a74b562f
+ Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 5.15.149 with commit c22044270da6
+ Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 6.1.76 with commit 6d53b813ff8b
+ Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 6.6.15 with commit cafd3ad3fe03
+ Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 6.7.3 with commit c451c008f563
+ Issue introduced in 2.6.12 with commit 1da177e4c3f4 and fixed in 6.8 with commit dad555c816a5
+
+Please see https://www.kernel.org or a full list of currently supported
+kernel versions by the kernel community.
+
+Unaffected versions might change over time as fixes are backported to
+older supported kernel versions. The official CVE entry at
+ https://cve.org/CVERecord/?id=CVE-2024-26636
+will be updated if fixes are backported, please check that for the most
+up to date information about this issue.
+
+
+Affected files
+==============
+
+The file(s) affected by this issue are:
+ net/llc/af_llc.c
+
+
+Mitigation
+==========
+
+The Linux kernel CVE team recommends that you update to the latest
+stable kernel version for this, and many other bugfixes. Individual
+changes are never tested alone, but rather are part of a larger kernel
+release. Cherry-picking individual commits is not recommended or
+supported by the Linux kernel community at all. If however, updating to
+the latest release is impossible, the individual changes to resolve this
+issue can be found at these commits:
+ https://git.kernel.org/stable/c/84e9d10419f6f4f3f3cd8f9aaf44a48719aa4b1b
+ https://git.kernel.org/stable/c/b643d0defcbacd7fe548bc65c3e4e6f17dc5eb2d
+ https://git.kernel.org/stable/c/04f2a74b562f3a7498be0399309669f342793d8c
+ https://git.kernel.org/stable/c/c22044270da68881074fda81a7d34812726cb249
+ https://git.kernel.org/stable/c/6d53b813ff8b177f86f149c2f744442681f720e4
+ https://git.kernel.org/stable/c/cafd3ad3fe03ef4d6632747be9ee15dc0029db4b
+ https://git.kernel.org/stable/c/c451c008f563d56d5e676c9dcafae565fcad84bb
+ https://git.kernel.org/stable/c/dad555c816a50c6a6a8a86be1f9177673918c647
diff --git a/cve/published/2024/CVE-2024-26636.sha1 b/cve/published/2024/CVE-2024-26636.sha1
new file mode 100644
index 00000000..06896135
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26636.sha1
@@ -0,0 +1 @@
+dad555c816a50c6a6a8a86be1f9177673918c647
diff --git a/cve/reserved/2024/CVE-2024-26637 b/cve/published/2024/CVE-2024-26637
index e69de29b..e69de29b 100644
--- a/cve/reserved/2024/CVE-2024-26637
+++ b/cve/published/2024/CVE-2024-26637
diff --git a/cve/published/2024/CVE-2024-26637.json b/cve/published/2024/CVE-2024-26637.json
new file mode 100644
index 00000000..93acf92c
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26637.json
@@ -0,0 +1,88 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: rely on mac80211 debugfs handling for vif\n\nmac80211 started to delete debugfs entries in certain cases, causing a\nath11k to crash when it tried to delete the entries later. Fix this by\nrelying on mac80211 to delete the entries when appropriate and adding\nthem from the vif_add_debugfs handler."
+ }
+ ],
+ "affected": [
+ {
+ "product": "Linux",
+ "vendor": "Linux",
+ "defaultStatus": "unaffected",
+ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+ "versions": [
+ {
+ "version": "0a3d898ee9a8",
+ "lessThan": "aa74ce30a8a4",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "0a3d898ee9a8",
+ "lessThan": "556857aa1d08",
+ "status": "affected",
+ "versionType": "git"
+ }
+ ]
+ },
+ {
+ "product": "Linux",
+ "vendor": "Linux",
+ "defaultStatus": "affected",
+ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+ "versions": [
+ {
+ "version": "6.7",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "6.7",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.7.3",
+ "lessThanOrEqual": "6.7.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.8",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://git.kernel.org/stable/c/aa74ce30a8a40d19a4256de4ae5322e71344a274"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/556857aa1d0855aba02b1c63bc52b91ec63fc2cc"
+ }
+ ],
+ "title": "wifi: ath11k: rely on mac80211 debugfs handling for vif",
+ "x_generator": {
+ "engine": "bippy-8df59b4913de"
+ }
+ }
+ },
+ "cveMetadata": {
+ "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
+ "cveID": "CVE-2024-26637",
+ "requesterUserId": "lee@kernel.org",
+ "serial": "1",
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
diff --git a/cve/published/2024/CVE-2024-26637.mbox b/cve/published/2024/CVE-2024-26637.mbox
new file mode 100644
index 00000000..62c03dff
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26637.mbox
@@ -0,0 +1,75 @@
+From bippy-8df59b4913de Mon Sep 17 00:00:00 2001
+From: Lee Jones <lee@kernel.org>
+To: <linux-cve-announce@vger.kernel.org>
+Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
+Subject: CVE-2024-26637: wifi: ath11k: rely on mac80211 debugfs handling for vif
+X-Developer-Signature: v=1; a=openpgp-sha256; l=2041; i=lee@kernel.org;
+ h=from:subject; bh=yeK0oL0BMQPns3xhVC/mWyaPD3Mbc4tfVxsdUA9gXzc=;
+ b=owEBbQKS/ZANAwAKAVGvii+H/HdhAcsmYgBl+BQjeZ9/daVDihmY1pQZYWCf44FrU4l0NGNX8
+ xEqLkYEbd2JAjMEAAEKAB0WIQR2tsk1o74gmpTwh0hRr4ovh/x3YQUCZfgUIwAKCRBRr4ovh/x3
+ YVYOD/9eBaxerY/5GMlcfLVtCYV7a48qVKtBoVP2xWY8Kwv4EVPLXXo+rWVN1Ix75uZ2za4kzC4
+ zZcyCk3leFGVqcfNqcx43/xGp/+cIHW49bywzKgOrIAegmMtQx14W6PRpr9PaEeAHJGKn2Vgon3
+ xgn1zZk4NIMQDkdUUKWMXs5hi8Je7mURx2nMLBZVjhPbobg26XEybutJm/5dbUtLdd5c2Ni7nbP
+ NDz7RK34qJaKOOtcwzqDsyr0Bo9whFx+TPc4XuGqPOlEwHnJ6LDlZSWWIksUs6V1b2Z63G/vvUZ
+ UkguUxnDvp+lDx0/JOzCDBU8wOInez0JA6H6J7BPyNsdQ/Nslt4HqVedry3gUMWqc24yCvOX6gc
+ 0jiNmbg96M11yBVwg7kgNZIfMYuLD56USQ/OIJW4lHus5gyqH4FzL9mppmgDStAMAHaNmuFu/Ra
+ FeQcvD9P+n6EKL1IcCamXEJMT40MAVoffbhxFMpRi97psJBzZsNRFUkwQsWU0/v1aqAlxiHrurx
+ 4VFhs9dsd9BTtC/TRz5KzbVYPtCeGSq3DPBczUInaQ1K7or6s61mn6ETaVTCIvki+nDUVFXjRab
+ jlSccOgMo59BOstnYeD+AdQXwj3SAZWgixad0ZMJTPIN5nag7YGUNA7RumPRv6TZrJ8yOjtzgzs
+ n7Pmb2CZsVHJJFg==
+X-Developer-Key: i=lee@kernel.org; a=openpgp;
+ fpr=76B6C935A3BE209A94F0874851AF8A2F87FC7761
+
+Description
+===========
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+wifi: ath11k: rely on mac80211 debugfs handling for vif
+
+mac80211 started to delete debugfs entries in certain cases, causing a
+ath11k to crash when it tried to delete the entries later. Fix this by
+relying on mac80211 to delete the entries when appropriate and adding
+them from the vif_add_debugfs handler.
+
+The Linux kernel CVE team has assigned CVE-2024-26637 to this issue.
+
+
+Affected and fixed versions
+===========================
+
+ Issue introduced in 6.7 with commit 0a3d898ee9a8 and fixed in 6.7.3 with commit aa74ce30a8a4
+ Issue introduced in 6.7 with commit 0a3d898ee9a8 and fixed in 6.8 with commit 556857aa1d08
+
+Please see https://www.kernel.org or a full list of currently supported
+kernel versions by the kernel community.
+
+Unaffected versions might change over time as fixes are backported to
+older supported kernel versions. The official CVE entry at
+ https://cve.org/CVERecord/?id=CVE-2024-26637
+will be updated if fixes are backported, please check that for the most
+up to date information about this issue.
+
+
+Affected files
+==============
+
+The file(s) affected by this issue are:
+ drivers/net/wireless/ath/ath11k/core.h
+ drivers/net/wireless/ath/ath11k/debugfs.c
+ drivers/net/wireless/ath/ath11k/debugfs.h
+ drivers/net/wireless/ath/ath11k/mac.c
+
+
+Mitigation
+==========
+
+The Linux kernel CVE team recommends that you update to the latest
+stable kernel version for this, and many other bugfixes. Individual
+changes are never tested alone, but rather are part of a larger kernel
+release. Cherry-picking individual commits is not recommended or
+supported by the Linux kernel community at all. If however, updating to
+the latest release is impossible, the individual changes to resolve this
+issue can be found at these commits:
+ https://git.kernel.org/stable/c/aa74ce30a8a40d19a4256de4ae5322e71344a274
+ https://git.kernel.org/stable/c/556857aa1d0855aba02b1c63bc52b91ec63fc2cc
diff --git a/cve/published/2024/CVE-2024-26637.sha1 b/cve/published/2024/CVE-2024-26637.sha1
new file mode 100644
index 00000000..14e7351d
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26637.sha1
@@ -0,0 +1 @@
+556857aa1d0855aba02b1c63bc52b91ec63fc2cc
diff --git a/cve/reserved/2024/CVE-2024-26638 b/cve/published/2024/CVE-2024-26638
index e69de29b..e69de29b 100644
--- a/cve/reserved/2024/CVE-2024-26638
+++ b/cve/published/2024/CVE-2024-26638
diff --git a/cve/published/2024/CVE-2024-26638.json b/cve/published/2024/CVE-2024-26638.json
new file mode 100644
index 00000000..f6dfe14a
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26638.json
@@ -0,0 +1,118 @@
+{
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: always initialize struct msghdr completely\n\nsyzbot complains that msg->msg_get_inq value can be uninitialized [1]\n\nstruct msghdr got many new fields recently, we should always make\nsure their values is zero by default.\n\n[1]\n BUG: KMSAN: uninit-value in tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571\n tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571\n inet_recvmsg+0x131/0x580 net/ipv4/af_inet.c:879\n sock_recvmsg_nosec net/socket.c:1044 [inline]\n sock_recvmsg+0x12b/0x1e0 net/socket.c:1066\n __sock_xmit+0x236/0x5c0 drivers/block/nbd.c:538\n nbd_read_reply drivers/block/nbd.c:732 [inline]\n recv_work+0x262/0x3100 drivers/block/nbd.c:863\n process_one_work kernel/workqueue.c:2627 [inline]\n process_scheduled_works+0x104e/0x1e70 kernel/workqueue.c:2700\n worker_thread+0xf45/0x1490 kernel/workqueue.c:2781\n kthread+0x3ed/0x540 kernel/kthread.c:388\n ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242\n\nLocal variable msg created at:\n __sock_xmit+0x4c/0x5c0 drivers/block/nbd.c:513\n nbd_read_reply drivers/block/nbd.c:732 [inline]\n recv_work+0x262/0x3100 drivers/block/nbd.c:863\n\nCPU: 1 PID: 7465 Comm: kworker/u5:1 Not tainted 6.7.0-rc7-syzkaller-00041-gf016f7547aee #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\nWorkqueue: nbd5-recv recv_work"
+ }
+ ],
+ "affected": [
+ {
+ "product": "Linux",
+ "vendor": "Linux",
+ "defaultStatus": "unaffected",
+ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+ "versions": [
+ {
+ "version": "f94fd25cb0aa",
+ "lessThan": "d9c54763e5cd",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "f94fd25cb0aa",
+ "lessThan": "1960f2b534da",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "f94fd25cb0aa",
+ "lessThan": "b0028f333420",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "f94fd25cb0aa",
+ "lessThan": "78fbb92af27d",
+ "status": "affected",
+ "versionType": "git"
+ }
+ ]
+ },
+ {
+ "product": "Linux",
+ "vendor": "Linux",
+ "defaultStatus": "affected",
+ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+ "versions": [
+ {
+ "version": "5.19",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "5.19",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.1.76",
+ "lessThanOrEqual": "6.1.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.6.15",
+ "lessThanOrEqual": "6.6.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.7.3",
+ "lessThanOrEqual": "6.7.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.8",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://git.kernel.org/stable/c/d9c54763e5cdbbd3f81868597fe8aca3c96e6387"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/1960f2b534da1e6c65fb96f9e98bda773495f406"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/b0028f333420a65a53a63978522db680b37379dd"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/78fbb92af27d0982634116c7a31065f24d092826"
+ }
+ ],
+ "title": "nbd: always initialize struct msghdr completely",
+ "x_generator": {
+ "engine": "bippy-8df59b4913de"
+ }
+ }
+ },
+ "cveMetadata": {
+ "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
+ "cveID": "CVE-2024-26638",
+ "requesterUserId": "lee@kernel.org",
+ "serial": "1",
+ "state": "PUBLISHED"
+ },
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.0"
+}
diff --git a/cve/published/2024/CVE-2024-26638.mbox b/cve/published/2024/CVE-2024-26638.mbox
new file mode 100644
index 00000000..972cd17f
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26638.mbox
@@ -0,0 +1,101 @@
+From bippy-8df59b4913de Mon Sep 17 00:00:00 2001
+From: Lee Jones <lee@kernel.org>
+To: <linux-cve-announce@vger.kernel.org>
+Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
+Subject: CVE-2024-26638: nbd: always initialize struct msghdr completely
+X-Developer-Signature: v=1; a=openpgp-sha256; l=3318; i=lee@kernel.org;
+ h=from:subject; bh=U4gkFWUjebCUM/Nm19ryRjUcEKFnDMHVG/1Roi3qH6Y=;
+ b=owEBbQKS/ZANAwAKAVGvii+H/HdhAcsmYgBl+BQjzHS0eB88JAYhHyeRuYKpH2CUjQh7n9CYg
+ D2umZNc33mJAjMEAAEKAB0WIQR2tsk1o74gmpTwh0hRr4ovh/x3YQUCZfgUIwAKCRBRr4ovh/x3
+ YaY+EACNH2oLaLB5ZISdpwWxeoOjndNOL8W/CWFR9qUkuZF4cb+N4k7VSNdD7Tw8uGGYcpKnRk+
+ 3iPsW6O9nlQzfOcd9cfuDvAr5+B2igseCDtabixZ48/B3ntNi2ZaCqTWzXmEfQgk3MkJPRXCRgo
+ of2F6uILldYGV4F+eeQJHZ+8yDMbxzhjdbeZUORf+TxhZXzRgHF2Q1xjf+BqG01S8a9ogupp28b
+ KTwZAudFuL9qDWou1ecQr8QxisICwL77/Ap9djSBCvgo5sKFNLJWYl5+1dzdngi5ZT02fn1aEtP
+ KnM3FUxAaavXMmXuZ5j+GtkTCBC6z89GEbidsOMke8he3Iwto7ckgJycrR2BUlQxo7+ddIGiw0z
+ WzVGGL9BWlRVE958qsC0eOGL7QObmf4AnAiMu5STmZ3iDRfHBUrmrDgKEfdiK4d0X8O3sBbzJh9
+ 9MhOFERzMQcK8e/3mBJigUxO2uoA96Skku6R7I099pelHiwPcod+BAmgtp4p541C18pnNFHzvNU
+ k2PAMLhwseaT166tFOxXceA7L329IpUW2bvkFo2mtMfsGthL5XhLHkL1RYKIj/OpNjn/8zYBzAG
+ tFokeOBqvY8BNlNT8C8hRY9X0WBFUVNth9XJlTVC2i2NfLb5SYGyyugr8ADq+O5wtm8NXaGcl3z
+ P5PoAaqbeoCE+6Q==
+X-Developer-Key: i=lee@kernel.org; a=openpgp;
+ fpr=76B6C935A3BE209A94F0874851AF8A2F87FC7761
+
+Description
+===========
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+nbd: always initialize struct msghdr completely
+
+syzbot complains that msg->msg_get_inq value can be uninitialized [1]
+
+struct msghdr got many new fields recently, we should always make
+sure their values is zero by default.
+
+[1]
+ BUG: KMSAN: uninit-value in tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571
+ tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571
+ inet_recvmsg+0x131/0x580 net/ipv4/af_inet.c:879
+ sock_recvmsg_nosec net/socket.c:1044 [inline]
+ sock_recvmsg+0x12b/0x1e0 net/socket.c:1066
+ __sock_xmit+0x236/0x5c0 drivers/block/nbd.c:538
+ nbd_read_reply drivers/block/nbd.c:732 [inline]
+ recv_work+0x262/0x3100 drivers/block/nbd.c:863
+ process_one_work kernel/workqueue.c:2627 [inline]
+ process_scheduled_works+0x104e/0x1e70 kernel/workqueue.c:2700
+ worker_thread+0xf45/0x1490 kernel/workqueue.c:2781
+ kthread+0x3ed/0x540 kernel/kthread.c:388
+ ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147
+ ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
+
+Local variable msg created at:
+ __sock_xmit+0x4c/0x5c0 drivers/block/nbd.c:513
+ nbd_read_reply drivers/block/nbd.c:732 [inline]
+ recv_work+0x262/0x3100 drivers/block/nbd.c:863
+
+CPU: 1 PID: 7465 Comm: kworker/u5:1 Not tainted 6.7.0-rc7-syzkaller-00041-gf016f7547aee #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
+Workqueue: nbd5-recv recv_work
+
+The Linux kernel CVE team has assigned CVE-2024-26638 to this issue.
+
+
+Affected and fixed versions
+===========================
+
+ Issue introduced in 5.19 with commit f94fd25cb0aa and fixed in 6.1.76 with commit d9c54763e5cd
+ Issue introduced in 5.19 with commit f94fd25cb0aa and fixed in 6.6.15 with commit 1960f2b534da
+ Issue introduced in 5.19 with commit f94fd25cb0aa and fixed in 6.7.3 with commit b0028f333420
+ Issue introduced in 5.19 with commit f94fd25cb0aa and fixed in 6.8 with commit 78fbb92af27d
+
+Please see https://www.kernel.org or a full list of currently supported
+kernel versions by the kernel community.
+
+Unaffected versions might change over time as fixes are backported to
+older supported kernel versions. The official CVE entry at
+ https://cve.org/CVERecord/?id=CVE-2024-26638
+will be updated if fixes are backported, please check that for the most
+up to date information about this issue.
+
+
+Affected files
+==============
+
+The file(s) affected by this issue are:
+ drivers/block/nbd.c
+
+
+Mitigation
+==========
+
+The Linux kernel CVE team recommends that you update to the latest
+stable kernel version for this, and many other bugfixes. Individual
+changes are never tested alone, but rather are part of a larger kernel
+release. Cherry-picking individual commits is not recommended or
+supported by the Linux kernel community at all. If however, updating to
+the latest release is impossible, the individual changes to resolve this
+issue can be found at these commits:
+ https://git.kernel.org/stable/c/d9c54763e5cdbbd3f81868597fe8aca3c96e6387
+ https://git.kernel.org/stable/c/1960f2b534da1e6c65fb96f9e98bda773495f406
+ https://git.kernel.org/stable/c/b0028f333420a65a53a63978522db680b37379dd
+ https://git.kernel.org/stable/c/78fbb92af27d0982634116c7a31065f24d092826
diff --git a/cve/published/2024/CVE-2024-26638.sha1 b/cve/published/2024/CVE-2024-26638.sha1
new file mode 100644
index 00000000..152c0fd3
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26638.sha1
@@ -0,0 +1 @@
+78fbb92af27d0982634116c7a31065f24d092826
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-21 04:41:17 +0000