some CVEs published as requested

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

12 files changed, 448 insertions, 0 deletions

diff --git a/cve/reserved/2023/CVE-2023-52620 b/cve/published/2023/CVE-2023-52620
index e69de29b..e69de29b 100644
--- a/cve/reserved/2023/CVE-2023-52620
+++ b/cve/published/2023/CVE-2023-52620
diff --git a/cve/published/2023/CVE-2023-52620.json b/cve/published/2023/CVE-2023-52620.json
new file mode 100644
index 00000000..ea37d856
--- /dev/null
+++ b/cve/published/2023/CVE-2023-52620.json
@@ -0,0 +1,93 @@
+{
+   "containers": {
+      "cna": {
+         "providerMetadata": {
+            "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
+         },
+         "descriptions": [
+            {
+               "lang": "en",
+               "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: disallow timeout for anonymous sets\n\nNever used from userspace, disallow these parameters."
+            }
+         ],
+         "affected": [
+            {
+               "product": "Linux",
+               "vendor": "Linux",
+               "defaultStatus": "unaffected",
+               "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+               "versions": [
+                  {
+                     "version": "1da177e4c3f4",
+                     "lessThan": "00b19ee0dcc1",
+                     "status": "affected",
+                     "versionType": "git"
+                  },
+                  {
+                     "version": "1da177e4c3f4",
+                     "lessThan": "b7be6c737a17",
+                     "status": "affected",
+                     "versionType": "git"
+                  },
+                  {
+                     "version": "1da177e4c3f4",
+                     "lessThan": "e26d3009efda",
+                     "status": "affected",
+                     "versionType": "git"
+                  }
+               ]
+            },
+            {
+               "product": "Linux",
+               "vendor": "Linux",
+               "defaultStatus": "affected",
+               "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+               "versions": [
+                  {
+                     "version": "5.15.151",
+                     "lessThanOrEqual": "5.15.*",
+                     "status": "unaffected",
+                     "versionType": "custom"
+                  },
+                  {
+                     "version": "6.1.81",
+                     "lessThanOrEqual": "6.1.*",
+                     "status": "unaffected",
+                     "versionType": "custom"
+                  },
+                  {
+                     "version": "6.4",
+                     "lessThanOrEqual": "*",
+                     "status": "unaffected",
+                     "versionType": "original_commit_for_fix"
+                  }
+               ]
+            }
+         ],
+         "references": [
+            {
+               "url": "https://git.kernel.org/stable/c/00b19ee0dcc1aef06294471ab489bae26d94524e"
+            },
+            {
+               "url": "https://git.kernel.org/stable/c/b7be6c737a179a76901c872f6b4c1d00552d9a1b"
+            },
+            {
+               "url": "https://git.kernel.org/stable/c/e26d3009efda338f19016df4175f354a9bd0a4ab"
+            }
+         ],
+         "title": "netfilter: nf_tables: disallow timeout for anonymous sets",
+         "x_generator": {
+            "engine": "bippy-b4257b672505"
+         }
+      }
+   },
+   "cveMetadata": {
+      "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
+      "cveID": "CVE-2023-52620",
+      "requesterUserId": "gregkh@kernel.org",
+      "serial": "1",
+      "state": "PUBLISHED"
+   },
+   "dataType": "CVE_RECORD",
+   "dataVersion": "5.0"
+}
diff --git a/cve/published/2023/CVE-2023-52620.mbox b/cve/published/2023/CVE-2023-52620.mbox
new file mode 100644
index 00000000..66562cbe
--- /dev/null
+++ b/cve/published/2023/CVE-2023-52620.mbox
@@ -0,0 +1,66 @@
+From bippy-b4257b672505 Mon Sep 17 00:00:00 2001
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+To: <linux-cve-announce@vger.kernel.org>
+Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
+Subject: CVE-2023-52620: netfilter: nf_tables: disallow timeout for anonymous sets
+Message-Id: <2024032147-CVE-2023-52620-11a9@gregkh>
+Content-Length: 1672
+Lines: 49
+X-Developer-Signature: v=1; a=openpgp-sha256; l=1722;
+ i=gregkh@linuxfoundation.org; h=from:subject:message-id;
+ bh=QnpSgSVVqr+Orp0h3E3vHGER1zSmO/2tGKhrE9a7h2c=;
+ b=owGbwMvMwCRo6H6F97bub03G02pJDKl/+FMYk2OmiDstdsz+/eClEOP3Lfx8O27/6TlvGZpX7
+ KwW1f6qI5aFQZCJQVZMkeXLNp6j+ysOKXoZ2p6GmcPKBDKEgYtTACaSfp5hnvGL7Tv81e9UrJok
+ p658jF1ZoOjtBoYFXfdWq8wXZCqcPO+B5bFr+3SXnvooCQA=
+X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp;
+ fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29
+
+Description
+===========
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+netfilter: nf_tables: disallow timeout for anonymous sets
+
+Never used from userspace, disallow these parameters.
+
+The Linux kernel CVE team has assigned CVE-2023-52620 to this issue.
+
+
+Affected and fixed versions
+===========================
+
+	Fixed in 5.15.151 with commit 00b19ee0dcc1
+	Fixed in 6.1.81 with commit b7be6c737a17
+	Fixed in 6.4 with commit e26d3009efda
+
+Please see https://www.kernel.org for a full list of currently supported
+kernel versions by the kernel community.
+
+Unaffected versions might change over time as fixes are backported to
+older supported kernel versions.  The official CVE entry at
+	https://cve.org/CVERecord/?id=CVE-2023-52620
+will be updated if fixes are backported, please check that for the most
+up to date information about this issue.
+
+
+Affected files
+==============
+
+The file(s) affected by this issue are:
+	net/netfilter/nf_tables_api.c
+
+
+Mitigation
+==========
+
+The Linux kernel CVE team recommends that you update to the latest
+stable kernel version for this, and many other bugfixes.  Individual
+changes are never tested alone, but rather are part of a larger kernel
+release.  Cherry-picking individual commits is not recommended or
+supported by the Linux kernel community at all.  If however, updating to
+the latest release is impossible, the individual changes to resolve this
+issue can be found at these commits:
+	https://git.kernel.org/stable/c/00b19ee0dcc1aef06294471ab489bae26d94524e
+	https://git.kernel.org/stable/c/b7be6c737a179a76901c872f6b4c1d00552d9a1b
+	https://git.kernel.org/stable/c/e26d3009efda338f19016df4175f354a9bd0a4ab
diff --git a/cve/published/2023/CVE-2023-52620.sha1 b/cve/published/2023/CVE-2023-52620.sha1
new file mode 100644
index 00000000..e8396de2
--- /dev/null
+++ b/cve/published/2023/CVE-2023-52620.sha1
@@ -0,0 +1 @@
+e26d3009efda338f19016df4175f354a9bd0a4ab
diff --git a/cve/reserved/2024/CVE-2024-26642 b/cve/published/2024/CVE-2024-26642
index e69de29b..e69de29b 100644
--- a/cve/reserved/2024/CVE-2024-26642
+++ b/cve/published/2024/CVE-2024-26642
diff --git a/cve/published/2024/CVE-2024-26642.json b/cve/published/2024/CVE-2024-26642.json
new file mode 100644
index 00000000..9a533e80
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26642.json
@@ -0,0 +1,73 @@
+{
+   "containers": {
+      "cna": {
+         "providerMetadata": {
+            "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
+         },
+         "descriptions": [
+            {
+               "lang": "en",
+               "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: disallow anonymous set with timeout flag\n\nAnonymous sets are never used with timeout from userspace, reject this.\nException to this rule is NFT_SET_EVAL to ensure legacy meters still work."
+            }
+         ],
+         "affected": [
+            {
+               "product": "Linux",
+               "vendor": "Linux",
+               "defaultStatus": "unaffected",
+               "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+               "versions": [
+                  {
+                     "version": "761da2935d6e",
+                     "lessThan": "16603605b667",
+                     "status": "affected",
+                     "versionType": "git"
+                  }
+               ]
+            },
+            {
+               "product": "Linux",
+               "vendor": "Linux",
+               "defaultStatus": "affected",
+               "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+               "versions": [
+                  {
+                     "version": "4.1",
+                     "status": "affected"
+                  },
+                  {
+                     "version": "0",
+                     "lessThan": "4.1",
+                     "status": "unaffected",
+                     "versionType": "custom"
+                  },
+                  {
+                     "version": "6.8",
+                     "lessThanOrEqual": "*",
+                     "status": "unaffected",
+                     "versionType": "original_commit_for_fix"
+                  }
+               ]
+            }
+         ],
+         "references": [
+            {
+               "url": "https://git.kernel.org/stable/c/16603605b667b70da974bea8216c93e7db043bf1"
+            }
+         ],
+         "title": "netfilter: nf_tables: disallow anonymous set with timeout flag",
+         "x_generator": {
+            "engine": "bippy-b4257b672505"
+         }
+      }
+   },
+   "cveMetadata": {
+      "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
+      "cveID": "CVE-2024-26642",
+      "requesterUserId": "gregkh@kernel.org",
+      "serial": "1",
+      "state": "PUBLISHED"
+   },
+   "dataType": "CVE_RECORD",
+   "dataVersion": "5.0"
+}
diff --git a/cve/published/2024/CVE-2024-26642.mbox b/cve/published/2024/CVE-2024-26642.mbox
new file mode 100644
index 00000000..974ac54e
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26642.mbox
@@ -0,0 +1,63 @@
+From bippy-b4257b672505 Mon Sep 17 00:00:00 2001
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+To: <linux-cve-announce@vger.kernel.org>
+Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
+Subject: CVE-2024-26642: netfilter: nf_tables: disallow anonymous set with timeout flag
+Message-Id: <2024032150-CVE-2024-26642-3549@gregkh>
+Content-Length: 1589
+Lines: 46
+X-Developer-Signature: v=1; a=openpgp-sha256; l=1636;
+ i=gregkh@linuxfoundation.org; h=from:subject:message-id;
+ bh=j+7KmxAjGaKj6VQuNJURqHuROnpQxkNuJ3Cbt0QS7l4=;
+ b=owGbwMvMwCRo6H6F97bub03G02pJDKl/+NOmRq95I/VnfaP40kaxTBu1pUZxLv0vZtr838pUv
+ 0N5scT6jlgWBkEmBlkxRZYv23iO7q84pOhlaHsaZg4rE8gQBi5OAZiIrBPDfF/HIkl+QbHnF5bu
+ mnrZOaVOdHHJHoYF0xwFzqvNEr3he89cvlp2ruCEzwtkAQ==
+X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp;
+ fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29
+
+Description
+===========
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+netfilter: nf_tables: disallow anonymous set with timeout flag
+
+Anonymous sets are never used with timeout from userspace, reject this.
+Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.
+
+The Linux kernel CVE team has assigned CVE-2024-26642 to this issue.
+
+
+Affected and fixed versions
+===========================
+
+	Issue introduced in 4.1 with commit 761da2935d6e and fixed in 6.8 with commit 16603605b667
+
+Please see https://www.kernel.org for a full list of currently supported
+kernel versions by the kernel community.
+
+Unaffected versions might change over time as fixes are backported to
+older supported kernel versions.  The official CVE entry at
+	https://cve.org/CVERecord/?id=CVE-2024-26642
+will be updated if fixes are backported, please check that for the most
+up to date information about this issue.
+
+
+Affected files
+==============
+
+The file(s) affected by this issue are:
+	net/netfilter/nf_tables_api.c
+
+
+Mitigation
+==========
+
+The Linux kernel CVE team recommends that you update to the latest
+stable kernel version for this, and many other bugfixes.  Individual
+changes are never tested alone, but rather are part of a larger kernel
+release.  Cherry-picking individual commits is not recommended or
+supported by the Linux kernel community at all.  If however, updating to
+the latest release is impossible, the individual changes to resolve this
+issue can be found at these commits:
+	https://git.kernel.org/stable/c/16603605b667b70da974bea8216c93e7db043bf1
diff --git a/cve/published/2024/CVE-2024-26642.sha1 b/cve/published/2024/CVE-2024-26642.sha1
new file mode 100644
index 00000000..b72528f4
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26642.sha1
@@ -0,0 +1 @@
+16603605b667b70da974bea8216c93e7db043bf1
diff --git a/cve/reserved/2024/CVE-2024-26643 b/cve/published/2024/CVE-2024-26643
index e69de29b..e69de29b 100644
--- a/cve/reserved/2024/CVE-2024-26643
+++ b/cve/published/2024/CVE-2024-26643
diff --git a/cve/published/2024/CVE-2024-26643.json b/cve/published/2024/CVE-2024-26643.json
new file mode 100644
index 00000000..5ece75ed
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26643.json
@@ -0,0 +1,73 @@
+{
+   "containers": {
+      "cna": {
+         "providerMetadata": {
+            "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
+         },
+         "descriptions": [
+            {
+               "lang": "en",
+               "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout\n\nWhile the rhashtable set gc runs asynchronously, a race allows it to\ncollect elements from anonymous sets with timeouts while it is being\nreleased from the commit path.\n\nMingi Cho originally reported this issue in a different path in 6.1.x\nwith a pipapo set with low timeouts which is not possible upstream since\n7395dfacfff6 (\"netfilter: nf_tables: use timestamp to check for set\nelement timeout\").\n\nFix this by setting on the dead flag for anonymous sets to skip async gc\nin this case.\n\nAccording to 08e4c8c5919f (\"netfilter: nf_tables: mark newset as dead on\ntransaction abort\"), Florian plans to accelerate abort path by releasing\nobjects via workqueue, therefore, this sets on the dead flag for abort\npath too."
+            }
+         ],
+         "affected": [
+            {
+               "product": "Linux",
+               "vendor": "Linux",
+               "defaultStatus": "unaffected",
+               "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+               "versions": [
+                  {
+                     "version": "5f68718b34a5",
+                     "lessThan": "552705a3650b",
+                     "status": "affected",
+                     "versionType": "git"
+                  }
+               ]
+            },
+            {
+               "product": "Linux",
+               "vendor": "Linux",
+               "defaultStatus": "affected",
+               "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+               "versions": [
+                  {
+                     "version": "6.5",
+                     "status": "affected"
+                  },
+                  {
+                     "version": "0",
+                     "lessThan": "6.5",
+                     "status": "unaffected",
+                     "versionType": "custom"
+                  },
+                  {
+                     "version": "6.8",
+                     "lessThanOrEqual": "*",
+                     "status": "unaffected",
+                     "versionType": "original_commit_for_fix"
+                  }
+               ]
+            }
+         ],
+         "references": [
+            {
+               "url": "https://git.kernel.org/stable/c/552705a3650bbf46a22b1adedc1b04181490fc36"
+            }
+         ],
+         "title": "netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout",
+         "x_generator": {
+            "engine": "bippy-b4257b672505"
+         }
+      }
+   },
+   "cveMetadata": {
+      "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
+      "cveID": "CVE-2024-26643",
+      "requesterUserId": "gregkh@kernel.org",
+      "serial": "1",
+      "state": "PUBLISHED"
+   },
+   "dataType": "CVE_RECORD",
+   "dataVersion": "5.0"
+}
diff --git a/cve/published/2024/CVE-2024-26643.mbox b/cve/published/2024/CVE-2024-26643.mbox
new file mode 100644
index 00000000..b4bb451f
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26643.mbox
@@ -0,0 +1,77 @@
+From bippy-b4257b672505 Mon Sep 17 00:00:00 2001
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+To: <linux-cve-announce@vger.kernel.org>
+Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
+Subject: CVE-2024-26643: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
+Message-Id: <2024032150-CVE-2024-26643-4f9d@gregkh>
+Content-Length: 2176
+Lines: 60
+X-Developer-Signature: v=1; a=openpgp-sha256; l=2237;
+ i=gregkh@linuxfoundation.org; h=from:subject:message-id;
+ bh=LZ7KSzv0gEaheJiU66c2JAGeF9vBkfTSiFAaWWmzdb8=;
+ b=owGbwMvMwCRo6H6F97bub03G02pJDKl/+NMkZ91qYujzjeL3eWeYHGJqEu/j9lu6/+q+vWGbh
+ RK2BXd0xLIwCDIxyIopsnzZxnN0f8UhRS9D29Mwc1iZQIYwcHEKwEQcuhgWLOAtZDb9OedYBats
+ csniKf+Tz0s+YljQdEskzE7ugP6lhvc61/9GZHWtXjcJAA==
+X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp;
+ fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29
+
+Description
+===========
+
+In the Linux kernel, the following vulnerability has been resolved:
+
+netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
+
+While the rhashtable set gc runs asynchronously, a race allows it to
+collect elements from anonymous sets with timeouts while it is being
+released from the commit path.
+
+Mingi Cho originally reported this issue in a different path in 6.1.x
+with a pipapo set with low timeouts which is not possible upstream since
+7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for set
+element timeout").
+
+Fix this by setting on the dead flag for anonymous sets to skip async gc
+in this case.
+
+According to 08e4c8c5919f ("netfilter: nf_tables: mark newset as dead on
+transaction abort"), Florian plans to accelerate abort path by releasing
+objects via workqueue, therefore, this sets on the dead flag for abort
+path too.
+
+The Linux kernel CVE team has assigned CVE-2024-26643 to this issue.
+
+
+Affected and fixed versions
+===========================
+
+	Issue introduced in 6.5 with commit 5f68718b34a5 and fixed in 6.8 with commit 552705a3650b
+
+Please see https://www.kernel.org for a full list of currently supported
+kernel versions by the kernel community.
+
+Unaffected versions might change over time as fixes are backported to
+older supported kernel versions.  The official CVE entry at
+	https://cve.org/CVERecord/?id=CVE-2024-26643
+will be updated if fixes are backported, please check that for the most
+up to date information about this issue.
+
+
+Affected files
+==============
+
+The file(s) affected by this issue are:
+	net/netfilter/nf_tables_api.c
+
+
+Mitigation
+==========
+
+The Linux kernel CVE team recommends that you update to the latest
+stable kernel version for this, and many other bugfixes.  Individual
+changes are never tested alone, but rather are part of a larger kernel
+release.  Cherry-picking individual commits is not recommended or
+supported by the Linux kernel community at all.  If however, updating to
+the latest release is impossible, the individual changes to resolve this
+issue can be found at these commits:
+	https://git.kernel.org/stable/c/552705a3650bbf46a22b1adedc1b04181490fc36
diff --git a/cve/published/2024/CVE-2024-26643.sha1 b/cve/published/2024/CVE-2024-26643.sha1
new file mode 100644
index 00000000..a08e0fda
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26643.sha1
@@ -0,0 +1 @@
+552705a3650bbf46a22b1adedc1b04181490fc36