diff options
author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-04-13 13:34:26 +0200 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-04-13 13:34:26 +0200 |
commit | ece350bdf518156a562e297268813d0c450758ad (patch) | |
tree | 6b5f98e8800787fb6c77009c2c00a3b623876d27 | |
parent | ade9c13379fb30562c67894b6b9842c89f8554d2 (diff) | |
download | vulns-ece350bdf518156a562e297268813d0c450758ad.tar.gz |
update CVEs with latest stable updates
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
28 files changed, 467 insertions, 10 deletions
diff --git a/cve/published/2022/CVE-2022-48627.json b/cve/published/2022/CVE-2022-48627.json index edd56839..c31af5b3 100644 --- a/cve/published/2022/CVE-2022-48627.json +++ b/cve/published/2022/CVE-2022-48627.json @@ -19,6 +19,18 @@ "versions": [ { "version": "81732c3b2fed", + "lessThan": "c8686c014b5e", + "status": "affected", + "versionType": "git" + }, + { + "version": "81732c3b2fed", + "lessThan": "815be99d934e", + "status": "affected", + "versionType": "git" + }, + { + "version": "81732c3b2fed", "lessThan": "bfee93c9a6c3", "status": "affected", "versionType": "git" @@ -60,6 +72,18 @@ "versionType": "custom" }, { + "version": "4.19.312", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.274", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "5.10.132", "lessThanOrEqual": "5.10.*", "status": "unaffected", @@ -88,6 +112,12 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/c8686c014b5e872ba7e334f33ca553f14446fc29" + }, + { + "url": "https://git.kernel.org/stable/c/815be99d934e3292906536275f2b8d5131cdf52c" + }, + { "url": "https://git.kernel.org/stable/c/bfee93c9a6c395f9aa62268f1cedf64999844926" }, { @@ -102,7 +132,7 @@ ], "title": "vt: fix memory overlapping when deleting chars in the buffer", "x_generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-d175d3acf727" } } }, diff --git a/cve/published/2022/CVE-2022-48627.mbox b/cve/published/2022/CVE-2022-48627.mbox index bc9851f9..9557ebae 100644 --- a/cve/published/2022/CVE-2022-48627.mbox +++ b/cve/published/2022/CVE-2022-48627.mbox @@ -1,4 +1,4 @@ -From bippy-851b3ed3d212 Mon Sep 17 00:00:00 2001 +From bippy-d175d3acf727 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> @@ -26,6 +26,8 @@ The Linux kernel CVE team has assigned CVE-2022-48627 to this issue. Affected and fixed versions =========================== + Issue introduced in 3.7 with commit 81732c3b2fed and fixed in 4.19.312 with commit c8686c014b5e + Issue introduced in 3.7 with commit 81732c3b2fed and fixed in 5.4.274 with commit 815be99d934e Issue introduced in 3.7 with commit 81732c3b2fed and fixed in 5.10.132 with commit bfee93c9a6c3 Issue introduced in 3.7 with commit 81732c3b2fed and fixed in 5.15.56 with commit 57964a571025 Issue introduced in 3.7 with commit 81732c3b2fed and fixed in 5.18.13 with commit 14d2cc21ca62 @@ -58,6 +60,8 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/c8686c014b5e872ba7e334f33ca553f14446fc29 + https://git.kernel.org/stable/c/815be99d934e3292906536275f2b8d5131cdf52c https://git.kernel.org/stable/c/bfee93c9a6c395f9aa62268f1cedf64999844926 https://git.kernel.org/stable/c/57964a5710252bc82fe22d9fa98c180c58c20244 https://git.kernel.org/stable/c/14d2cc21ca622310babf373e3a8f0b40acfe8265 diff --git a/cve/published/2023/CVE-2023-52458.json b/cve/published/2023/CVE-2023-52458.json index 026e5aa6..23f3c997 100644 --- a/cve/published/2023/CVE-2023-52458.json +++ b/cve/published/2023/CVE-2023-52458.json @@ -19,6 +19,12 @@ "versions": [ { "version": "1da177e4c3f4", + "lessThan": "8f6dfa1f1efe", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", "lessThan": "5010c2712096", "status": "affected", "versionType": "git" @@ -56,6 +62,12 @@ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "versions": [ { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "5.15.148", "lessThanOrEqual": "5.15.*", "status": "unaffected", @@ -90,6 +102,9 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/8f6dfa1f1efe6dcca2d43e575491d8fcbe922f62" + }, + { "url": "https://git.kernel.org/stable/c/5010c27120962c85d2f421d2cf211791c9603503" }, { @@ -107,7 +122,7 @@ ], "title": "block: add check that partition length needs to be aligned with block size", "x_generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-d175d3acf727" } } }, diff --git a/cve/published/2023/CVE-2023-52458.mbox b/cve/published/2023/CVE-2023-52458.mbox index 64f96908..1a68b704 100644 --- a/cve/published/2023/CVE-2023-52458.mbox +++ b/cve/published/2023/CVE-2023-52458.mbox @@ -1,4 +1,4 @@ -From bippy-851b3ed3d212 Mon Sep 17 00:00:00 2001 +From bippy-d175d3acf727 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> @@ -26,6 +26,7 @@ The Linux kernel CVE team has assigned CVE-2023-52458 to this issue. Affected and fixed versions =========================== + Fixed in 5.10.215 with commit 8f6dfa1f1efe Fixed in 5.15.148 with commit 5010c2712096 Fixed in 6.1.75 with commit ef31cc877947 Fixed in 6.6.14 with commit cb16cc1abda1 @@ -59,6 +60,7 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/8f6dfa1f1efe6dcca2d43e575491d8fcbe922f62 https://git.kernel.org/stable/c/5010c27120962c85d2f421d2cf211791c9603503 https://git.kernel.org/stable/c/ef31cc87794731ffcb578a195a2c47d744e25fb8 https://git.kernel.org/stable/c/cb16cc1abda18a9514106d2ac8c8d7abc0be5ed8 diff --git a/cve/published/2023/CVE-2023-52482.json b/cve/published/2023/CVE-2023-52482.json index b904ee10..d1e0e21d 100644 --- a/cve/published/2023/CVE-2023-52482.json +++ b/cve/published/2023/CVE-2023-52482.json @@ -19,6 +19,12 @@ "versions": [ { "version": "1da177e4c3f4", + "lessThan": "e7ea043bc3f1", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", "lessThan": "f090a8b4d2e3", "status": "affected", "versionType": "git" @@ -50,6 +56,12 @@ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "versions": [ { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "5.15.134", "lessThanOrEqual": "5.15.*", "status": "unaffected", @@ -78,6 +90,9 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/e7ea043bc3f19473561c08565047b3f1671bf35d" + }, + { "url": "https://git.kernel.org/stable/c/f090a8b4d2e3ec6f318d6fdab243a2edc5a8cc37" }, { @@ -92,7 +107,7 @@ ], "title": "x86/srso: Add SRSO mitigation for Hygon processors", "x_generator": { - "engine": "bippy-c298863b1525" + "engine": "bippy-d175d3acf727" } } }, diff --git a/cve/published/2023/CVE-2023-52482.mbox b/cve/published/2023/CVE-2023-52482.mbox index 18be56d4..af90076c 100644 --- a/cve/published/2023/CVE-2023-52482.mbox +++ b/cve/published/2023/CVE-2023-52482.mbox @@ -1,4 +1,4 @@ -From bippy-851b3ed3d212 Mon Sep 17 00:00:00 2001 +From bippy-d175d3acf727 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> @@ -20,6 +20,7 @@ The Linux kernel CVE team has assigned CVE-2023-52482 to this issue. Affected and fixed versions =========================== + Fixed in 5.10.215 with commit e7ea043bc3f1 Fixed in 5.15.134 with commit f090a8b4d2e3 Fixed in 6.1.56 with commit 6ce2f297a716 Fixed in 6.5.6 with commit cf43b304b695 @@ -52,6 +53,7 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/e7ea043bc3f19473561c08565047b3f1671bf35d https://git.kernel.org/stable/c/f090a8b4d2e3ec6f318d6fdab243a2edc5a8cc37 https://git.kernel.org/stable/c/6ce2f297a7168274547d0b5aea6c7c16268b8a96 https://git.kernel.org/stable/c/cf43b304b6952b549d58feabc342807b334f03d4 diff --git a/cve/published/2023/CVE-2023-52488.json b/cve/published/2023/CVE-2023-52488.json index cafdc98b..53d5fe5b 100644 --- a/cve/published/2023/CVE-2023-52488.json +++ b/cve/published/2023/CVE-2023-52488.json @@ -19,6 +19,12 @@ "versions": [ { "version": "dfeae619d781", + "lessThan": "4e37416e4ee1", + "status": "affected", + "versionType": "git" + }, + { + "version": "dfeae619d781", "lessThan": "e635f652696e", "status": "affected", "versionType": "git" @@ -66,6 +72,12 @@ "versionType": "custom" }, { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "5.15.154", "lessThanOrEqual": "5.15.*", "status": "unaffected", @@ -100,6 +112,9 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/4e37416e4ee1b1bc17364a68973e0c63be89e611" + }, + { "url": "https://git.kernel.org/stable/c/e635f652696ef6f1230621cfd89c350cb5ec6169" }, { diff --git a/cve/published/2023/CVE-2023-52488.mbox b/cve/published/2023/CVE-2023-52488.mbox index c4d7e4a5..55c2755e 100644 --- a/cve/published/2023/CVE-2023-52488.mbox +++ b/cve/published/2023/CVE-2023-52488.mbox @@ -35,6 +35,7 @@ The Linux kernel CVE team has assigned CVE-2023-52488 to this issue. Affected and fixed versions =========================== + Issue introduced in 3.16 with commit dfeae619d781 and fixed in 5.10.215 with commit 4e37416e4ee1 Issue introduced in 3.16 with commit dfeae619d781 and fixed in 5.15.154 with commit e635f652696e Issue introduced in 3.16 with commit dfeae619d781 and fixed in 6.1.76 with commit 416b10d2817c Issue introduced in 3.16 with commit dfeae619d781 and fixed in 6.6.15 with commit 084c24e788d9 @@ -68,6 +69,7 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/4e37416e4ee1b1bc17364a68973e0c63be89e611 https://git.kernel.org/stable/c/e635f652696ef6f1230621cfd89c350cb5ec6169 https://git.kernel.org/stable/c/416b10d2817c94db86829fb92ad43ce7d002c573 https://git.kernel.org/stable/c/084c24e788d9cf29c55564de368bf5284f2bb5db diff --git a/cve/published/2023/CVE-2023-52620.json b/cve/published/2023/CVE-2023-52620.json index ea37d856..ab89019b 100644 --- a/cve/published/2023/CVE-2023-52620.json +++ b/cve/published/2023/CVE-2023-52620.json @@ -19,6 +19,24 @@ "versions": [ { "version": "1da177e4c3f4", + "lessThan": "116b0e8e4673", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "49ce99ae4331", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "6f3ae02bbb62", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", "lessThan": "00b19ee0dcc1", "status": "affected", "versionType": "git" @@ -44,6 +62,24 @@ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "versions": [ { + "version": "4.19.312", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.274", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "5.15.151", "lessThanOrEqual": "5.15.*", "status": "unaffected", @@ -66,6 +102,15 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/116b0e8e4673a5faa8a739a19b467010c4d3058c" + }, + { + "url": "https://git.kernel.org/stable/c/49ce99ae43314d887153e07cec8bb6a647a19268" + }, + { + "url": "https://git.kernel.org/stable/c/6f3ae02bbb62f151b19162d5fdc9fe3d48450323" + }, + { "url": "https://git.kernel.org/stable/c/00b19ee0dcc1aef06294471ab489bae26d94524e" }, { @@ -77,7 +122,7 @@ ], "title": "netfilter: nf_tables: disallow timeout for anonymous sets", "x_generator": { - "engine": "bippy-b4257b672505" + "engine": "bippy-d175d3acf727" } } }, diff --git a/cve/published/2023/CVE-2023-52620.mbox b/cve/published/2023/CVE-2023-52620.mbox index 54fadde7..77321362 100644 --- a/cve/published/2023/CVE-2023-52620.mbox +++ b/cve/published/2023/CVE-2023-52620.mbox @@ -1,4 +1,4 @@ -From bippy-851b3ed3d212 Mon Sep 17 00:00:00 2001 +From bippy-d175d3acf727 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: <linux-cve-announce@vger.kernel.org> Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> @@ -19,6 +19,9 @@ The Linux kernel CVE team has assigned CVE-2023-52620 to this issue. Affected and fixed versions =========================== + Fixed in 4.19.312 with commit 116b0e8e4673 + Fixed in 5.4.274 with commit 49ce99ae4331 + Fixed in 5.10.215 with commit 6f3ae02bbb62 Fixed in 5.15.151 with commit 00b19ee0dcc1 Fixed in 6.1.81 with commit b7be6c737a17 Fixed in 6.4 with commit e26d3009efda @@ -50,6 +53,9 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/116b0e8e4673a5faa8a739a19b467010c4d3058c + https://git.kernel.org/stable/c/49ce99ae43314d887153e07cec8bb6a647a19268 + https://git.kernel.org/stable/c/6f3ae02bbb62f151b19162d5fdc9fe3d48450323 https://git.kernel.org/stable/c/00b19ee0dcc1aef06294471ab489bae26d94524e https://git.kernel.org/stable/c/b7be6c737a179a76901c872f6b4c1d00552d9a1b https://git.kernel.org/stable/c/e26d3009efda338f19016df4175f354a9bd0a4ab diff --git a/cve/published/2024/CVE-2024-26642.json b/cve/published/2024/CVE-2024-26642.json index d1f021d0..ab85598b 100644 --- a/cve/published/2024/CVE-2024-26642.json +++ b/cve/published/2024/CVE-2024-26642.json @@ -19,6 +19,24 @@ "versions": [ { "version": "761da2935d6e", + "lessThan": "e4988d8415bd", + "status": "affected", + "versionType": "git" + }, + { + "version": "761da2935d6e", + "lessThan": "e9a0d3f376eb", + "status": "affected", + "versionType": "git" + }, + { + "version": "761da2935d6e", + "lessThan": "fe40ffbca19d", + "status": "affected", + "versionType": "git" + }, + { + "version": "761da2935d6e", "lessThan": "7cdc1be24cc1", "status": "affected", "versionType": "git" @@ -66,6 +84,24 @@ "versionType": "custom" }, { + "version": "4.19.312", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.274", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "5.15.154", "lessThanOrEqual": "5.15.*", "status": "unaffected", @@ -100,6 +136,15 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9" + }, + { + "url": "https://git.kernel.org/stable/c/e9a0d3f376eb356d54ffce36e7cc37514cbfbd6f" + }, + { + "url": "https://git.kernel.org/stable/c/fe40ffbca19dc70d7c6b1e3c77b9ccb404c57351" + }, + { "url": "https://git.kernel.org/stable/c/7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199" }, { diff --git a/cve/published/2024/CVE-2024-26642.mbox b/cve/published/2024/CVE-2024-26642.mbox index fea26384..565c256a 100644 --- a/cve/published/2024/CVE-2024-26642.mbox +++ b/cve/published/2024/CVE-2024-26642.mbox @@ -20,6 +20,9 @@ The Linux kernel CVE team has assigned CVE-2024-26642 to this issue. Affected and fixed versions =========================== + Issue introduced in 4.1 with commit 761da2935d6e and fixed in 4.19.312 with commit e4988d8415bd + Issue introduced in 4.1 with commit 761da2935d6e and fixed in 5.4.274 with commit e9a0d3f376eb + Issue introduced in 4.1 with commit 761da2935d6e and fixed in 5.10.215 with commit fe40ffbca19d Issue introduced in 4.1 with commit 761da2935d6e and fixed in 5.15.154 with commit 7cdc1be24cc1 Issue introduced in 4.1 with commit 761da2935d6e and fixed in 6.1.84 with commit 72c1efe3f247 Issue introduced in 4.1 with commit 761da2935d6e and fixed in 6.6.24 with commit c0c2176d1814 @@ -53,6 +56,9 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9 + https://git.kernel.org/stable/c/e9a0d3f376eb356d54ffce36e7cc37514cbfbd6f + https://git.kernel.org/stable/c/fe40ffbca19dc70d7c6b1e3c77b9ccb404c57351 https://git.kernel.org/stable/c/7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199 https://git.kernel.org/stable/c/72c1efe3f247a581667b7d368fff3bd9a03cd57a https://git.kernel.org/stable/c/c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12 diff --git a/cve/published/2024/CVE-2024-26643.json b/cve/published/2024/CVE-2024-26643.json index 3f302446..441d405b 100644 --- a/cve/published/2024/CVE-2024-26643.json +++ b/cve/published/2024/CVE-2024-26643.json @@ -18,6 +18,18 @@ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "versions": [ { + "version": "bbdb3b65aa91", + "lessThan": "edcf1a3f182e", + "status": "affected", + "versionType": "git" + }, + { + "version": "448be0774882", + "lessThan": "e2d45f467096", + "status": "affected", + "versionType": "git" + }, + { "version": "d19e8bf3ea41", "lessThan": "291cca35818b", "status": "affected", @@ -66,6 +78,18 @@ "versionType": "custom" }, { + "version": "5.4.274", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "5.15.154", "lessThanOrEqual": "5.15.*", "status": "unaffected", @@ -100,6 +124,12 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/edcf1a3f182ecf8b6b805f0ce90570ea98c5f6bf" + }, + { + "url": "https://git.kernel.org/stable/c/e2d45f467096e931044f0ab7634499879d851a5c" + }, + { "url": "https://git.kernel.org/stable/c/291cca35818bd52a407bc37ab45a15816039e363" }, { diff --git a/cve/published/2024/CVE-2024-26643.mbox b/cve/published/2024/CVE-2024-26643.mbox index 812aa9f1..31921cbe 100644 --- a/cve/published/2024/CVE-2024-26643.mbox +++ b/cve/published/2024/CVE-2024-26643.mbox @@ -34,13 +34,13 @@ The Linux kernel CVE team has assigned CVE-2024-26643 to this issue. Affected and fixed versions =========================== + Issue introduced in 5.4.262 with commit bbdb3b65aa91 and fixed in 5.4.274 with commit edcf1a3f182e + Issue introduced in 5.10.198 with commit 448be0774882 and fixed in 5.10.215 with commit e2d45f467096 Issue introduced in 5.15.134 with commit d19e8bf3ea41 and fixed in 5.15.154 with commit 291cca35818b Issue introduced in 6.1.56 with commit ea3eb9f2192e and fixed in 6.1.84 with commit 406b0241d0eb Issue introduced in 6.5 with commit 5f68718b34a5 and fixed in 6.6.24 with commit b2d6f9a5b1cf Issue introduced in 6.5 with commit 5f68718b34a5 and fixed in 6.7.12 with commit 5224afbc30c3 Issue introduced in 6.5 with commit 5f68718b34a5 and fixed in 6.8 with commit 552705a3650b - Issue introduced in 5.4.262 with commit bbdb3b65aa91 - Issue introduced in 5.10.198 with commit 448be0774882 Issue introduced in 6.4.11 with commit 0624f190b574 Please see https://www.kernel.org for a full list of currently supported @@ -70,6 +70,8 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/edcf1a3f182ecf8b6b805f0ce90570ea98c5f6bf + https://git.kernel.org/stable/c/e2d45f467096e931044f0ab7634499879d851a5c https://git.kernel.org/stable/c/291cca35818bd52a407bc37ab45a15816039e363 https://git.kernel.org/stable/c/406b0241d0eb598a0b330ab20ae325537d8d8163 https://git.kernel.org/stable/c/b2d6f9a5b1cf968f1eaa71085ceeb09c2cb276b1 diff --git a/cve/published/2024/CVE-2024-26654.json b/cve/published/2024/CVE-2024-26654.json index f502bf7d..df1dc50f 100644 --- a/cve/published/2024/CVE-2024-26654.json +++ b/cve/published/2024/CVE-2024-26654.json @@ -19,6 +19,24 @@ "versions": [ { "version": "198de43d758c", + "lessThan": "eeb2a2ca0b8d", + "status": "affected", + "versionType": "git" + }, + { + "version": "198de43d758c", + "lessThan": "4206ad65a0ee", + "status": "affected", + "versionType": "git" + }, + { + "version": "198de43d758c", + "lessThan": "aa39e6878f61", + "status": "affected", + "versionType": "git" + }, + { + "version": "198de43d758c", "lessThan": "8c9902216816", "status": "affected", "versionType": "git" @@ -72,6 +90,24 @@ "versionType": "custom" }, { + "version": "4.19.312", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.274", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "5.15.154", "lessThanOrEqual": "5.15.*", "status": "unaffected", @@ -112,6 +148,15 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/eeb2a2ca0b8de7e1c66afaf719529154e7dc60b2" + }, + { + "url": "https://git.kernel.org/stable/c/4206ad65a0ee76920041a755bd3c17c6ba59bba2" + }, + { + "url": "https://git.kernel.org/stable/c/aa39e6878f61f50892ee2dd9d2176f72020be845" + }, + { "url": "https://git.kernel.org/stable/c/8c990221681688da34295d6d76cc2f5b963e83f5" }, { diff --git a/cve/published/2024/CVE-2024-26654.mbox b/cve/published/2024/CVE-2024-26654.mbox index 89c91e41..43db88ff 100644 --- a/cve/published/2024/CVE-2024-26654.mbox +++ b/cve/published/2024/CVE-2024-26654.mbox @@ -42,6 +42,9 @@ The Linux kernel CVE team has assigned CVE-2024-26654 to this issue. Affected and fixed versions =========================== + Issue introduced in 2.6.23 with commit 198de43d758c and fixed in 4.19.312 with commit eeb2a2ca0b8d + Issue introduced in 2.6.23 with commit 198de43d758c and fixed in 5.4.274 with commit 4206ad65a0ee + Issue introduced in 2.6.23 with commit 198de43d758c and fixed in 5.10.215 with commit aa39e6878f61 Issue introduced in 2.6.23 with commit 198de43d758c and fixed in 5.15.154 with commit 8c9902216816 Issue introduced in 2.6.23 with commit 198de43d758c and fixed in 6.1.84 with commit 9d66ae0e7bb7 Issue introduced in 2.6.23 with commit 198de43d758c and fixed in 6.6.24 with commit 61d4787692c1 @@ -76,6 +79,9 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/eeb2a2ca0b8de7e1c66afaf719529154e7dc60b2 + https://git.kernel.org/stable/c/4206ad65a0ee76920041a755bd3c17c6ba59bba2 + https://git.kernel.org/stable/c/aa39e6878f61f50892ee2dd9d2176f72020be845 https://git.kernel.org/stable/c/8c990221681688da34295d6d76cc2f5b963e83f5 https://git.kernel.org/stable/c/9d66ae0e7bb78b54e1e0525456c6b54e1d132046 https://git.kernel.org/stable/c/61d4787692c1fccdc268ffa7a891f9c149f50901 diff --git a/cve/published/2024/CVE-2024-26687.json b/cve/published/2024/CVE-2024-26687.json index a496a6a1..69de7427 100644 --- a/cve/published/2024/CVE-2024-26687.json +++ b/cve/published/2024/CVE-2024-26687.json @@ -19,6 +19,18 @@ "versions": [ { "version": "d46a78b05c0e", + "lessThan": "9470f5b2503c", + "status": "affected", + "versionType": "git" + }, + { + "version": "d46a78b05c0e", + "lessThan": "0fc88aeb2e32", + "status": "affected", + "versionType": "git" + }, + { + "version": "d46a78b05c0e", "lessThan": "ea592baf9e41", "status": "affected", "versionType": "git" @@ -66,6 +78,18 @@ "versionType": "custom" }, { + "version": "5.4.274", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "5.15.154", "lessThanOrEqual": "5.15.*", "status": "unaffected", @@ -100,6 +124,12 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/9470f5b2503cae994098dea9682aee15b313fa44" + }, + { + "url": "https://git.kernel.org/stable/c/0fc88aeb2e32b76db3fe6a624b8333dbe621b8fd" + }, + { "url": "https://git.kernel.org/stable/c/ea592baf9e41779fe9a0424c03dd2f324feca3b3" }, { diff --git a/cve/published/2024/CVE-2024-26687.mbox b/cve/published/2024/CVE-2024-26687.mbox index 11bd862b..e6016412 100644 --- a/cve/published/2024/CVE-2024-26687.mbox +++ b/cve/published/2024/CVE-2024-26687.mbox @@ -123,6 +123,8 @@ The Linux kernel CVE team has assigned CVE-2024-26687 to this issue. Affected and fixed versions =========================== + Issue introduced in 2.6.37 with commit d46a78b05c0e and fixed in 5.4.274 with commit 9470f5b2503c + Issue introduced in 2.6.37 with commit d46a78b05c0e and fixed in 5.10.215 with commit 0fc88aeb2e32 Issue introduced in 2.6.37 with commit d46a78b05c0e and fixed in 5.15.154 with commit ea592baf9e41 Issue introduced in 2.6.37 with commit d46a78b05c0e and fixed in 6.1.81 with commit 585a344af6bc Issue introduced in 2.6.37 with commit d46a78b05c0e and fixed in 6.6.19 with commit 20980195ec8d @@ -156,6 +158,8 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/9470f5b2503cae994098dea9682aee15b313fa44 + https://git.kernel.org/stable/c/0fc88aeb2e32b76db3fe6a624b8333dbe621b8fd https://git.kernel.org/stable/c/ea592baf9e41779fe9a0424c03dd2f324feca3b3 https://git.kernel.org/stable/c/585a344af6bcac222608a158fc2830ff02712af5 https://git.kernel.org/stable/c/20980195ec8d2e41653800c45c8c367fa1b1f2b4 diff --git a/cve/published/2024/CVE-2024-26810.json b/cve/published/2024/CVE-2024-26810.json index d413947e..af1a859d 100644 --- a/cve/published/2024/CVE-2024-26810.json +++ b/cve/published/2024/CVE-2024-26810.json @@ -19,6 +19,18 @@ "versions": [ { "version": "89e1f7d4c66d", + "lessThan": "1e71b6449d55", + "status": "affected", + "versionType": "git" + }, + { + "version": "89e1f7d4c66d", + "lessThan": "3dd9be6cb55e", + "status": "affected", + "versionType": "git" + }, + { + "version": "89e1f7d4c66d", "lessThan": "ec73e0797292", "status": "affected", "versionType": "git" @@ -72,6 +84,18 @@ "versionType": "custom" }, { + "version": "5.4.274", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "5.15.154", "lessThanOrEqual": "5.15.*", "status": "unaffected", @@ -112,6 +136,12 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/1e71b6449d55179170efc8dee8664510bb813b42" + }, + { + "url": "https://git.kernel.org/stable/c/3dd9be6cb55e0f47544e7cdda486413f7134e3b3" + }, + { "url": "https://git.kernel.org/stable/c/ec73e079729258a05452356cf6d098bf1504d5a6" }, { diff --git a/cve/published/2024/CVE-2024-26810.mbox b/cve/published/2024/CVE-2024-26810.mbox index ba257404..e50cfcdd 100644 --- a/cve/published/2024/CVE-2024-26810.mbox +++ b/cve/published/2024/CVE-2024-26810.mbox @@ -30,6 +30,8 @@ The Linux kernel CVE team has assigned CVE-2024-26810 to this issue. Affected and fixed versions =========================== + Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 5.4.274 with commit 1e71b6449d55 + Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 5.10.215 with commit 3dd9be6cb55e Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 5.15.154 with commit ec73e0797292 Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 6.1.84 with commit 3fe0ac10bd11 Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 6.6.24 with commit 04a4a017b9ff @@ -64,6 +66,8 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/1e71b6449d55179170efc8dee8664510bb813b42 + https://git.kernel.org/stable/c/3dd9be6cb55e0f47544e7cdda486413f7134e3b3 https://git.kernel.org/stable/c/ec73e079729258a05452356cf6d098bf1504d5a6 https://git.kernel.org/stable/c/3fe0ac10bd117df847c93408a9d428a453cd60e5 https://git.kernel.org/stable/c/04a4a017b9ffd7b0f427b8c376688d14cb614651 diff --git a/cve/published/2024/CVE-2024-26812.json b/cve/published/2024/CVE-2024-26812.json index 3d7ba820..070c2ccb 100644 --- a/cve/published/2024/CVE-2024-26812.json +++ b/cve/published/2024/CVE-2024-26812.json @@ -19,6 +19,18 @@ "versions": [ { "version": "89e1f7d4c66d", + "lessThan": "b18fa894d615", + "status": "affected", + "versionType": "git" + }, + { + "version": "89e1f7d4c66d", + "lessThan": "27d40bf72dd9", + "status": "affected", + "versionType": "git" + }, + { + "version": "89e1f7d4c66d", "lessThan": "4cb0d7532126", "status": "affected", "versionType": "git" @@ -72,6 +84,18 @@ "versionType": "custom" }, { + "version": "5.4.274", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "5.15.154", "lessThanOrEqual": "5.15.*", "status": "unaffected", @@ -112,6 +136,12 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/b18fa894d615c8527e15d96b76c7448800e13899" + }, + { + "url": "https://git.kernel.org/stable/c/27d40bf72dd9a6600b76ad05859176ea9a1b4897" + }, + { "url": "https://git.kernel.org/stable/c/4cb0d7532126d23145329826c38054b4e9a05e7c" }, { diff --git a/cve/published/2024/CVE-2024-26812.mbox b/cve/published/2024/CVE-2024-26812.mbox index 374c493f..ed1182a6 100644 --- a/cve/published/2024/CVE-2024-26812.mbox +++ b/cve/published/2024/CVE-2024-26812.mbox @@ -37,6 +37,8 @@ The Linux kernel CVE team has assigned CVE-2024-26812 to this issue. Affected and fixed versions =========================== + Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 5.4.274 with commit b18fa894d615 + Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 5.10.215 with commit 27d40bf72dd9 Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 5.15.154 with commit 4cb0d7532126 Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 6.1.84 with commit 7d29d4c72c1e Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 6.6.24 with commit 69276a555c74 @@ -71,6 +73,8 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/b18fa894d615c8527e15d96b76c7448800e13899 + https://git.kernel.org/stable/c/27d40bf72dd9a6600b76ad05859176ea9a1b4897 https://git.kernel.org/stable/c/4cb0d7532126d23145329826c38054b4e9a05e7c https://git.kernel.org/stable/c/7d29d4c72c1e196cce6969c98072a272d1a703b3 https://git.kernel.org/stable/c/69276a555c740acfbff13fb5769ee9c92e1c828e diff --git a/cve/published/2024/CVE-2024-26813.json b/cve/published/2024/CVE-2024-26813.json index fdb3f84b..9aa662a7 100644 --- a/cve/published/2024/CVE-2024-26813.json +++ b/cve/published/2024/CVE-2024-26813.json @@ -19,6 +19,18 @@ "versions": [ { "version": "57f972e2b341", + "lessThan": "07afdfd8a68f", + "status": "affected", + "versionType": "git" + }, + { + "version": "57f972e2b341", + "lessThan": "09452c8fcbd7", + "status": "affected", + "versionType": "git" + }, + { + "version": "57f972e2b341", "lessThan": "cc5838f19d39", "status": "affected", "versionType": "git" @@ -72,6 +84,18 @@ "versionType": "custom" }, { + "version": "5.4.274", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "5.15.154", "lessThanOrEqual": "5.15.*", "status": "unaffected", @@ -112,6 +136,12 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/07afdfd8a68f9eea8db0ddc4626c874f29d2ac5e" + }, + { + "url": "https://git.kernel.org/stable/c/09452c8fcbd7817c06e8e3212d99b45917e603a5" + }, + { "url": "https://git.kernel.org/stable/c/cc5838f19d39a5fef04c468199699d2a4578be3a" }, { diff --git a/cve/published/2024/CVE-2024-26813.mbox b/cve/published/2024/CVE-2024-26813.mbox index f20d7fce..95cb0b08 100644 --- a/cve/published/2024/CVE-2024-26813.mbox +++ b/cve/published/2024/CVE-2024-26813.mbox @@ -38,6 +38,8 @@ The Linux kernel CVE team has assigned CVE-2024-26813 to this issue. Affected and fixed versions =========================== + Issue introduced in 4.1 with commit 57f972e2b341 and fixed in 5.4.274 with commit 07afdfd8a68f + Issue introduced in 4.1 with commit 57f972e2b341 and fixed in 5.10.215 with commit 09452c8fcbd7 Issue introduced in 4.1 with commit 57f972e2b341 and fixed in 5.15.154 with commit cc5838f19d39 Issue introduced in 4.1 with commit 57f972e2b341 and fixed in 6.1.84 with commit 7932db06c82c Issue introduced in 4.1 with commit 57f972e2b341 and fixed in 6.6.24 with commit 62d4e43a569b @@ -72,6 +74,8 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/07afdfd8a68f9eea8db0ddc4626c874f29d2ac5e + https://git.kernel.org/stable/c/09452c8fcbd7817c06e8e3212d99b45917e603a5 https://git.kernel.org/stable/c/cc5838f19d39a5fef04c468199699d2a4578be3a https://git.kernel.org/stable/c/7932db06c82c5b2f42a4d1a849d97dba9ce4a362 https://git.kernel.org/stable/c/62d4e43a569b67929eb3319780be5359694c8086 diff --git a/cve/published/2024/CVE-2024-26814.json b/cve/published/2024/CVE-2024-26814.json index 39e3f2eb..09500146 100644 --- a/cve/published/2024/CVE-2024-26814.json +++ b/cve/published/2024/CVE-2024-26814.json @@ -19,6 +19,12 @@ "versions": [ { "version": "cc0ee20bd969", + "lessThan": "a563fc18583c", + "status": "affected", + "versionType": "git" + }, + { + "version": "cc0ee20bd969", "lessThan": "250219c6a556", "status": "affected", "versionType": "git" @@ -72,6 +78,12 @@ "versionType": "custom" }, { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "5.15.154", "lessThanOrEqual": "5.15.*", "status": "unaffected", @@ -112,6 +124,9 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/a563fc18583ca4f42e2fdd0c70c7c618288e7ede" + }, + { "url": "https://git.kernel.org/stable/c/250219c6a556f8c69c5910fca05a59037e24147d" }, { diff --git a/cve/published/2024/CVE-2024-26814.mbox b/cve/published/2024/CVE-2024-26814.mbox index 78990903..e7111603 100644 --- a/cve/published/2024/CVE-2024-26814.mbox +++ b/cve/published/2024/CVE-2024-26814.mbox @@ -29,6 +29,7 @@ The Linux kernel CVE team has assigned CVE-2024-26814 to this issue. Affected and fixed versions =========================== + Issue introduced in 5.10 with commit cc0ee20bd969 and fixed in 5.10.215 with commit a563fc18583c Issue introduced in 5.10 with commit cc0ee20bd969 and fixed in 5.15.154 with commit 250219c6a556 Issue introduced in 5.10 with commit cc0ee20bd969 and fixed in 6.1.84 with commit 083e750c9f5f Issue introduced in 5.10 with commit cc0ee20bd969 and fixed in 6.6.24 with commit ee0bd4ad780d @@ -63,6 +64,7 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/a563fc18583ca4f42e2fdd0c70c7c618288e7ede https://git.kernel.org/stable/c/250219c6a556f8c69c5910fca05a59037e24147d https://git.kernel.org/stable/c/083e750c9f5f4c3bf61161330fb84d7c8e8bb417 https://git.kernel.org/stable/c/ee0bd4ad780dfbb60355b99f25063357ab488267 diff --git a/cve/published/2024/CVE-2024-27437.json b/cve/published/2024/CVE-2024-27437.json index 88929a25..2f14c26e 100644 --- a/cve/published/2024/CVE-2024-27437.json +++ b/cve/published/2024/CVE-2024-27437.json @@ -19,6 +19,18 @@ "versions": [ { "version": "89e1f7d4c66d", + "lessThan": "26389925d6c2", + "status": "affected", + "versionType": "git" + }, + { + "version": "89e1f7d4c66d", + "lessThan": "561d5e1998d5", + "status": "affected", + "versionType": "git" + }, + { + "version": "89e1f7d4c66d", "lessThan": "b7a2f0955ffc", "status": "affected", "versionType": "git" @@ -72,6 +84,18 @@ "versionType": "custom" }, { + "version": "5.4.274", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.215", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { "version": "5.15.154", "lessThanOrEqual": "5.15.*", "status": "unaffected", @@ -112,6 +136,12 @@ ], "references": [ { + "url": "https://git.kernel.org/stable/c/26389925d6c2126fb777821a0a983adca7ee6351" + }, + { + "url": "https://git.kernel.org/stable/c/561d5e1998d58b54ce2bbbb3e843b669aa0b3db5" + }, + { "url": "https://git.kernel.org/stable/c/b7a2f0955ffceffadfe098b40b50307431f45438" }, { diff --git a/cve/published/2024/CVE-2024-27437.mbox b/cve/published/2024/CVE-2024-27437.mbox index f265d46f..f2313ca0 100644 --- a/cve/published/2024/CVE-2024-27437.mbox +++ b/cve/published/2024/CVE-2024-27437.mbox @@ -28,6 +28,8 @@ The Linux kernel CVE team has assigned CVE-2024-27437 to this issue. Affected and fixed versions =========================== + Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 5.4.274 with commit 26389925d6c2 + Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 5.10.215 with commit 561d5e1998d5 Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 5.15.154 with commit b7a2f0955ffc Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 6.1.84 with commit 139dfcc4d723 Issue introduced in 3.6 with commit 89e1f7d4c66d and fixed in 6.6.24 with commit 2a4a666c4510 @@ -62,6 +64,8 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/26389925d6c2126fb777821a0a983adca7ee6351 + https://git.kernel.org/stable/c/561d5e1998d58b54ce2bbbb3e843b669aa0b3db5 https://git.kernel.org/stable/c/b7a2f0955ffceffadfe098b40b50307431f45438 https://git.kernel.org/stable/c/139dfcc4d723ab13469881200c7d80f49d776060 https://git.kernel.org/stable/c/2a4a666c45107206605b7b5bc20545f8aabc4fa2 |