| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250120171040.3927637-1-harshit.m.mogalapalli@oracle.com>
Date: Mon, 20 Jan 2025 09:10:40 -0800
From: Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
To: cve@...nel.org
Cc: linux-kernel@...r.kernel.org, vegard.nossum@...cle.com, pkshih@...ltek.com,
ville.syrjala@...ux.intel.com, ranjan.kumar@...adcom.com,
himanshu.madhani@...cle.com,
Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
Subject: [PATCH] Add vulnerable commits for few CVEs
CVE-2024-57804: A more appropriate broken commit is Fixes: 32d457d5a2af
("scsi: mpi3mr: Add framework to issue config requests") which added all
the allocations of the config pages and the CVE fix deals with fixing
corruption in config pages.
CVE-2024-56369: fixed by adding overflow happening with multiplication.
Multiplication was first introduced here, so Fixes: 2f0e9d804935 ("drm:
Make drm_mode_vrefresh() a bit more accurate") is the vulnerable commit
CVE-2024-48873: deals with checking return value in
ieee80211_probereq_get() function, so Fixes: c6aa9a9c4725 ("wifi: rtw89:
add RNR support for 6 GHz scan") is the vulnerable commit as it adds the
function.
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
---
cve/published/2024/CVE-2024-48873.vulnerable | 2 +-
cve/published/2024/CVE-2024-56369.vulnerable | 1 +
cve/published/2024/CVE-2024-57804.vulnerable | 2 +-
3 files changed, 3 insertions(+), 2 deletions(-)
create mode 100644 cve/published/2024/CVE-2024-56369.vulnerable
diff --git a/cve/published/2024/CVE-2024-48873.vulnerable b/cve/published/2024/CVE-2024-48873.vulnerable
index c88ccd4fedfc..07dea2b74e50 100644
--- a/cve/published/2024/CVE-2024-48873.vulnerable
+++ b/cve/published/2024/CVE-2024-48873.vulnerable
@@ -1 +1 @@
-e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd
+c6aa9a9c47252ac7b07ed6d10459027e2f2a2de0
diff --git a/cve/published/2024/CVE-2024-56369.vulnerable b/cve/published/2024/CVE-2024-56369.vulnerable
new file mode 100644
index 000000000000..a3d0a9973c8a
--- /dev/null
+++ b/cve/published/2024/CVE-2024-56369.vulnerable
@@ -0,0 +1 @@
+2f0e9d804935970a4ce0f58dd046b41881bfd8f3
diff --git a/cve/published/2024/CVE-2024-57804.vulnerable b/cve/published/2024/CVE-2024-57804.vulnerable
index 59edd912279d..edbba87bfc57 100644
--- a/cve/published/2024/CVE-2024-57804.vulnerable
+++ b/cve/published/2024/CVE-2024-57804.vulnerable
@@ -1 +1 @@
-c4f7ac64616ee513f9ac4ae6c4d8c3cccb6974df
+32d457d5a2af9bf5ddbe28297eabf1fc93451665
--
2.46.0
Powered by blists - more mailing lists