Merge pull request #37 from ginglis13/release-2.1.0-advisories

Add advisories for 2.1.0 and 2.2.0 releases
bottlerocket-os · Jul 23, 2024 · 733f865 · 733f865
2 parents 1e6f803 + b250103
commit 733f865
Show file tree

Hide file tree

Showing 25 changed files with 393 additions and 0 deletions.
diff --git a/advisories/2.1.0/BRSA-1j0o73qa.toml b/advisories/2.1.0/BRSA-1j0o73qa.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-1j0o73qa"
+title = "kernel CVE-2024-36933"
+cve = "CVE-2024-36933"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: -  - nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment()."
+
+[[advisory.products]]
+package-name = "kernel-5.15"
+patched-version = "kernel-5.15.160-104.158.amzn2"
+
+[updateinfo]
+author = "giinglis"
+issue-date = 2024-07-08T23:14:32Z
+arches = ["aarch64", "x86_64"]
+version = "2.1.0"
diff --git a/advisories/2.1.0/BRSA-2tasnivu.toml b/advisories/2.1.0/BRSA-2tasnivu.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-2tasnivu"
+title = "kernel CVE-2024-36905"
+cve = "CVE-2024-36905"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: -  - tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets"
+
+[[advisory.products]]
+package-name = "kernel-5.15"
+patched-version = "kernel-5.15.160-104.158.amzn2"
+
+[updateinfo]
+author = "giinglis"
+issue-date = 2024-07-08T23:14:32Z
+arches = ["aarch64", "x86_64"]
+version = "2.1.0"
diff --git a/advisories/2.1.0/BRSA-2x8obvtk.toml b/advisories/2.1.0/BRSA-2x8obvtk.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-2x8obvtk"
+title = "kernel CVE-2022-0480"
+cve = "CVE-2022-0480"
+severity = "moderate"
+description = "A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks."
+
+[[advisory.products]]
+package-name = "kernel-5.10"
+patched-version = "kernel-5.10.218-206.860.amzn2"
+
+[updateinfo]
+author = "giinglis"
+issue-date = 2024-07-08T23:14:32Z
+arches = ["x86_64", "aarch64"]
+version = "2.1.0"
diff --git a/advisories/2.1.0/BRSA-3rxphdbv.toml b/advisories/2.1.0/BRSA-3rxphdbv.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-3rxphdbv"
+title = "kernel CVE-2024-36929"
+cve = "CVE-2024-36929"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: -  - net: core: reject skb_copy(_expand) for fraglist GSO skbs"
+
+[[advisory.products]]
+package-name = "kernel-5.15"
+patched-version = "kernel-5.15.160-104.158.amzn2"
+
+[updateinfo]
+author = "giinglis"
+issue-date = 2024-07-08T23:14:32Z
+arches = ["x86_64", "aarch64"]
+version = "2.1.0"
diff --git a/advisories/2.1.0/BRSA-7f63qbv5.toml b/advisories/2.1.0/BRSA-7f63qbv5.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-7f63qbv5"
+title = "kernel CVE-2024-36959"
+cve = "CVE-2024-36959"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: -  - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()"
+
+[[advisory.products]]
+package-name = "kernel-5.15"
+patched-version = "kernel-5.15.160-104.158.amzn2"
+
+[updateinfo]
+author = "giinglis"
+issue-date = 2024-07-08T23:14:32Z
+arches = ["x86_64", "aarch64"]
+version = "2.1.0"
diff --git a/advisories/2.1.0/BRSA-aikmzvxp.toml b/advisories/2.1.0/BRSA-aikmzvxp.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-aikmzvxp"
+title = "kernel CVE-2024-36904"
+cve = "CVE-2024-36904"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: -  - tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()."
+
+[[advisory.products]]
+package-name = "kernel-5.15"
+patched-version = "kernel-5.15.160-104.158.amzn2"
+
+[updateinfo]
+author = "giinglis"
+issue-date = 2024-07-08T23:14:32Z
+arches = ["aarch64", "x86_64"]
+version = "2.1.0"
diff --git a/advisories/2.1.0/BRSA-aps0i7kh.toml b/advisories/2.1.0/BRSA-aps0i7kh.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-aps0i7kh"
+title = "kernel CVE-2023-52585"
+cve = "CVE-2023-52585"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: -  - drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()"
+
+[[advisory.products]]
+package-name = "kernel-5.10"
+patched-version = "kernel-5.10.218-206.860.amzn2"
+
+[updateinfo]
+author = "giinglis"
+issue-date = 2024-07-08T23:14:32Z
+arches = ["aarch64", "x86_64"]
+version = "2.1.0"
diff --git a/advisories/2.1.0/BRSA-dckchike.toml b/advisories/2.1.0/BRSA-dckchike.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-dckchike"
+title = "kernel CVE-2024-36940"
+cve = "CVE-2024-36940"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: -  - pinctrl: core: delete incorrect free in pinctrl_enable()"
+
+[[advisory.products]]
+package-name = "kernel-5.15"
+patched-version = "kernel-5.15.160-104.158.amzn2"
+
+[updateinfo]
+author = "giinglis"
+issue-date = 2024-07-08T23:14:32Z
+arches = ["x86_64", "aarch64"]
+version = "2.1.0"
diff --git a/advisories/2.1.0/BRSA-fcolmxto.toml b/advisories/2.1.0/BRSA-fcolmxto.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-fcolmxto"
+title = "kernel CVE-2024-36017"
+cve = "CVE-2024-36017"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: -  - rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation"
+
+[[advisory.products]]
+package-name = "kernel-5.15"
+patched-version = "kernel-5.15.160-104.158.amzn2"
+
+[updateinfo]
+author = "giinglis"
+issue-date = 2024-07-08T23:14:32Z
+arches = ["x86_64", "aarch64"]
+version = "2.1.0"
diff --git a/advisories/2.1.0/BRSA-jejlmmhe.toml b/advisories/2.1.0/BRSA-jejlmmhe.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-jejlmmhe"
+title = "kernel CVE-2024-36906"
+cve = "CVE-2024-36906"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: -  - ARM: 9381/1: kasan: clear stale stack poison"
+
+[[advisory.products]]
+package-name = "kernel-5.15"
+patched-version = "kernel-5.15.160-104.158.amzn2"
+
+[updateinfo]
+author = "giinglis"
+issue-date = 2024-07-08T23:14:32Z
+arches = ["aarch64", "x86_64"]
+version = "2.1.0"
diff --git a/advisories/2.1.0/BRSA-kysawmjt.toml b/advisories/2.1.0/BRSA-kysawmjt.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-kysawmjt"
+title = "kernel CVE-2024-36937"
+cve = "CVE-2024-36937"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: -  - xdp: use flags field to disambiguate broadcast redirect"
+
+[[advisory.products]]
+package-name = "kernel-5.15"
+patched-version = "kernel-5.15.160-104.158.amzn2"
+
+[updateinfo]
+author = "giinglis"
+issue-date = 2024-07-08T23:14:32Z
+arches = ["aarch64", "x86_64"]
+version = "2.1.0"
diff --git a/advisories/2.1.0/BRSA-ng5nibky.toml b/advisories/2.1.0/BRSA-ng5nibky.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-ng5nibky"
+title = "kernel CVE-2021-47402"
+cve = "CVE-2021-47402"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: -  - net: sched: flower: protect fl_walk() with rcu"
+
+[[advisory.products]]
+package-name = "kernel-5.10"
+patched-version = "kernel-5.10.218-206.860.amzn2"
+
+[updateinfo]
+author = "giinglis"
+issue-date = 2024-07-08T23:14:32Z
+arches = ["x86_64", "aarch64"]
+version = "2.1.0"
diff --git a/advisories/2.1.0/BRSA-ntlup9yt.toml b/advisories/2.1.0/BRSA-ntlup9yt.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-ntlup9yt"
+title = "kernel CVE-2024-36902"
+cve = "CVE-2024-36902"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: -  - ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()"
+
+[[advisory.products]]
+package-name = "kernel-5.15"
+patched-version = "kernel-5.15.160-104.158.amzn2"
+
+[updateinfo]
+author = "giinglis"
+issue-date = 2024-07-08T23:14:32Z
+arches = ["aarch64", "x86_64"]
+version = "2.1.0"
diff --git a/advisories/2.1.0/BRSA-pyetdfgd.toml b/advisories/2.1.0/BRSA-pyetdfgd.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-pyetdfgd"
+title = "kernel CVE-2024-36883"
+cve = "CVE-2024-36883"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: -  - net: fix out-of-bounds access in ops_init"
+
+[[advisory.products]]
+package-name = "kernel-5.15"
+patched-version = "kernel-5.15.160-104.158.amzn2"
+
+[updateinfo]
+author = "giinglis"
+issue-date = 2024-07-08T23:14:32Z
+arches = ["x86_64", "aarch64"]
+version = "2.1.0"
diff --git a/advisories/2.1.0/BRSA-r5powghb.toml b/advisories/2.1.0/BRSA-r5powghb.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-r5powghb"
+title = "kernel CVE-2024-36939"
+cve = "CVE-2024-36939"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: -  - nfs: Handle error of rpc_proc_register() in nfs_net_init()."
+
+[[advisory.products]]
+package-name = "kernel-5.15"
+patched-version = "kernel-5.15.160-104.158.amzn2"
+
+[updateinfo]
+author = "giinglis"
+issue-date = 2024-07-08T23:14:32Z
+arches = ["aarch64", "x86_64"]
+version = "2.1.0"
diff --git a/advisories/2.1.0/BRSA-uqiygq33.toml b/advisories/2.1.0/BRSA-uqiygq33.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-uqiygq33"
+title = "kernel CVE-2023-52707"
+cve = "CVE-2023-52707"
+severity = "high"
+description = "In the Linux kernel, the following vulnerability has been resolved: -  - sched/psi: Fix use-after-free in ep_remove_wait_queue()"
+
+[[advisory.products]]
+package-name = "kernel-5.10"
+patched-version = "kernel-5.10.218-206.860.amzn2"
+
+[updateinfo]
+author = "giinglis"
+issue-date = 2024-07-08T23:14:32Z
+arches = ["aarch64", "x86_64"]
+version = "2.1.0"
diff --git a/advisories/2.1.0/BRSA-v2kgiwsa.toml b/advisories/2.1.0/BRSA-v2kgiwsa.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-v2kgiwsa"
+title = "kernel CVE-2024-36916"
+cve = "CVE-2024-36916"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: -  - blk-iocost: avoid out of bounds shift"
+
+[[advisory.products]]
+package-name = "kernel-5.15"
+patched-version = "kernel-5.15.160-104.158.amzn2"
+
+[updateinfo]
+author = "giinglis"
+issue-date = 2024-07-08T23:14:32Z
+arches = ["x86_64", "aarch64"]
+version = "2.1.0"
diff --git a/advisories/2.1.0/BRSA-vo0lqdwx.toml b/advisories/2.1.0/BRSA-vo0lqdwx.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-vo0lqdwx"
+title = "kernel CVE-2024-26900"
+cve = "CVE-2024-26900"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: -  - md: fix kmemleak of rdev->serial"
+
+[[advisory.products]]
+package-name = "kernel-5.15"
+patched-version = "kernel-5.15.160-104.158.amzn2"
+
+[updateinfo]
+author = "giinglis"
+issue-date = 2024-07-08T23:14:32Z
+arches = ["x86_64", "aarch64"]
+version = "2.1.0"
diff --git a/advisories/2.1.0/BRSA-w8zsgmv2.toml b/advisories/2.1.0/BRSA-w8zsgmv2.toml
@@ -0,0 +1,20 @@
+[advisory]
+id = "BRSA-w8zsgmv2"
+title = "kernel CVE-2024-36971"
+cve = "CVE-2024-36971"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: -  - net: fix __dst_negative_advice() race"
+
+[[advisory.products]]
+package-name = "kernel-5.10"
+patched-version = "kernel-5.10.219-208.866.amzn2"
+
+[[advisory.products]]
+package-name = "kernel-6.1"
+patched-version = "kernel-6.1.94-99.176.amzn2023"
+
+[updateinfo]
+author = "giinglis"
+issue-date = 2024-07-08T23:14:32Z
+arches = ["aarch64", "x86_64"]
+version = "2.1.0"
diff --git a/advisories/2.1.0/BRSA-ypdtng9t.toml b/advisories/2.1.0/BRSA-ypdtng9t.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-ypdtng9t"
+title = "kernel CVE-2024-35947"
+cve = "CVE-2024-35947"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: -  - dyndbg: fix old BUG_ON in >control parser"
+
+[[advisory.products]]
+package-name = "kernel-5.15"
+patched-version = "kernel-5.15.160-104.158.amzn2"
+
+[updateinfo]
+author = "giinglis"
+issue-date = 2024-07-08T23:14:32Z
+arches = ["aarch64", "x86_64"]
+version = "2.1.0"
diff --git a/advisories/2.1.0/BRSA-ysgwwzoa.toml b/advisories/2.1.0/BRSA-ysgwwzoa.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-ysgwwzoa"
+title = "kernel CVE-2024-36938"
+cve = "CVE-2024-36938"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: -  - bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue"
+
+[[advisory.products]]
+package-name = "kernel-5.15"
+patched-version = "kernel-5.15.160-104.158.amzn2"
+
+[updateinfo]
+author = "giinglis"
+issue-date = 2024-07-08T23:14:32Z
+arches = ["aarch64", "x86_64"]
+version = "2.1.0"
diff --git a/advisories/2.1.0/BRSA-yu6lsgjn.toml b/advisories/2.1.0/BRSA-yu6lsgjn.toml
@@ -0,0 +1,20 @@
+[advisory]
+id = "BRSA-yu6lsgjn"
+title = "kernel CVE-2024-36889"
+cve = "CVE-2024-36889"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: -  - mptcp: ensure snd_nxt is properly initialized on connect"
+
+[[advisory.products]]
+package-name = "kernel-5.10"
+patched-version = "kernel-5.10.218-206.860.amzn2"
+
+[[advisory.products]]
+package-name = "kernel-5.15"
+patched-version = "kernel-5.15.160-104.158.amzn2"
+
+[updateinfo]
+author = "giinglis"
+issue-date = 2024-07-08T23:14:32Z
+arches = ["x86_64", "aarch64"]
+version = "2.1.0"
diff --git a/advisories/2.2.0/BRSA-qeljrksg.toml b/advisories/2.2.0/BRSA-qeljrksg.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "BRSA-qeljrksg"
+title = "kernel CVE-2024-36971"
+cve = "CVE-2024-36971"
+severity = "moderate"
+description = "In the Linux kernel, the following vulnerability has been resolved: -  - net: fix __dst_negative_advice() race"
+
+[[advisory.products]]
+package-name = "kernel-5.15"
+patched-version = "kernel-5.15.161-106.159.amzn2"
+
+[updateinfo]
+author = "giinglis"
+issue-date = 2024-07-18T20:54:34Z
+arches = ["aarch64", "x86_64"]
+version = "2.2.0"