1. Patchew
  2. linux
  3. View series

[PATCH] Add vulnerable commits for few CVEs

Harshit Mogalapalli posted 1 patch 11 months ago
There is a newer version of this series
cve/published/2024/CVE-2024-48873.vulnerable | 2 +-
cve/published/2024/CVE-2024-56369.vulnerable | 1 +
cve/published/2024/CVE-2024-57804.vulnerable | 2 +-
3 files changed, 3 insertions(+), 2 deletions(-)
create mode 100644 cve/published/2024/CVE-2024-56369.vulnerable
[PATCH] Add vulnerable commits for few CVEs
Posted by Harshit Mogalapalli 11 months ago 
CVE-2024-57804: A more appropriate broken commit is Fixes: 32d457d5a2af
("scsi: mpi3mr: Add framework to issue config requests") which added all
the allocations of the config pages and the CVE fix deals with fixing
corruption in config pages.

CVE-2024-56369: fixed by adding overflow happening with multiplication.
Multiplication was first introduced here, so Fixes: 2f0e9d804935 ("drm:
Make drm_mode_vrefresh() a bit more accurate") is the vulnerable commit

CVE-2024-48873: deals with checking return value in
ieee80211_probereq_get() function, so Fixes: c6aa9a9c4725 ("wifi: rtw89:
add RNR support for 6 GHz scan") is the vulnerable commit as it adds the
function.

Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
---
 cve/published/2024/CVE-2024-48873.vulnerable | 2 +-
 cve/published/2024/CVE-2024-56369.vulnerable | 1 +
 cve/published/2024/CVE-2024-57804.vulnerable | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)
 create mode 100644 cve/published/2024/CVE-2024-56369.vulnerable

diff --git a/cve/published/2024/CVE-2024-48873.vulnerable b/cve/published/2024/CVE-2024-48873.vulnerable
index c88ccd4fedfc..07dea2b74e50 100644
--- a/cve/published/2024/CVE-2024-48873.vulnerable
+++ b/cve/published/2024/CVE-2024-48873.vulnerable
@@ -1 +1 @@
-e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd
+c6aa9a9c47252ac7b07ed6d10459027e2f2a2de0
diff --git a/cve/published/2024/CVE-2024-56369.vulnerable b/cve/published/2024/CVE-2024-56369.vulnerable
new file mode 100644
index 000000000000..a3d0a9973c8a
--- /dev/null
+++ b/cve/published/2024/CVE-2024-56369.vulnerable
@@ -0,0 +1 @@
+2f0e9d804935970a4ce0f58dd046b41881bfd8f3
diff --git a/cve/published/2024/CVE-2024-57804.vulnerable b/cve/published/2024/CVE-2024-57804.vulnerable
index 59edd912279d..edbba87bfc57 100644
--- a/cve/published/2024/CVE-2024-57804.vulnerable
+++ b/cve/published/2024/CVE-2024-57804.vulnerable
@@ -1 +1 @@
-c4f7ac64616ee513f9ac4ae6c4d8c3cccb6974df
+32d457d5a2af9bf5ddbe28297eabf1fc93451665
-- 
2.46.0
Re: [PATCH] Add vulnerable commits for few CVEs
Posted by Greg KH 11 months ago 
On Mon, Jan 20, 2025 at 09:10:40AM -0800, Harshit Mogalapalli wrote:
> CVE-2024-57804: A more appropriate broken commit is Fixes: 32d457d5a2af
> ("scsi: mpi3mr: Add framework to issue config requests") which added all
> the allocations of the config pages and the CVE fix deals with fixing
> corruption in config pages.
> 
> CVE-2024-56369: fixed by adding overflow happening with multiplication.
> Multiplication was first introduced here, so Fixes: 2f0e9d804935 ("drm:
> Make drm_mode_vrefresh() a bit more accurate") is the vulnerable commit
> 
> CVE-2024-48873: deals with checking return value in
> ieee80211_probereq_get() function, so Fixes: c6aa9a9c4725 ("wifi: rtw89:
> add RNR support for 6 GHz scan") is the vulnerable commit as it adds the
> function.
> 
> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
> ---
>  cve/published/2024/CVE-2024-48873.vulnerable | 2 +-
>  cve/published/2024/CVE-2024-56369.vulnerable | 1 +
>  cve/published/2024/CVE-2024-57804.vulnerable | 2 +-
>  3 files changed, 3 insertions(+), 2 deletions(-)
>  create mode 100644 cve/published/2024/CVE-2024-56369.vulnerable

Many thanks for these, all now applied and the updated CVE entries
pushed out.

greg k-h

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.