From nobody Sun Feb  8 21:08:52 2026
Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com
 [205.220.165.32])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id AB43C1EE00C
	for <linux-kernel@vger.kernel.org>; Mon, 20 Jan 2025 17:10:53 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=205.220.165.32
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1737393056; cv=none;
 b=BDVm2TuwLC+BNOX/Y2vLey1IDZ+H0ntcy6K9FB1Ncz7vrhwFTlTBOBZOVsAwZDGvhojktPbzoeD+G+IPfe37iUpftTPd0rDzL2b1LLmFtmnjeW9+UvYbfuXCKyz2t+8wg/cXsnjUTk3ayM3/AVPaAy8uxhbmcySdm4I4+H1DIrI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1737393056; c=relaxed/simple;
	bh=sCprfajKIuVc3W1GTOR5uLLfQJLKFbeGLcioBmohWgA=;
	h=From:To:Cc:Subject:Date:Message-ID:MIME-Version;
 b=m4tikMC6T2Olx3iEysZgX9ifhHJLY2yNbYthAe++4KOe4wLNgGvEuAywzlFaCHUL1GeHVeT3c668gkc6rxubxVFWHHjsB5vulBIMRTwFPah7haI+E0TWwYs1m1DDr/7N05dV26SfZ2n2v0YNs8Fu49lMzvJkaMw0VOYnHDCROQo=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=oracle.com;
 spf=pass smtp.mailfrom=oracle.com;
 dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com
 header.b=TTS8LLsA; arc=none smtp.client-ip=205.220.165.32
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=oracle.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=oracle.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com
 header.b="TTS8LLsA"
Received: from pps.filterd (m0246627.ppops.net [127.0.0.1])
	by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id
 50KGMwYS027566;
	Mon, 20 Jan 2025 17:10:45 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=cc
	:content-transfer-encoding:date:from:message-id:mime-version
	:subject:to; s=corp-2023-11-20; bh=CmjXa1dPgPCT+ypfh4FQVe184unhX
	/208aXDMjcWDxQ=; b=TTS8LLsAREM6VInVyn6oZwkvmNGtBkzGruIg3Td0uWwAC
	EIQvP7W3NQc6Xv1uDKwqPGfpOeAC0PoTZMiAncnft1bRNUmBXfbfWUb1CQBsBQ/u
	pxov/GMAUmF+720o5kv91Xa7KTbGbJBLdSf4a0JzCb4YK/5jCtDIX4Vxf5Ns+M6u
	Jit+vbyG8P9NeEr3vNEyGZUF9jgwVuovyUl206joAMFlrNGQNqGKW3KNdZLpz4dE
	vv9DoJhYUGMxRLSlUvrcl0vRWLfAV+1l01QgFwQQx5MhAXy6jzluqGVp317K5Ovv
	0FmxQTGEWEVF/Dg1xnueFju2+j+pV+k2bypa4U/5A==
Received: from iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com
 (iadpaimrmta03.appoci.oracle.com [130.35.103.27])
	by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 4485qam3cc-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Mon, 20 Jan 2025 17:10:45 +0000 (GMT)
Received: from pps.filterd
 (iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1])
	by iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (8.18.1.2/8.18.1.2)
 with ESMTP id 50KGBNJ4005537;
	Mon, 20 Jan 2025 17:10:44 GMT
Received: from pps.reinject (localhost [127.0.0.1])
	by iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id
 449193anb2-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Mon, 20 Jan 2025 17:10:43 +0000
Received: from iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com
 (iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1])
	by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 50KHAh9W005441;
	Mon, 20 Jan 2025 17:10:43 GMT
Received: from ca-dev112.us.oracle.com (ca-dev112.us.oracle.com
 [10.129.136.47])
	by iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTP id
 449193anar-1;
	Mon, 20 Jan 2025 17:10:43 +0000
From: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
To: cve@kernel.org
Cc: linux-kernel@vger.kernel.org, vegard.nossum@oracle.com,
 pkshih@realtek.com,
        ville.syrjala@linux.intel.com, ranjan.kumar@broadcom.com,
        himanshu.madhani@oracle.com,
        Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Subject: [PATCH] Add vulnerable commits for few CVEs
Date: Mon, 20 Jan 2025 09:10:40 -0800
Message-ID: <20250120171040.3927637-1-harshit.m.mogalapalli@oracle.com>
X-Mailer: git-send-email 2.46.0
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34
 definitions=2025-01-20_04,2025-01-20_03,2024-11-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0
 phishscore=0 bulkscore=0
 suspectscore=0 mlxscore=0 mlxlogscore=999 malwarescore=0 spamscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2411120000
 definitions=main-2501200141
X-Proofpoint-GUID: BwVFHK7J7V1V_Xf7z0ko3e-QDt9BblTn
X-Proofpoint-ORIG-GUID: BwVFHK7J7V1V_Xf7z0ko3e-QDt9BblTn
Content-Type: text/plain; charset="utf-8"

CVE-2024-57804: A more appropriate broken commit is Fixes: 32d457d5a2af
("scsi: mpi3mr: Add framework to issue config requests") which added all
the allocations of the config pages and the CVE fix deals with fixing
corruption in config pages.

CVE-2024-56369: fixed by adding overflow happening with multiplication.
Multiplication was first introduced here, so Fixes: 2f0e9d804935 ("drm:
Make drm_mode_vrefresh() a bit more accurate") is the vulnerable commit

CVE-2024-48873: deals with checking return value in
ieee80211_probereq_get() function, so Fixes: c6aa9a9c4725 ("wifi: rtw89:
add RNR support for 6 GHz scan") is the vulnerable commit as it adds the
function.

Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
---
 cve/published/2024/CVE-2024-48873.vulnerable | 2 +-
 cve/published/2024/CVE-2024-56369.vulnerable | 1 +
 cve/published/2024/CVE-2024-57804.vulnerable | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)
 create mode 100644 cve/published/2024/CVE-2024-56369.vulnerable

diff --git a/cve/published/2024/CVE-2024-48873.vulnerable b/cve/published/2=
024/CVE-2024-48873.vulnerable
index c88ccd4fedfc..07dea2b74e50 100644
--- a/cve/published/2024/CVE-2024-48873.vulnerable
+++ b/cve/published/2024/CVE-2024-48873.vulnerable
@@ -1 +1 @@
-e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd
+c6aa9a9c47252ac7b07ed6d10459027e2f2a2de0
diff --git a/cve/published/2024/CVE-2024-56369.vulnerable b/cve/published/2=
024/CVE-2024-56369.vulnerable
new file mode 100644
index 000000000000..a3d0a9973c8a
--- /dev/null
+++ b/cve/published/2024/CVE-2024-56369.vulnerable
@@ -0,0 +1 @@
+2f0e9d804935970a4ce0f58dd046b41881bfd8f3
diff --git a/cve/published/2024/CVE-2024-57804.vulnerable b/cve/published/2=
024/CVE-2024-57804.vulnerable
index 59edd912279d..edbba87bfc57 100644
--- a/cve/published/2024/CVE-2024-57804.vulnerable
+++ b/cve/published/2024/CVE-2024-57804.vulnerable
@@ -1 +1 @@
-c4f7ac64616ee513f9ac4ae6c4d8c3cccb6974df
+32d457d5a2af9bf5ddbe28297eabf1fc93451665
--=20
2.46.0