Update 5May2023
[ci skip]
diff --git a/CHANGES.md b/CHANGES.md
index b4c5f67..aa53269 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -39,3 +39,7 @@
[CVE-2023-20941](cves/CVE-2023-20941)
[CVE-2023-28327](cves/CVE-2023-28327)
[CVE-2023-28328](cves/CVE-2023-28328)
+[CVE-2022-2196](cves/CVE-2022-2196)
+[CVE-2023-0045](cves/CVE-2023-0045)
+[CVE-2023-0266](cves/CVE-2023-0266)
+[CVE-2023-0461](cves/CVE-2023-0461)
diff --git a/data/3.12/3.12_CVEs.txt b/data/3.12/3.12_CVEs.txt
index 1967395..1dbef33 100644
--- a/data/3.12/3.12_CVEs.txt
+++ b/data/3.12/3.12_CVEs.txt
@@ -1243,7 +1243,7 @@
CVE-2023-1077: Fix not seen in stream
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
CVE-2023-1611: Fix not seen in stream
diff --git a/data/3.14/3.14_CVEs.txt b/data/3.14/3.14_CVEs.txt
index ba3291b..4e34551 100644
--- a/data/3.14/3.14_CVEs.txt
+++ b/data/3.14/3.14_CVEs.txt
@@ -1212,7 +1212,7 @@
CVE-2023-1077: Fix not seen in stream
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
CVE-2023-1611: Fix not seen in stream
diff --git a/data/3.16/3.16_CVEs.txt b/data/3.16/3.16_CVEs.txt
index 58c9083..9b9589e 100644
--- a/data/3.16/3.16_CVEs.txt
+++ b/data/3.16/3.16_CVEs.txt
@@ -1200,7 +1200,7 @@
CVE-2023-1095: Fix not seen in stream
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
CVE-2023-1611: Fix not seen in stream
diff --git a/data/3.18/3.18_CVEs.txt b/data/3.18/3.18_CVEs.txt
index 9bc526f..4374347 100644
--- a/data/3.18/3.18_CVEs.txt
+++ b/data/3.18/3.18_CVEs.txt
@@ -1185,7 +1185,7 @@
CVE-2023-1095: Fix not seen in stream
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
CVE-2023-1611: Fix not seen in stream
diff --git a/data/3.2/3.2_CVEs.txt b/data/3.2/3.2_CVEs.txt
index 2bfa70f..079efac 100644
--- a/data/3.2/3.2_CVEs.txt
+++ b/data/3.2/3.2_CVEs.txt
@@ -1214,7 +1214,7 @@
CVE-2023-1074: Fix not seen in stream
CVE-2023-1077: Fix not seen in stream
CVE-2023-1118: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
CVE-2023-1611: Fix not seen in stream
CVE-2023-1670: Fix not seen in stream
diff --git a/data/4.1/4.1_CVEs.txt b/data/4.1/4.1_CVEs.txt
index 73b807a..f08d8c0 100644
--- a/data/4.1/4.1_CVEs.txt
+++ b/data/4.1/4.1_CVEs.txt
@@ -1150,7 +1150,7 @@
CVE-2023-1095: Fix not seen in stream
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
CVE-2023-1611: Fix not seen in stream
diff --git a/data/4.10/4.10_CVEs.txt b/data/4.10/4.10_CVEs.txt
index 1c30e4e..9ffab30 100644
--- a/data/4.10/4.10_CVEs.txt
+++ b/data/4.10/4.10_CVEs.txt
@@ -1055,7 +1055,7 @@
CVE-2023-1095: Fix not seen in stream
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
@@ -1067,4 +1067,4 @@
CVE-2023-1855: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/4.11/4.11_CVEs.txt b/data/4.11/4.11_CVEs.txt
index 1e2005c..c88671d 100644
--- a/data/4.11/4.11_CVEs.txt
+++ b/data/4.11/4.11_CVEs.txt
@@ -1027,7 +1027,7 @@
CVE-2023-1095: Fix not seen in stream
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
@@ -1039,4 +1039,4 @@
CVE-2023-1855: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/4.12/4.12_CVEs.txt b/data/4.12/4.12_CVEs.txt
index 08fb21c..46f11df 100644
--- a/data/4.12/4.12_CVEs.txt
+++ b/data/4.12/4.12_CVEs.txt
@@ -1013,7 +1013,7 @@
CVE-2023-1095: Fix not seen in stream
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
@@ -1026,4 +1026,4 @@
CVE-2023-1859: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/4.13/4.13_CVEs.txt b/data/4.13/4.13_CVEs.txt
index cebd5a1..5c52abe 100644
--- a/data/4.13/4.13_CVEs.txt
+++ b/data/4.13/4.13_CVEs.txt
@@ -997,7 +997,7 @@
CVE-2023-1095: Fix not seen in stream
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
@@ -1010,4 +1010,4 @@
CVE-2023-1859: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/4.14/4.14_CVEs.txt b/data/4.14/4.14_CVEs.txt
index af837d5..afd8fb6 100644
--- a/data/4.14/4.14_CVEs.txt
+++ b/data/4.14/4.14_CVEs.txt
@@ -967,7 +967,7 @@
CVE-2023-1118: Fixed with 4.14.308
CVE-2023-1249: Fix not seen in stream
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fixed with 4.14.217
CVE-2023-1513: Fixed with 4.14.306
@@ -980,4 +980,4 @@
CVE-2023-1859: Fixed with 4.14.313
CVE-2023-1989: Fixed with 4.14.312
CVE-2023-1990: Fixed with 4.14.311
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/4.15/4.15_CVEs.txt b/data/4.15/4.15_CVEs.txt
index 2c5cc95..6e8409a 100644
--- a/data/4.15/4.15_CVEs.txt
+++ b/data/4.15/4.15_CVEs.txt
@@ -918,7 +918,7 @@
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
@@ -931,4 +931,4 @@
CVE-2023-1859: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/4.16/4.16_CVEs.txt b/data/4.16/4.16_CVEs.txt
index 15b3ec8..889abdd 100644
--- a/data/4.16/4.16_CVEs.txt
+++ b/data/4.16/4.16_CVEs.txt
@@ -898,7 +898,7 @@
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
@@ -911,4 +911,4 @@
CVE-2023-1859: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/4.17/4.17_CVEs.txt b/data/4.17/4.17_CVEs.txt
index 2507b2e..f306c57 100644
--- a/data/4.17/4.17_CVEs.txt
+++ b/data/4.17/4.17_CVEs.txt
@@ -879,7 +879,7 @@
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
@@ -893,4 +893,4 @@
CVE-2023-1859: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/4.18/4.18_CVEs.txt b/data/4.18/4.18_CVEs.txt
index ab270a7..8e20d51 100644
--- a/data/4.18/4.18_CVEs.txt
+++ b/data/4.18/4.18_CVEs.txt
@@ -857,7 +857,7 @@
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
@@ -871,4 +871,4 @@
CVE-2023-1859: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/4.19/4.19_CVEs.txt b/data/4.19/4.19_CVEs.txt
index 5f23c74..d2c1440 100644
--- a/data/4.19/4.19_CVEs.txt
+++ b/data/4.19/4.19_CVEs.txt
@@ -836,7 +836,7 @@
CVE-2023-1118: Fixed with 4.19.276
CVE-2023-1249: Fix not seen in stream
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fixed with 4.19.268
CVE-2023-1390: Fixed with 4.19.170
CVE-2023-1513: Fixed with 4.19.273
@@ -850,4 +850,4 @@
CVE-2023-1859: Fixed with 4.19.281
CVE-2023-1989: Fixed with 4.19.280
CVE-2023-1990: Fixed with 4.19.279
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/4.20/4.20_CVEs.txt b/data/4.20/4.20_CVEs.txt
index 73401f9..cbc609d 100644
--- a/data/4.20/4.20_CVEs.txt
+++ b/data/4.20/4.20_CVEs.txt
@@ -829,7 +829,7 @@
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
@@ -843,4 +843,4 @@
CVE-2023-1859: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/4.3/4.3_CVEs.txt b/data/4.3/4.3_CVEs.txt
index 75c0d7a..5f3bc01 100644
--- a/data/4.3/4.3_CVEs.txt
+++ b/data/4.3/4.3_CVEs.txt
@@ -1149,7 +1149,7 @@
CVE-2023-1095: Fix not seen in stream
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
diff --git a/data/4.4/4.4_CVEs.txt b/data/4.4/4.4_CVEs.txt
index 4dd7c3c..aa854b1 100644
--- a/data/4.4/4.4_CVEs.txt
+++ b/data/4.4/4.4_CVEs.txt
@@ -1130,7 +1130,7 @@
CVE-2023-1095: Fix not seen in stream
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
diff --git a/data/4.5/4.5_CVEs.txt b/data/4.5/4.5_CVEs.txt
index 8fcc430..1cf1805 100644
--- a/data/4.5/4.5_CVEs.txt
+++ b/data/4.5/4.5_CVEs.txt
@@ -1112,7 +1112,7 @@
CVE-2023-1095: Fix not seen in stream
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
diff --git a/data/4.6/4.6_CVEs.txt b/data/4.6/4.6_CVEs.txt
index caaf96b..dfcd709 100644
--- a/data/4.6/4.6_CVEs.txt
+++ b/data/4.6/4.6_CVEs.txt
@@ -1085,7 +1085,7 @@
CVE-2023-1095: Fix not seen in stream
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
diff --git a/data/4.7/4.7_CVEs.txt b/data/4.7/4.7_CVEs.txt
index b15e68a..667a4ab 100644
--- a/data/4.7/4.7_CVEs.txt
+++ b/data/4.7/4.7_CVEs.txt
@@ -1068,7 +1068,7 @@
CVE-2023-1095: Fix not seen in stream
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
diff --git a/data/4.8/4.8_CVEs.txt b/data/4.8/4.8_CVEs.txt
index d345793..0ff35e1 100644
--- a/data/4.8/4.8_CVEs.txt
+++ b/data/4.8/4.8_CVEs.txt
@@ -1072,7 +1072,7 @@
CVE-2023-1095: Fix not seen in stream
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
diff --git a/data/4.9/4.9_CVEs.txt b/data/4.9/4.9_CVEs.txt
index fbc04c3..59f1443 100644
--- a/data/4.9/4.9_CVEs.txt
+++ b/data/4.9/4.9_CVEs.txt
@@ -1071,7 +1071,7 @@
CVE-2023-1095: Fixed with 4.9.326
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fixed with 4.9.253
CVE-2023-1513: Fix not seen in stream
@@ -1083,4 +1083,4 @@
CVE-2023-1855: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/5.0/5.0_CVEs.txt b/data/5.0/5.0_CVEs.txt
index ffe7e23..3cdd7d7 100644
--- a/data/5.0/5.0_CVEs.txt
+++ b/data/5.0/5.0_CVEs.txt
@@ -808,7 +808,7 @@
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
@@ -822,4 +822,4 @@
CVE-2023-1859: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/5.1/5.1_CVEs.txt b/data/5.1/5.1_CVEs.txt
index dcc48ba..2a346e3 100644
--- a/data/5.1/5.1_CVEs.txt
+++ b/data/5.1/5.1_CVEs.txt
@@ -786,7 +786,7 @@
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
@@ -800,4 +800,4 @@
CVE-2023-1859: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/5.10/5.10_CVEs.txt b/data/5.10/5.10_CVEs.txt
index 2a3f9ed..0855549 100644
--- a/data/5.10/5.10_CVEs.txt
+++ b/data/5.10/5.10_CVEs.txt
@@ -520,7 +520,7 @@
CVE-2023-1249: Fixed with 5.10.110
CVE-2023-1252: Fixed with 5.10.80
CVE-2023-1281: Fixed with 5.10.169
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fixed with 5.10.157
CVE-2023-1390: Fixed with 5.10.10
CVE-2023-1513: Fixed with 5.10.169
@@ -535,4 +535,4 @@
CVE-2023-1872: Fix not seen in stream
CVE-2023-1989: Fixed with 5.10.177
CVE-2023-1990: Fixed with 5.10.176
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/5.11/5.11_CVEs.txt b/data/5.11/5.11_CVEs.txt
index 2c73d82..0107e26 100644
--- a/data/5.11/5.11_CVEs.txt
+++ b/data/5.11/5.11_CVEs.txt
@@ -512,7 +512,7 @@
CVE-2023-1249: Fix not seen in stream
CVE-2023-1252: Fix not seen in stream
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
CVE-2023-1582: Fix not seen in stream
@@ -526,4 +526,4 @@
CVE-2023-1872: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/5.12/5.12_CVEs.txt b/data/5.12/5.12_CVEs.txt
index 4486074..c9a1fcc 100644
--- a/data/5.12/5.12_CVEs.txt
+++ b/data/5.12/5.12_CVEs.txt
@@ -463,7 +463,7 @@
CVE-2023-1249: Fix not seen in stream
CVE-2023-1252: Fix not seen in stream
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
CVE-2023-1582: Fix not seen in stream
@@ -477,4 +477,4 @@
CVE-2023-1872: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/5.13/5.13_CVEs.txt b/data/5.13/5.13_CVEs.txt
index d09afff..fca9608 100644
--- a/data/5.13/5.13_CVEs.txt
+++ b/data/5.13/5.13_CVEs.txt
@@ -431,7 +431,7 @@
CVE-2023-1249: Fix not seen in stream
CVE-2023-1252: Fix not seen in stream
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
CVE-2023-1582: Fix not seen in stream
@@ -445,4 +445,4 @@
CVE-2023-1872: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/5.14/5.14_CVEs.txt b/data/5.14/5.14_CVEs.txt
index 888f592..01827c1 100644
--- a/data/5.14/5.14_CVEs.txt
+++ b/data/5.14/5.14_CVEs.txt
@@ -404,7 +404,7 @@
CVE-2023-1249: Fix not seen in stream
CVE-2023-1252: Fixed with 5.14.19
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
CVE-2023-1582: Fix not seen in stream
@@ -419,4 +419,4 @@
CVE-2023-1872: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/5.15/5.15_CVEs.txt b/data/5.15/5.15_CVEs.txt
index 7ccefa6..c36f05a 100644
--- a/data/5.15/5.15_CVEs.txt
+++ b/data/5.15/5.15_CVEs.txt
@@ -389,7 +389,7 @@
CVE-2023-1249: Fixed with 5.15.33
CVE-2023-1252: Fixed with 5.15.3
CVE-2023-1281: Fixed with 5.15.95
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fixed with 5.15.110
CVE-2023-1382: Fixed with 5.15.81
CVE-2023-1513: Fixed with 5.15.95
CVE-2023-1582: Fixed with 5.15.25
@@ -404,4 +404,4 @@
CVE-2023-1872: Fix not seen in stream
CVE-2023-1989: Fixed with 5.15.105
CVE-2023-1990: Fixed with 5.15.104
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fixed with 5.15.110
diff --git a/data/5.16/5.16_CVEs.txt b/data/5.16/5.16_CVEs.txt
index cfcd21f..72a2573 100644
--- a/data/5.16/5.16_CVEs.txt
+++ b/data/5.16/5.16_CVEs.txt
@@ -356,7 +356,7 @@
CVE-2023-1195: Fix not seen in stream
CVE-2023-1249: Fixed with 5.16.19
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
CVE-2023-1582: Fixed with 5.16.10
@@ -371,4 +371,4 @@
CVE-2023-1872: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/5.17/5.17_CVEs.txt b/data/5.17/5.17_CVEs.txt
index dab2d84..f090485 100644
--- a/data/5.17/5.17_CVEs.txt
+++ b/data/5.17/5.17_CVEs.txt
@@ -301,7 +301,7 @@
CVE-2023-1195: Fix not seen in stream
CVE-2023-1249: Fixed with 5.17.2
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
CVE-2023-1611: Fix not seen in stream
@@ -315,4 +315,4 @@
CVE-2023-1872: Fixed with 5.17.3
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/5.18/5.18_CVEs.txt b/data/5.18/5.18_CVEs.txt
index fb711d2..25011b0 100644
--- a/data/5.18/5.18_CVEs.txt
+++ b/data/5.18/5.18_CVEs.txt
@@ -255,7 +255,7 @@
CVE-2023-1194: Fix unknown
CVE-2023-1195: Fix not seen in stream
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
CVE-2023-1611: Fix not seen in stream
@@ -267,4 +267,4 @@
CVE-2023-1859: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/5.19/5.19_CVEs.txt b/data/5.19/5.19_CVEs.txt
index fed035b..5936617 100644
--- a/data/5.19/5.19_CVEs.txt
+++ b/data/5.19/5.19_CVEs.txt
@@ -211,7 +211,7 @@
CVE-2023-1194: Fix unknown
CVE-2023-1195: Fix not seen in stream
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
CVE-2023-1583: Fix not seen in stream
@@ -224,4 +224,4 @@
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
CVE-2023-1998: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/5.2/5.2_CVEs.txt b/data/5.2/5.2_CVEs.txt
index 4a94d63..6f9a9fc 100644
--- a/data/5.2/5.2_CVEs.txt
+++ b/data/5.2/5.2_CVEs.txt
@@ -749,7 +749,7 @@
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
@@ -763,4 +763,4 @@
CVE-2023-1859: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/5.3/5.3_CVEs.txt b/data/5.3/5.3_CVEs.txt
index 0fd2788..2d5871b 100644
--- a/data/5.3/5.3_CVEs.txt
+++ b/data/5.3/5.3_CVEs.txt
@@ -722,7 +722,7 @@
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
@@ -736,4 +736,4 @@
CVE-2023-1859: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/5.4/5.4_CVEs.txt b/data/5.4/5.4_CVEs.txt
index 0895e8f..4ee99d9 100644
--- a/data/5.4/5.4_CVEs.txt
+++ b/data/5.4/5.4_CVEs.txt
@@ -651,7 +651,7 @@
CVE-2023-1118: Fixed with 5.4.235
CVE-2023-1249: Fix not seen in stream
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fixed with 5.4.226
CVE-2023-1390: Fixed with 5.4.92
CVE-2023-1513: Fixed with 5.4.232
@@ -665,4 +665,4 @@
CVE-2023-1859: Fixed with 5.4.241
CVE-2023-1989: Fixed with 5.4.240
CVE-2023-1990: Fixed with 5.4.238
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/5.5/5.5_CVEs.txt b/data/5.5/5.5_CVEs.txt
index 43c4cdb..d75e501 100644
--- a/data/5.5/5.5_CVEs.txt
+++ b/data/5.5/5.5_CVEs.txt
@@ -612,7 +612,7 @@
CVE-2023-1118: Fix not seen in stream
CVE-2023-1249: Fix not seen in stream
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
@@ -626,4 +626,4 @@
CVE-2023-1859: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/5.6/5.6_CVEs.txt b/data/5.6/5.6_CVEs.txt
index 81643b5..99b57e7 100644
--- a/data/5.6/5.6_CVEs.txt
+++ b/data/5.6/5.6_CVEs.txt
@@ -589,7 +589,7 @@
CVE-2023-1249: Fix not seen in stream
CVE-2023-1252: Fix not seen in stream
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
@@ -603,4 +603,4 @@
CVE-2023-1859: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/5.7/5.7_CVEs.txt b/data/5.7/5.7_CVEs.txt
index 2f8db43..7ce7311 100644
--- a/data/5.7/5.7_CVEs.txt
+++ b/data/5.7/5.7_CVEs.txt
@@ -583,7 +583,7 @@
CVE-2023-1249: Fix not seen in stream
CVE-2023-1252: Fix not seen in stream
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
@@ -598,4 +598,4 @@
CVE-2023-1872: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/5.8/5.8_CVEs.txt b/data/5.8/5.8_CVEs.txt
index 17d5592..37824ce 100644
--- a/data/5.8/5.8_CVEs.txt
+++ b/data/5.8/5.8_CVEs.txt
@@ -567,7 +567,7 @@
CVE-2023-1249: Fix not seen in stream
CVE-2023-1252: Fix not seen in stream
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
@@ -582,4 +582,4 @@
CVE-2023-1872: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/5.9/5.9_CVEs.txt b/data/5.9/5.9_CVEs.txt
index 0820e89..5b90b51 100644
--- a/data/5.9/5.9_CVEs.txt
+++ b/data/5.9/5.9_CVEs.txt
@@ -540,7 +540,7 @@
CVE-2023-1249: Fix not seen in stream
CVE-2023-1252: Fix not seen in stream
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fix not seen in stream
CVE-2023-1390: Fix not seen in stream
CVE-2023-1513: Fix not seen in stream
@@ -555,4 +555,4 @@
CVE-2023-1872: Fix not seen in stream
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/6.0/6.0_CVEs.txt b/data/6.0/6.0_CVEs.txt
index f50b58f..9bd4849 100644
--- a/data/6.0/6.0_CVEs.txt
+++ b/data/6.0/6.0_CVEs.txt
@@ -175,7 +175,7 @@
CVE-2023-1194: Fix unknown
CVE-2023-1195: Fix not seen in stream
CVE-2023-1281: Fix not seen in stream
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fix not seen in stream
CVE-2023-1382: Fixed with 6.0.11
CVE-2023-1513: Fix not seen in stream
CVE-2023-1583: Fix not seen in stream
@@ -188,4 +188,4 @@
CVE-2023-1989: Fix not seen in stream
CVE-2023-1990: Fix not seen in stream
CVE-2023-1998: Fix not seen in stream
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fix not seen in stream
diff --git a/data/6.1/6.1_CVEs.txt b/data/6.1/6.1_CVEs.txt
index 711c94a..22f979f 100644
--- a/data/6.1/6.1_CVEs.txt
+++ b/data/6.1/6.1_CVEs.txt
@@ -124,7 +124,7 @@
CVE-2023-1193: Fix unknown
CVE-2023-1194: Fix unknown
CVE-2023-1281: Fixed with 6.1.13
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fixed with 6.1.27
CVE-2023-1513: Fixed with 6.1.13
CVE-2023-1583: Fixed with 6.1.22
CVE-2023-1611: Fixed with 6.1.23
@@ -136,4 +136,4 @@
CVE-2023-1989: Fixed with 6.1.22
CVE-2023-1990: Fixed with 6.1.21
CVE-2023-1998: Fixed with 6.1.16
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fixed with 6.1.27
diff --git a/data/6.2/6.2_CVEs.txt b/data/6.2/6.2_CVEs.txt
index a217c11..c5b6c70 100644
--- a/data/6.2/6.2_CVEs.txt
+++ b/data/6.2/6.2_CVEs.txt
@@ -89,7 +89,7 @@
CVE-2023-1193: Fix unknown
CVE-2023-1194: Fix unknown
CVE-2023-1281: Fixed with 6.2
-CVE-2023-1380: Fix unknown
+CVE-2023-1380: Fixed with 6.2.14
CVE-2023-1513: Fixed with 6.2
CVE-2023-1583: Fixed with 6.2.9
CVE-2023-1611: Fixed with 6.2.10
@@ -100,4 +100,4 @@
CVE-2023-1989: Fixed with 6.2.9
CVE-2023-1990: Fixed with 6.2.8
CVE-2023-1998: Fixed with 6.2.3
-CVE-2023-2002: Fix unknown
+CVE-2023-2002: Fixed with 6.2.14
diff --git a/data/CVEs.txt b/data/CVEs.txt
index f8b20e2..001fa58 100644
--- a/data/CVEs.txt
+++ b/data/CVEs.txt
@@ -1320,7 +1320,7 @@
CVE-2019-15793: Vendor Specific
CVE-2019-15794: 2f502839e85ab265f03f25f30d6463154aee5473 - 2896900e22f8212606a1837d89a6bbce314ceeda (v4.19-rc1 to v5.12)
CVE-2019-15807: 2908d778ab3e244900c310974e1fc1c69066e450 - 3b0541791453fbe7f42867e310e0c9eb6295364d (v2.6.19-rc1 to v5.2-rc3)
-CVE-2019-15902: (n/a) - (n/a) (unk to unk)
+CVE-2019-15902: local - (n/a) (unk to unk)
CVE-2019-15916: 1d24eb4815d1e0e8b451ecc546645f8ef1176d4f - 895a5e96dbd6386c8e78e5b78e067dcc67b7f0ab (v2.6.38-rc1 to v5.1-rc1)
CVE-2019-15917: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 56897b217a1d0a91c9920cb418d6b3fe922f590a (v2.6.12-rc2 to v5.1-rc1)
CVE-2019-15918: 9764c02fcbad40001fd3f63558d918e4d519bb75 - b57a55e2200ede754e4dc9cce4ba9402544b9365 (v4.14-rc2 to v5.1-rc6)
@@ -2316,7 +2316,7 @@
CVE-2023-1249: 2aa362c49c314a98fb9aebbd7760a461667bac05 - 390031c942116d4733310f0684beb8db19885fe6 (v3.7-rc1 to v5.18-rc1)
CVE-2023-1252: 2406a307ac7ddfd7effeeaff6947149ec6a95b4e - 9a254403760041528bc8f69fe2f5e1ef86950991 (v5.6-rc1 to v5.16-rc1)
CVE-2023-1281: 9b0d4446b56904b59ae3809913b0ac760fa941a6 - ee059170b1f7e94e55fa6cadee544e176a6e59c2 (v4.14-rc1 to v6.2)
-CVE-2023-1380: 5b435de0d786869c95d1962121af0d7df2542009 - (n/a) (v3.2-rc1 to unk)
+CVE-2023-1380: 5b435de0d786869c95d1962121af0d7df2542009 - 0da40e018fd034d87c9460123fa7f897b69fdee7 (v3.2-rc1 to unk)
CVE-2023-1382: c5fa7b3cf3cb22e4ac60485fc2dc187fe012910f - 0e5d56c64afcd6fd2d132ea972605b66f8a7d3c4 (v3.11-rc1 to v6.1-rc7)
CVE-2023-1390: af9b028e270fda6fb812d70d17d902297df1ceb5 - b77413446408fdd256599daf00d5be72b5f3e7c6 (v4.3-rc1 to v5.11-rc4)
CVE-2023-1513: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 2c10b61421a28e95a46ab489fd56c0f442ff6952 (v2.6.12-rc2 to v6.2)
@@ -2334,5 +2334,5 @@
CVE-2023-1989: ddbaf13e3609442b64abb931ac21527772d87980 - 1e9ac114c4428fdb7ff4635b45d4f46017e8916f (v2.6.24-rc1 to v6.3-rc4)
CVE-2023-1990: 35630df68d6030daf12dde12ed07bbe26324e6ac - 5000fe6c27827a61d8250a7e4a1d26c3298ef4f6 (v3.17-rc1 to v6.3-rc3)
CVE-2023-1998: 7c693f54c873691a4b7da05c7e0f74e67745d144 - 6921ed9049bc7457f66c1596c5b78aec0dae4a9d (v5.19-rc7 to v6.3-rc1)
-CVE-2023-2002: f81f5b2db8692ff1d2d5f4db1fde58e67aa976a3 - (n/a) (v4.9-rc1 to unk)
+CVE-2023-2002: f81f5b2db8692ff1d2d5f4db1fde58e67aa976a3 - 25c150ac103a4ebeed0319994c742a90634ddf18 (v4.9-rc1 to unk)
CVE-2023-2006: 245500d853e9f20036cec7df4f6984ece4c6bf26 - 3bcd6c7eaa53b56c3f584da46a1f7652e759d0e5 (v5.10-rc1 to v6.1-rc7)
diff --git a/data/kernel_cves.json b/data/kernel_cves.json
index fd53545..9b42417 100644
--- a/data/kernel_cves.json
+++ b/data/kernel_cves.json
@@ -72642,8 +72642,8 @@
"cwe": "Insecure Default Initialization of Resource",
"fixes": "2e7eab81425ad6c875f2ed47c0ce01e78afc38a5",
"last_affected_version": "6.1.13",
- "last_modified": "2023-02-27",
- "nvd_text": "A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a",
+ "last_modified": "2023-05-05",
+ "nvd_text": "A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\u00a0L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB\u00a0after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit\u00a02e7eab81425a\n",
"ref_urls": {
"Debian": "https://security-tracker.debian.org/tracker/CVE-2022-2196",
"ExploitDB": "https://www.exploit-db.com/search?cve=2022-2196",
@@ -79547,7 +79547,8 @@
"cmt_msg": "x86/bugs: Flush IBP in ib_prctl_set()",
"fixes": "a664ec9158eeddd75121d39c9a0758016097fa96",
"last_affected_version": "6.1.4",
- "last_modified": "2023-02-11",
+ "last_modified": "2023-05-05",
+ "nvd_text": "The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set \u00a0function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. \u00a0The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.\n\nWe recommend upgrading past commit\u00a0a664ec9158eeddd75121d39c9a0758016097fa96\n\n",
"ref_urls": {
"Debian": "https://security-tracker.debian.org/tracker/CVE-2023-0045",
"ExploitDB": "https://www.exploit-db.com/search?cve=2023-0045",
@@ -79721,8 +79722,8 @@
},
"fixes": "56b88b50565cd8b946a2d00b0c83927b7ebb055e",
"last_affected_version": "6.1.5",
- "last_modified": "2023-02-11",
- "nvd_text": "A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e",
+ "last_modified": "2023-05-05",
+ "nvd_text": "A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel.\u00a0SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit\u00a056b88b50565cd8b946a2d00b0c83927b7ebb055e\n",
"ref_urls": {
"Debian": "https://security-tracker.debian.org/tracker/CVE-2023-0266",
"ExploitDB": "https://www.exploit-db.com/search?cve=2023-0266",
@@ -79810,8 +79811,8 @@
},
"fixes": "2c02d41d71f90a5168391b6a5f2954112ba2307c",
"last_affected_version": "6.1.4",
- "last_modified": "2023-03-21",
- "nvd_text": "There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c",
+ "last_modified": "2023-05-05",
+ "nvd_text": "There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS\u00a0or CONFIG_XFRM_ESPINTCP\u00a0has to be configured, but the operation does not require any privilege.\n\nThere is a use-after-free bug of icsk_ulp_data\u00a0of a struct inet_connection_sock.\n\nWhen CONFIG_TLS\u00a0is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.\n\nThe setsockopt\u00a0TCP_ULP\u00a0operation does not require any privilege.\n\nWe recommend upgrading past commit\u00a02c02d41d71f90a5168391b6a5f2954112ba2307c",
"ref_urls": {
"Debian": "https://security-tracker.debian.org/tracker/CVE-2023-0461",
"ExploitDB": "https://www.exploit-db.com/search?cve=2023-0461",
@@ -80416,9 +80417,21 @@
"affected_versions": "v3.11-rc1 to v6.1-rc7",
"breaks": "c5fa7b3cf3cb22e4ac60485fc2dc187fe012910f",
"cmt_msg": "tipc: set con sock in tipc_conn_alloc",
+ "cvss3": {
+ "Attack Complexity": "High",
+ "Attack Vector": "Local",
+ "Availability": "High",
+ "Confidentiality": "None",
+ "Integrity": "None",
+ "Privileges Required": "Low",
+ "Scope": "Unchanged",
+ "User Interaction": "None",
+ "raw": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "score": 4.7
+ },
"fixes": "0e5d56c64afcd6fd2d132ea972605b66f8a7d3c4",
"last_affected_version": "6.0.10",
- "last_modified": "2023-04-25",
+ "last_modified": "2023-05-05",
"nvd_text": "A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel.",
"ref_urls": {
"Debian": "https://security-tracker.debian.org/tracker/CVE-2023-1382",
@@ -80855,9 +80868,21 @@
"affected_versions": "v5.19-rc7 to v6.3-rc1",
"breaks": "7c693f54c873691a4b7da05c7e0f74e67745d144",
"cmt_msg": "x86/speculation: Allow enabling STIBP with legacy IBRS",
+ "cvss3": {
+ "Attack Complexity": "High",
+ "Attack Vector": "Local",
+ "Availability": "None",
+ "Confidentiality": "High",
+ "Integrity": "None",
+ "Privileges Required": "Low",
+ "Scope": "Changed",
+ "User Interaction": "None",
+ "raw": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
+ "score": 5.6
+ },
"fixes": "6921ed9049bc7457f66c1596c5b78aec0dae4a9d",
"last_affected_version": "6.2.2",
- "last_modified": "2023-04-25",
+ "last_modified": "2023-05-05",
"nvd_text": "The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line.\n\nThis happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.\n\n\n",
"ref_urls": {
"Debian": "https://security-tracker.debian.org/tracker/CVE-2023-1998",
@@ -80986,8 +81011,20 @@
"CVE-2023-20941": {
"affected_versions": "unk to unk",
"breaks": "",
+ "cvss3": {
+ "Attack Complexity": "Low",
+ "Attack Vector": "Physical",
+ "Availability": "High",
+ "Confidentiality": "High",
+ "Integrity": "High",
+ "Privileges Required": "None",
+ "Scope": "Unchanged",
+ "User Interaction": "Required",
+ "raw": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "score": 6.6
+ },
"fixes": "",
- "last_modified": "2023-04-25",
+ "last_modified": "2023-05-05",
"nvd_text": "In acc_ctrlrequest_composite of f_accessory.c, there is a possible out of bounds write due to a missing bounds check. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-264029575References: Upstream kernel",
"ref_urls": {
"Debian": "https://security-tracker.debian.org/tracker/CVE-2023-20941",
@@ -81690,9 +81727,21 @@
"affected_versions": "v5.3-rc1 to v6.1",
"breaks": "cae9910e73446cac68a54e3a7b02aaa12b689026",
"cmt_msg": "af_unix: Get user_ns from in_skb in unix_diag_get_exact().",
+ "cvss3": {
+ "Attack Complexity": "Low",
+ "Attack Vector": "Local",
+ "Availability": "High",
+ "Confidentiality": "None",
+ "Integrity": "None",
+ "Privileges Required": "Low",
+ "Scope": "Unchanged",
+ "User Interaction": "None",
+ "raw": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "score": 5.5
+ },
"fixes": "b3abe42e94900bdd045c472f9c9be620ba5ce553",
"last_affected_version": "6.0",
- "last_modified": "2023-04-25",
+ "last_modified": "2023-05-05",
"nvd_text": "A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service.",
"ref_urls": {
"Debian": "https://security-tracker.debian.org/tracker/CVE-2023-28327",
@@ -81707,9 +81756,21 @@
"affected_versions": "v2.6.34-rc1 to v6.2-rc1",
"breaks": "76f9a820c8672ada12ffa0903652c9e6f2429462",
"cmt_msg": "media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()",
+ "cvss3": {
+ "Attack Complexity": "Low",
+ "Attack Vector": "Local",
+ "Availability": "High",
+ "Confidentiality": "None",
+ "Integrity": "None",
+ "Privileges Required": "Low",
+ "Scope": "Unchanged",
+ "User Interaction": "None",
+ "raw": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "score": 5.5
+ },
"fixes": "0ed554fd769a19ea8464bb83e9ac201002ef74ad",
"last_affected_version": "6.1.1",
- "last_modified": "2023-04-25",
+ "last_modified": "2023-05-05",
"nvd_text": "A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.",
"ref_urls": {
"Debian": "https://security-tracker.debian.org/tracker/CVE-2023-28328",
@@ -81868,9 +81929,21 @@
"affected_versions": "unk to v6.3-rc4",
"breaks": "",
"cmt_msg": "power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition",
+ "cvss3": {
+ "Attack Complexity": "High",
+ "Attack Vector": "Physical",
+ "Availability": "High",
+ "Confidentiality": "High",
+ "Integrity": "High",
+ "Privileges Required": "None",
+ "Scope": "Unchanged",
+ "User Interaction": "None",
+ "raw": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "score": 6.4
+ },
"fixes": "06615d11cc78162dfd5116efb71f29eb29502d37",
"last_affected_version": "6.2.8",
- "last_modified": "2023-04-16",
+ "last_modified": "2023-05-05",
"nvd_text": "The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.",
"ref_urls": {
"Debian": "https://security-tracker.debian.org/tracker/CVE-2023-30772",
