diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2022-02-25 02:54:22 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2022-02-25 02:58:48 +0100 |
commit | 322eaf84fa0d24cdfa4acc99ff4a8d5635ab0654 (patch) | |
tree | 84cf09416b8cf27d0c1ac938e5332bc049c04d28 | |
parent | 4f1997da8949bfe55fdc4820e7def805bf3d4be8 (diff) |
Fill in status for most issues
34 files changed, 294 insertions, 214 deletions
diff --git a/active/CVE-2018-25020 b/active/CVE-2018-25020 index 8606af57..7d148582 100644 --- a/active/CVE-2018-25020 +++ b/active/CVE-2018-25020 @@ -1,12 +1,16 @@ Description: bpf: fix truncated jump targets on heavy expansions References: Notes: + bwh> I'm not sure whether BPF in 4.9 can expand BPF programs enough + bwh> to trigger this bug, but I'd rather enforce that at run-time + bwh> than carry out an analyse which might be invalidated by later + bwh> changes. Therefore marking this as needed. Bugs: upstream: released (4.17-rc7) [050fad7c4534c13c8eb1d9c2ba66012e014773cb] 5.10-upstream-stable: N/A "Fixed before branching point" 4.19-upstream-stable: N/A "Fixed before branching point" -4.9-upstream-stable: +4.9-upstream-stable: needed sid: released (4.17.3-1) 5.10-bullseye-security: N/A "Fixed before branching point" 4.19-buster-security: N/A "Fixed before branching point" -4.9-stretch-security: +4.9-stretch-security: needed diff --git a/active/CVE-2019-19449 b/active/CVE-2019-19449 index 996f1d0e..8185c20c 100644 --- a/active/CVE-2019-19449 +++ b/active/CVE-2019-19449 @@ -1,15 +1,19 @@ -Description: +Description: f2fs: Heap out-of-bounds read in init_min_max_mtime() References: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19449 Notes: + bwh> The loop in init_min_max_mtime() has not changed between + bwh> 4.9 and 5.17-rc4, and there don't appear to be any checks + bwh> that main_segments is exactly divisible by segs_per_sec, + bwh> so all branches are affected. Bugs: -upstream: -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: +upstream: needed +5.10-upstream-stable: needed +4.19-upstream-stable: needed +4.9-upstream-stable: needed 3.16-upstream-stable: ignored "EOL" -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +sid: needed +5.10-bullseye-security: needed +4.19-buster-security: needed +4.9-stretch-security: ignored "f2fs is not supportable" 3.16-jessie-security: ignored "EOL" diff --git a/active/CVE-2019-19814 b/active/CVE-2019-19814 index c7209ed8..f57184d6 100644 --- a/active/CVE-2019-19814 +++ b/active/CVE-2019-19814 @@ -1,15 +1,17 @@ -Description: +Description: f2fs: Heap out-of-bounds write in __remove_dirty_segment() References: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814 Notes: + bwh> __remove_dirty_segment() needs to range-check the variable t + bwh> in the same way __locate_dirty_segment() does. Bugs: -upstream: -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: +upstream: needed +5.10-upstream-stable: needed +4.19-upstream-stable: needed +4.9-upstream-stable: needed 3.16-upstream-stable: ignored "EOL" -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +sid: needed +5.10-bullseye-security: needed +4.19-buster-security: needed +4.9-stretch-security: ignored "f2fs is not supportable" 3.16-jessie-security: ignored "EOL" diff --git a/active/CVE-2019-20794 b/active/CVE-2019-20794 index 738843d4..fb831444 100644 --- a/active/CVE-2019-20794 +++ b/active/CVE-2019-20794 @@ -1,17 +1,20 @@ -Description: +Description: fuse: FUSE daemon can make itself unkillable with request loops References: https://github.com/sargun/fuse-example https://sourceforge.net/p/fuse/mailman/message/36598753/ https://lore.kernel.org/lkml/1e796f9e008fb78fb96358ff74f39bd4865a7c88.1604926010.git.gladkov.alexey@gmail.com/ Notes: + bwh> The proposed fix notes that the daemon can be killed off through + bwh> the fusectl filesystem, but the kill command or service shutdown + bwh> won't work. Bugs: -upstream: -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: +upstream: needed +5.10-upstream-stable: needed +4.19-upstream-stable: needed +4.9-upstream-stable: needed 3.16-upstream-stable: ignored "EOL" -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +sid: needed +5.10-bullseye-security: needed +4.19-buster-security: needed +4.9-stretch-security: needed 3.16-jessie-security: ignored "EOL" diff --git a/active/CVE-2020-12362 b/active/CVE-2020-12362 index 10202ab2..5d184e3f 100644 --- a/active/CVE-2020-12362 +++ b/active/CVE-2020-12362 @@ -1,4 +1,4 @@ -Description: +Description: i915: Integer overflow in GuC firmware leading to priv-esc References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html Notes: @@ -9,12 +9,14 @@ Notes: carnil> firmware is required. The new firmware requires a kernel patch carnil> https://git.kernel.org/linus/c784e5249e773689e38d2bc1749f08b986621a26 carnil> So might not be treaded as Linux issue itself. + bwh> Let's treat it as both firmware and kernel, similar to CPU issues + bwh> that need both microcode and kernel changes. Bugs: -upstream: -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +upstream: released (5.11-rc1) [c784e5249e773689e38d2bc1749f08b986621a26] +5.10-upstream-stable: needed +4.19-upstream-stable: needed +4.9-upstream-stable: needed +sid: released (5.14.6-1) +5.10-bullseye-security: needed +4.19-buster-security: needed +4.9-stretch-security: needed diff --git a/active/CVE-2020-12363 b/active/CVE-2020-12363 index 10202ab2..218831be 100644 --- a/active/CVE-2020-12363 +++ b/active/CVE-2020-12363 @@ -1,4 +1,4 @@ -Description: +Description: i915: Bad input validation in GuC firmware leading to DoS References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html Notes: @@ -9,12 +9,14 @@ Notes: carnil> firmware is required. The new firmware requires a kernel patch carnil> https://git.kernel.org/linus/c784e5249e773689e38d2bc1749f08b986621a26 carnil> So might not be treaded as Linux issue itself. + bwh> Let's treat it as both firmware and kernel, similar to CPU issues + bwh> that need both microcode and kernel changes. Bugs: -upstream: -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +upstream: released (5.11-rc1) [c784e5249e773689e38d2bc1749f08b986621a26] +5.10-upstream-stable: needed +4.19-upstream-stable: needed +4.9-upstream-stable: needed +sid: released (5.14.6-1) +5.10-bullseye-security: needed +4.19-buster-security: needed +4.9-stretch-security: needed diff --git a/active/CVE-2020-12364 b/active/CVE-2020-12364 index 10202ab2..bc2ba343 100644 --- a/active/CVE-2020-12364 +++ b/active/CVE-2020-12364 @@ -1,4 +1,4 @@ -Description: +Description: i915: Null pointer deref in GuC firmware leading to DoS References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html Notes: @@ -9,12 +9,14 @@ Notes: carnil> firmware is required. The new firmware requires a kernel patch carnil> https://git.kernel.org/linus/c784e5249e773689e38d2bc1749f08b986621a26 carnil> So might not be treaded as Linux issue itself. + bwh> Let's treat it as both firmware and kernel, similar to CPU issues + bwh> that need both microcode and kernel changes. Bugs: -upstream: -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +upstream: released (5.11-rc1) [c784e5249e773689e38d2bc1749f08b986621a26] +5.10-upstream-stable: needed +4.19-upstream-stable: needed +4.9-upstream-stable: needed +sid: released (5.14.6-1) +5.10-bullseye-security: needed +4.19-buster-security: needed +4.9-stretch-security: needed diff --git a/active/CVE-2020-15802 b/active/CVE-2020-15802 index 79f8d99f..f4a831ea 100644 --- a/active/CVE-2020-15802 +++ b/active/CVE-2020-15802 @@ -6,12 +6,14 @@ References: https://www.kb.cert.org/vuls/id/589825/ https://bugzilla.suse.com/show_bug.cgi?id=1176442 Notes: + bwh> Introduced in 3.19 as noted in + bwh> http://www.bluez.org/bluetooth-4-2-features-going-to-the-3-19-kernel-release/ Bugs: -upstream: -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +upstream: needed +5.10-upstream-stable: needed +4.19-upstream-stable: needed +4.9-upstream-stable: needed +sid: needed +5.10-bullseye-security: needed +4.19-buster-security: needed +4.9-stretch-security: needed diff --git a/active/CVE-2020-26140 b/active/CVE-2020-26140 index db146255..2b6072fa 100644 --- a/active/CVE-2020-26140 +++ b/active/CVE-2020-26140 @@ -5,6 +5,11 @@ References: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/ Notes: carnil> Needs to be checked if this really has a fix in Linux. + bwh> I don't think this bug was present in mac80211, but individual + bwh> drivers or firmware might be affected. The same issue was found + bwh> earlier in some vendor drivers which were assigned + bwh> CVE-2019-18989, CVE-2019-18990, and CVE-2019-18991: + bwh> https://www.synopsys.com/blogs/software-security/cyrc-advisory-sept2020/ Bugs: upstream: 5.10-upstream-stable: diff --git a/active/CVE-2020-26142 b/active/CVE-2020-26142 index ab163436..93791d14 100644 --- a/active/CVE-2020-26142 +++ b/active/CVE-2020-26142 @@ -5,6 +5,8 @@ References: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/ Notes: carnil> Needs to be checked if this really has a fix in Linux. + bwh> I don't think this bug was present in mac80211, but individual + bwh> drivers or firmware might be affected. Bugs: upstream: 5.10-upstream-stable: diff --git a/active/CVE-2020-26143 b/active/CVE-2020-26143 index 7ab980e2..cc4f34e5 100644 --- a/active/CVE-2020-26143 +++ b/active/CVE-2020-26143 @@ -5,6 +5,8 @@ References: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/ Notes: carnil> Needs to be checked if this really has a fix in Linux. + bwh> I don't think this bug was present in mac80211, but individual + bwh> drivers or firmware might be affected. Bugs: upstream: 5.10-upstream-stable: diff --git a/active/CVE-2020-26555 b/active/CVE-2020-26555 index 5b14e35a..a1f793bc 100644 --- a/active/CVE-2020-26555 +++ b/active/CVE-2020-26555 @@ -3,7 +3,16 @@ References: https://kb.cert.org/vuls/id/799380 https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/impersonation-pin-pairing/ https://bugzilla.redhat.com/show_bug.cgi?id=1918601 + https://bodhi.fedoraproject.org/updates/FEDORA-2021-a35b44fd9f + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html Notes: + bwh> Fedora claims this was fixed along with CVE-2020-26558 in + bwh> 5.12.7, which implies the upstream fix is commit 6d19628f539f + bwh> "Bluetooth: SMP: Fail if remote and local public keys are + bwh> identical". But it's not clear to me that that commit + bwh> addresses this issue too. + bwh> Intel claims to have addressed this for their Bluetooth + bwh> adapters in a firmware update. Bugs: upstream: 5.10-upstream-stable: diff --git a/active/CVE-2020-26556 b/active/CVE-2020-26556 index ed76999e..60be7fc6 100644 --- a/active/CVE-2020-26556 +++ b/active/CVE-2020-26556 @@ -4,12 +4,14 @@ References: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/malleable/ https://bugzilla.redhat.com/show_bug.cgi?id=1960012 Notes: + bwh> Mesh provisioning seems to be handled in user-space. + bwh> This was addressed in bluez 5.50-1.1. Bugs: -upstream: -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +upstream: N/A "Not implemented in kernel" +5.10-upstream-stable: N/A "Not implemented in kernel" +4.19-upstream-stable: N/A "Not implemented in kernel" +4.9-upstream-stable: N/A "Not implemented in kernel" +sid: N/A "Not implemented in kernel" +5.10-bullseye-security: N/A "Not implemented in kernel" +4.19-buster-security: N/A "Not implemented in kernel" +4.9-stretch-security: N/A "Not implemented in kernel" diff --git a/active/CVE-2020-26557 b/active/CVE-2020-26557 index 25a55842..4a86b8c4 100644 --- a/active/CVE-2020-26557 +++ b/active/CVE-2020-26557 @@ -4,12 +4,13 @@ References: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/predicatable-authvalue/ https://bugzilla.redhat.com/show_bug.cgi?id=1960009 Notes: + bwh> Mesh provisioning seems to be handled in user-space. Bugs: -upstream: -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +upstream: N/A "Not implemented in kernel" +5.10-upstream-stable: N/A "Not implemented in kernel" +4.19-upstream-stable: N/A "Not implemented in kernel" +4.9-upstream-stable: N/A "Not implemented in kernel" +sid: N/A "Not implemented in kernel" +5.10-bullseye-security: N/A "Not implemented in kernel" +4.19-buster-security: N/A "Not implemented in kernel" +4.9-stretch-security: N/A "Not implemented in kernel" diff --git a/active/CVE-2020-26559 b/active/CVE-2020-26559 index 4fea3011..3112e2b1 100644 --- a/active/CVE-2020-26559 +++ b/active/CVE-2020-26559 @@ -4,12 +4,13 @@ References: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/authvalue-leak/ https://bugzilla.redhat.com/show_bug.cgi?id=1960011 Notes: + bwh> Mesh provisioning seems to be handled in user-space. Bugs: -upstream: -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +upstream: N/A "Not implemented in kernel" +5.10-upstream-stable: N/A "Not implemented in kernel" +4.19-upstream-stable: N/A "Not implemented in kernel" +4.9-upstream-stable: N/A "Not implemented in kernel" +sid: N/A "Not implemented in kernel" +5.10-bullseye-security: N/A "Not implemented in kernel" +4.19-buster-security: N/A "Not implemented in kernel" +4.9-stretch-security: N/A "Not implemented in kernel" diff --git a/active/CVE-2020-26560 b/active/CVE-2020-26560 index 3785e0fb..be0abd40 100644 --- a/active/CVE-2020-26560 +++ b/active/CVE-2020-26560 @@ -4,12 +4,13 @@ References: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/impersonation-mesh/ https://bugzilla.redhat.com/show_bug.cgi?id=1959994 Notes: + bwh> Mesh provisioning seems to be handled in user-space. Bugs: -upstream: -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +upstream: N/A "Not implemented in kernel" +5.10-upstream-stable: N/A "Not implemented in kernel" +4.19-upstream-stable: N/A "Not implemented in kernel" +4.9-upstream-stable: N/A "Not implemented in kernel" +sid: N/A "Not implemented in kernel" +5.10-bullseye-security: N/A "Not implemented in kernel" +4.19-buster-security: N/A "Not implemented in kernel" +4.9-stretch-security: N/A "Not implemented in kernel" diff --git a/active/CVE-2020-27820 b/active/CVE-2020-27820 index 5d327702..23846614 100644 --- a/active/CVE-2020-27820 +++ b/active/CVE-2020-27820 @@ -5,15 +5,13 @@ References: https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline@redhat.com/ https://bugzilla.redhat.com/show_bug.cgi?id=1901726 Notes: - bwh> I don't see how this is a security issue, though it seems like a - bwh> worthwhile fix anyway. carnil> Fixed as well in 5.15.5 for the 5.15.y series. Bugs: upstream: released (5.16-rc1) [aff2299e0d81b26304ccc6a1ec0170e437f38efc, abae9164a421bc4a41a3769f01ebcd1f9d955e0e, f55aaf63bde0d0336c3823bb3713bd4a464abbcf] 5.10-upstream-stable: released (5.10.82) [c81c90fbf5775ed1b907230eaaa766fa0e1b7cfa, 9221aff33edb627ea52a51379862f46e63e7c0c9, 82de15ca6b5574fc0e2f54daa1de00b5b2dcf32f] -4.19-upstream-stable: -4.9-upstream-stable: +4.19-upstream-stable: needed +4.9-upstream-stable: needed sid: released (5.15.5-1) 5.10-bullseye-security: released (5.10.84-1) -4.19-buster-security: -4.9-stretch-security: +4.19-buster-security: needed +4.9-stretch-security: needed diff --git a/active/CVE-2021-3847 b/active/CVE-2021-3847 index efa4f591..067b8164 100644 --- a/active/CVE-2021-3847 +++ b/active/CVE-2021-3847 @@ -1,14 +1,18 @@ -Description: low-privileged user privileges escalation +Description: ovl: Copy-up from nosuid lower to suid upper could allow priv-esc References: https://bugzilla.redhat.com/show_bug.cgi?id=2009704 https://www.openwall.com/lists/oss-security/2021/10/14/3 Notes: + bwh> Only likely to be exploitable after commit 459c7c565ac3 + bwh> "ovl: unprivieged mounts" in 5.11-rc1, or if the + bwh> Debian-specific module parameter permit_mounts_in_userns + bwh> is enabled. Bugs: -upstream: -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +upstream: needed +5.10-upstream-stable: needed +4.19-upstream-stable: needed +4.9-upstream-stable: needed +sid: needed +5.10-bullseye-security: needed +4.19-buster-security: needed +4.9-stretch-security: needed diff --git a/active/CVE-2021-3864 b/active/CVE-2021-3864 index f8e672c7..76122102 100644 --- a/active/CVE-2021-3864 +++ b/active/CVE-2021-3864 @@ -1,4 +1,4 @@ -Description: descendant's dumpable setting with certain SUID binaries +Description: setuid program that exec's can coredump in dir not writable by caller; priv-esc possible References: https://www.openwall.com/lists/oss-security/2021/10/20/2 https://bugzilla.redhat.com/show_bug.cgi?id=2015046 @@ -6,12 +6,22 @@ References: https://lore.kernel.org/lkml/20211228170910.623156-1-wander@redhat.com https://lore.kernel.org/all/20211226150310.GA992@1wt.eu/ Notes: + bwh> The PoC exploits logrotate's lax parsing of configuration files + bwh> to inject commands via the coredump, but I think generally we + bwh> should assume that bypassing write-protection in any way can + bwh> lead to privilege escalation. + bwh> sudo is an important part of the PoC and should disable core- + bwh> dumps by default. + bwh> It's less clear what should be done in the kernel; possibly + bwh> some resource limits should be reset on exec of a setuid + bwh> program - see + bwh> https://lore.kernel.org/linux-api/87fso91n0v.fsf_-_@email.froward.int.ebiederm.org/ Bugs: -upstream: -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +upstream: needed +5.10-upstream-stable: needed +4.19-upstream-stable: needed +4.9-upstream-stable: needed +sid: needed +5.10-bullseye-security: needed +4.19-buster-security: needed +4.9-stretch-security: needed diff --git a/active/CVE-2021-39636 b/active/CVE-2021-39636 index e976d62b..ae6e76ac 100644 --- a/active/CVE-2021-39636 +++ b/active/CVE-2021-39636 @@ -1,4 +1,4 @@ -Description: +Description: netfilter: Kernel info leaks from various modules References: https://source.android.com/security/bulletin/pixel/2021-12-01 Notes: @@ -6,12 +6,14 @@ Notes: carnil> pixel/2021-12-01 are spread over two versions. But it's not carnil> very clear to what CVE-2021-39636 is referring to, assuming it carnil> is for the pointer leak to userspace? + bwh> Pretty sure this is about leaking pointers. The last 2 commits + bwh> are fixing that and the first 3 are dependencies for the fix. Bugs: upstream: released (4.11-rc1) [f32815d21d4d8287336fb9cef4d2d9e0866214c2, f77bc5b23fb1af51fc0faa8a479dea8969eb5079, e47ddb2c4691fd2bd8d25745ecb6848408899757, ec23189049651b16dc2ffab35a4371dc1f491aca], released (4.16-rc1) [1e98ffea5a8935ec040ab72299e349cb44b8defd] -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: +5.10-upstream-stable: N/A "Fixed before branch point" +4.19-upstream-stable: N/A "Fixed before branch point" +4.9-upstream-stable: needed sid: released (4.16.5-1) -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +5.10-bullseye-security: N/A "Fixed before branch point" +4.19-buster-security: N/A "Fixed before branch point" +4.9-stretch-security: needed diff --git a/active/CVE-2021-4095 b/active/CVE-2021-4095 index 451cdf0b..84309d99 100644 --- a/active/CVE-2021-4095 +++ b/active/CVE-2021-4095 @@ -6,12 +6,14 @@ References: https://www.openwall.com/lists/oss-security/2021/12/14/2 https://www.openwall.com/lists/oss-security/2022/01/17/1 Notes: + bwh> Introduced in 5.12 by commit 629b5348841a "KVM: x86/xen: update + bwh> wallclock region". Bugs: upstream: released (5.17-rc1) [55749769fe608fa3f4a075e42e89d237c8e37637] -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +5.10-upstream-stable: N/A "Vulnerability introduced later" +4.19-upstream-stable: N/A "Vulnerability introduced later" +4.9-upstream-stable: N/A "Vulnerability introduced later" +sid: needed +5.10-bullseye-security: N/A "Vulnerability introduced later" +4.19-buster-security: N/A "Vulnerability introduced later" +4.9-stretch-security: N/A "Vulnerability introduced later" diff --git a/active/CVE-2021-4148 b/active/CVE-2021-4148 index 6c32f438..90eddbb5 100644 --- a/active/CVE-2021-4148 +++ b/active/CVE-2021-4148 @@ -1,4 +1,4 @@ -Description: Improper implementation of block_invalidatepage() allows users to crash the kernel +Description: mm: Opening THP-backed special file for write causes crash in block_invalidatepage() References: https://bugzilla.redhat.com/show_bug.cgi?id=2026487 https://lkml.org/lkml/2021/9/17/1037 @@ -6,12 +6,14 @@ References: https://lore.kernel.org/linux-mm/a07564a3-b2fc-9ffe-3ace-3f276075ea5c@google.com/ https://lore.kernel.org/lkml/CACkBjsYwLYLRmX8GpsDpMthagWOjWWrNxqY6ZLNQVr6yx+f5vA@mail.gmail.com/ Notes: + bwh> Introduced in 5.4 by commit 99cb0dbd47a1 "mm,thp: add read-only THP + bwh> support for (non-shmem) FS". Bugs: -upstream: -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +upstream: released (5.15) [a4aeaa06d45e90f9b279f0b09de84bd00006e733] +5.10-upstream-stable: released (5.10.78) [6d67b2a73b8e3a079c355bab3c1aef7d85a044b8] +4.19-upstream-stable: N/A "Vulnerable code not present" +4.9-upstream-stable: N/A "Vulnerable code not present" +sid: released (5.14.16-1) +5.10-bullseye-security: released (5.10.84-1) +4.19-buster-security: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-4149 b/active/CVE-2021-4149 index 98ca7838..17d65b32 100644 --- a/active/CVE-2021-4149 +++ b/active/CVE-2021-4149 @@ -4,12 +4,14 @@ References: https://lkml.org/lkml/2021/10/18/885 https://lkml.org/lkml/2021/9/13/2565 Notes: + bwh> Commit message says the fix is applicable to 5.4 onward, + bwh> but earlier versions seem to have the same bug. Bugs: upstream: released (5.15-rc6) [19ea40dddf1833db868533958ca066f368862211] 5.10-upstream-stable: released (5.10.75) [206868a5b6c14adc4098dd3210a2f7510d97a670] -4.19-upstream-stable: -4.9-upstream-stable: +4.19-upstream-stable: needed +4.9-upstream-stable: needed sid: released (5.14.16-1) 5.10-bullseye-security: released (5.10.84-1) -4.19-buster-security: -4.9-stretch-security: +4.19-buster-security: needed +4.9-stretch-security: needed diff --git a/active/CVE-2021-4150 b/active/CVE-2021-4150 index f5f2fde7..588d6073 100644 --- a/active/CVE-2021-4150 +++ b/active/CVE-2021-4150 @@ -4,12 +4,14 @@ References: https://lkml.org/lkml/2021/9/6/781 https://lkml.org/lkml/2021/10/18/485 Notes: + bwh> Introduced in 5.15-rc1 by commit 9d3b8813895d "block: change the + bwh> refcounting for partitions", so never appeared in a stable release. Bugs: upstream: released (5.15-rc7) [9fbfabfda25d8774c5a08634fdd2da000a924890] -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: -sid: released (5.15.3-1) -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +5.10-upstream-stable: N/A "Vulnerability introduced later" +4.19-upstream-stable: N/A "Vulnerability introduced later" +4.9-upstream-stable: N/A "Vulnerability introduced later" +sid: N/A "Vulnerability introduced and fixed in experimental" +5.10-bullseye-security: N/A "Vulnerability introduced later" +4.19-buster-security: N/A "Vulnerability introduced later" +4.9-stretch-security: N/A "Vulnerability introduced later" diff --git a/active/CVE-2021-4197 b/active/CVE-2021-4197 index a81231ca..29382ce7 100644 --- a/active/CVE-2021-4197 +++ b/active/CVE-2021-4197 @@ -4,12 +4,13 @@ References: https://bugzilla.redhat.com/show_bug.cgi?id=2035652 Notes: carnil> Fixed as well in 5.15.14 for 5.15.y. + bwh> At least the first commit is applicable to all branches. Bugs: upstream: released (5.16) [1756d7994ad85c2479af6ae5a9750b92324685af, 0d2b5955b36250a9428c832664f2079cbf723bec, e57457641613fef0d147ede8bd6a3047df588b95] -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: +5.10-upstream-stable: needed +4.19-upstream-stable: needed +4.9-upstream-stable: needed sid: released (5.15.15-1) -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +5.10-bullseye-security: needed +4.19-buster-security: needed +4.9-stretch-security: needed diff --git a/active/CVE-2021-4218 b/active/CVE-2021-4218 index 0cc62196..12445f6a 100644 --- a/active/CVE-2021-4218 +++ b/active/CVE-2021-4218 @@ -1,14 +1,17 @@ -Description: sysctl: pass kernel pointers to ->proc_handler +Description: xprtrdma: Wrong copy function used in sysctl handler References: https://bugzilla.redhat.com/show_bug.cgi?id=2048359 https://bugs.centos.org/view.php?id=18395 Notes: + bwh> This issue is specific to CentOS/RHEL. In mainline, + bwh> xprtrdma always used copy_to_user() until the general + bwh> conversion of sysctls to use a kernel buffer. Bugs: -upstream: released (5.8-rc1) [32927393dc1ccd60fb2bdc05b9e8e88753761469] -5.10-upstream-stable: N/A "Fixed before branching point" -4.19-upstream-stable: -4.9-upstream-stable: -sid: released (5.8.7-1) -5.10-bullseye-security: N/A "Fixed before branching point" -4.19-buster-security: -4.9-stretch-security: +upstream: N/A "Vulnerability never present" +5.10-upstream-stable: N/A "Vulnerability never present" +4.19-upstream-stable: N/A "Vulnerability never present" +4.9-upstream-stable: N/A "Vulnerability never present" +sid: N/A "Vulnerability never present" +5.10-bullseye-security: N/A "Vulnerability never present" +4.19-buster-security: N/A "Vulnerability never present" +4.9-stretch-security: N/A "Vulnerability never present" diff --git a/active/CVE-2021-44879 b/active/CVE-2021-44879 index 87909954..6a035183 100644 --- a/active/CVE-2021-44879 +++ b/active/CVE-2021-44879 @@ -4,12 +4,13 @@ References: https://bugzilla.kernel.org/show_bug.cgi?id=215231 https://lore.kernel.org/linux-f2fs-devel/20211206144421.3735-3-chao@kernel.org/T/ Notes: + bwh> The bug seems to exist in all our stable branches. Bugs: upstream: released (5.17-rc1) [9056d6489f5a41cfbb67f719d2c0ce61ead72d9f] -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: +5.10-upstream-stable: needed +4.19-upstream-stable: needed +4.9-upstream-stable: needed sid: released (5.16.7-1) -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +5.10-bullseye-security: needed +4.19-buster-security: needed +4.9-stretch-security: ignored "f2fs is not supportable" diff --git a/active/CVE-2021-45469 b/active/CVE-2021-45469 index 53c293bc..1d21b0a3 100644 --- a/active/CVE-2021-45469 +++ b/active/CVE-2021-45469 @@ -4,12 +4,13 @@ References: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev&id=5598b24efaf4892741c798b425d543e4bed357a1 Notes: carnil> for 5.15.y fixed as well in 5.15.12. + bwh> This is due to an incomplete fix for CVE-2019-9453. Bugs: upstream: released (5.17-rc1) [645a3c40ca3d40cc32b4b5972bf2620f2eb5dba6] 5.10-upstream-stable: released (5.10.89) [fffb6581a23add416239dfcf7e7f3980c6b913da] 4.19-upstream-stable: released (4.19.223) [f9dfa44be0fb5e8426183a70f69a246cf5827f49] -4.9-upstream-stable: +4.9-upstream-stable: needed sid: released (5.15.15-1) 5.10-bullseye-security: released (5.10.92-1) 4.19-buster-security: needed -4.9-stretch-security: +4.9-stretch-security: ignored "f2fs is not supportable" diff --git a/active/CVE-2022-0382 b/active/CVE-2022-0382 index 60039db5..102b3dc4 100644 --- a/active/CVE-2022-0382 +++ b/active/CVE-2022-0382 @@ -2,12 +2,14 @@ Description: net ticp:fix a kernel-infoleak in __tipc_sendmsg() References: https://bugzilla.redhat.com/show_bug.cgi?id=2046440 Notes: + bwh> Introduced in 5.13-rc1 by commit 908148bc5046 + bwh> "tipc: refactor tipc_sendmsg() and tipc_lookup_anycast()". Bugs: upstream: released (5.16) [d6d86830705f173fca6087a3e67ceaf68db80523] -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: +5.10-upstream-stable: N/A "Vulnerability introduced later" +4.19-upstream-stable: N/A "Vulnerability introduced later" +4.9-upstream-stable: N/A "Vulnerability introduced later" sid: released (5.15.15-1) -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +5.10-bullseye-security: N/A "Vulnerability introduced later" +4.19-buster-security: N/A "Vulnerability introduced later" +4.9-stretch-security: N/A "Vulnerability introduced later" diff --git a/active/CVE-2022-0480 b/active/CVE-2022-0480 index 17624bcb..1a5cebfb 100644 --- a/active/CVE-2022-0480 +++ b/active/CVE-2022-0480 @@ -6,10 +6,10 @@ References: Notes: Bugs: upstream: released (5.15-rc1) [0f12156dff2862ac54235fc72703f18770769042] -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: +5.10-upstream-stable: ignored "Minor issue" +4.19-upstream-stable: ignored "Minor issue" +4.9-upstream-stable: ignored "Minor issue" sid: released (5.15.3-1) -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +5.10-bullseye-security: ignored "Minor issue" +4.19-buster-security: ignored "Minor issue" +4.9-stretch-security: ignored "Minor issue" diff --git a/active/CVE-2022-0646 b/active/CVE-2022-0646 index 476e32a1..fa793b06 100644 --- a/active/CVE-2022-0646 +++ b/active/CVE-2022-0646 @@ -3,12 +3,13 @@ References: https://bugzilla.redhat.com/show_bug.cgi?id=2055206 https://lore.kernel.org/all/20220211011552.1861886-1-jk@codeconstruct.com.au/T/ Notes: + bwh> This driver was only added in 5.17-rc1! Bugs: upstream: released (5.17-rc5) [6c342ce2239c182c2428ce5a44cb32330434ae6e] -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +5.10-upstream-stable: N/A "Vulnerable code not present" +4.19-upstream-stable: N/A "Vulnerable code not present" +4.9-upstream-stable: N/A "Vulnerable code not present" +sid: N/A "Vulnerable code not present" +5.10-bullseye-security: N/A "Vulnerable code not present" +4.19-buster-security: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2022-24958 b/active/CVE-2022-24958 index 574d3a72..e237bb78 100644 --- a/active/CVE-2022-24958 +++ b/active/CVE-2022-24958 @@ -3,10 +3,10 @@ References: Notes: Bugs: upstream: released (5.17-rc1) [89f3594d0de58e8a57d92d497dea9fee3d4b9cda, 501e38a5531efbd77d5c73c0ba838a889bfc1d74] -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +5.10-upstream-stable: needed +4.19-upstream-stable: needed +4.9-upstream-stable: needed +sid: needed +5.10-bullseye-security: needed +4.19-buster-security: needed +4.9-stretch-security: needed diff --git a/active/CVE-2022-24959 b/active/CVE-2022-24959 index 927b2230..419487e3 100644 --- a/active/CVE-2022-24959 +++ b/active/CVE-2022-24959 @@ -1,12 +1,15 @@ Description: yam: fix a memory leak in yam_siocdevprivate() References: Notes: + bwh> Introduced in 4.19 by commit 0781168e23a2 "yam: fix a missing- + bwh> check bug". (That didn't actually fix any bug because the + bwh> driver never looks at the second copy of the cmd field.) Bugs: upstream: released (5.17-rc2) [29eb31542787e1019208a2e1047bb7c76c069536] 5.10-upstream-stable: released (5.10.96) [729e54636b3ebefb77796702a5b1f1ed5586895e] 4.19-upstream-stable: released (4.19.228) [4bd197ce18329e3725fe3af5bd27daa4256d3ac7] -4.9-upstream-stable: +4.9-upstream-stable: N/A "Vulnerability introduced later" sid: released (5.16.7-1) 5.10-bullseye-security: needed 4.19-buster-security: needed -4.9-stretch-security: +4.9-stretch-security: N/A "Vulnerability introduced later" diff --git a/active/CVE-2022-25265 b/active/CVE-2022-25265 index 0fbb5ae2..8e6b64d2 100644 --- a/active/CVE-2022-25265 +++ b/active/CVE-2022-25265 @@ -1,14 +1,16 @@ -Description: +Description: x86: Old ELF binaries run with executable stack and data segment References: https://github.com/x0reaxeax/exec-prot-bypass https://github.com/torvalds/linux/blob/1c33bb0507508af24fd754dd7123bd8e997fab2f/arch/x86/include/asm/elf.h#L281-L294 Notes: + bwh> This is necessary backward compatibility and can be disabled + bwh> through an LSM if wanted. Bugs: -upstream: -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +upstream: ignored "Not a security flaw" +5.10-upstream-stable: ignored "Not a security flaw" +4.19-upstream-stable: ignored "Not a security flaw" +4.9-upstream-stable: ignored "Not a security flaw" +sid: ignored "Not a security flaw" +5.10-bullseye-security: ignored "Not a security flaw" +4.19-buster-security: ignored "Not a security flaw" +4.9-stretch-security: ignored "Not a security flaw" |