Fill in missing status for nearly all 2022 issues

author: Ben Hutchings <ben@decadent.org.uk> 2022-12-17 03:05:04 +0100
committer: Ben Hutchings <ben@decadent.org.uk> 2022-12-17 03:07:29 +0100
commit: 89cd9ece8fa07ca04f9a25e14cccc562b514a1a4 (patch)
tree: 49c981aab54fd320209f70f42d6a47982f87640d /active/CVE-2022-2961
parent: dc2ce1b63a9722308e68ff1626638579d2e89967 (diff)
1 files changed, 13 insertions, 6 deletions
diff --git a/active/CVE-2022-2961 b/active/CVE-2022-2961
index db0c32b6..7984f15d 100644
--- a/active/CVE-2022-2961
+++ b/active/CVE-2022-2961
@@ -5,10 +5,17 @@ Notes:
  carnil> Possible fix is 2df91e397d85 ("net: rose: add netdev ref
  carnil> tracker to 'struct rose_sock'") but as of 2022-08-30 no
  carnil> clarification in RHBZ#2120595.
+ bwh> This is not fixed by commit 2df91e397d85.  The problem is that
+ bwh> rose_bind() doesn't prevent two concurrent bind calls on the same
+ bwh> socket from succeeding.  It checks that the SOCK_ZAPPED flag is set
+ bwh> at the top, and clears it at the bottom, leaving a race condition
+ bwh> between those bit operations.
+ bwh> In bullseye and newer releases this is mitigated because we
+ bwh> disabled auto-loading of the rose module.
 Bugs:
-upstream:
-5.10-upstream-stable:
-4.19-upstream-stable:
-sid:
-5.10-bullseye-security:
-4.19-buster-security:
+upstream: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+sid: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
author	Ben Hutchings <ben@decadent.org.uk>	2022-12-17 03:05:04 +0100
committer	Ben Hutchings <ben@decadent.org.uk>	2022-12-17 03:07:29 +0100
commit	89cd9ece8fa07ca04f9a25e14cccc562b514a1a4 (patch)
tree	49c981aab54fd320209f70f42d6a47982f87640d /active/CVE-2022-2961
parent	dc2ce1b63a9722308e68ff1626638579d2e89967 (diff)