Retire some CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2022-07-09 09:17:00 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-07-09 09:17:00 +0200
commit: 1d7ab5b770f647285a30a7beb8b89849d90a7239 (patch)
tree: b2ecf3a6324dfefc0c411817cf3bcdfd369ca30c /active
parent: 84f20296db7ee0ec1846e790ad100c292c93a1b7 (diff)
24 files changed, 0 insertions, 420 deletions
diff --git a/active/CVE-2018-1108 b/active/CVE-2018-1108
deleted file mode 100644
index 56547cf4..00000000
--- a/active/CVE-2018-1108
+++ /dev/null
@@ -1,24 +0,0 @@
-Description: random: fix crng_ready() test
-References:
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1559
-Notes:
- carnil> Commit message mentions as fixing commit for CVE-2018-1108
- carnil> 43838a23a05fbd13e47d750d3dfd77001536dd33, and related commits
- carnil> dc12baacb95f205948f64dc936a47d89ee110117 (needed for 4.13+)
- carnil> and 8ef35c866f8862df074a49a93b0309725812dea8 (needed for 4.8+)
- carnil> CVE-2018-1108 itself has "Cc: stable@kernel.org # 4.8+"
- carnil> 4.9.88-1+deb9u1 reverts the fix due to various reported regressions.
- bwh> This is finally being fixed for 4.9 through a backport of the
- bwh> random driver that includes improvements to entropy gathering and
- bwh> so avoids the regression.
-Bugs:
-upstream: released (4.17-rc2) [43838a23a05fbd13e47d750d3dfd77001536dd33]
-4.19-upstream-stable: N/A "Fixed before branch point"
-4.9-upstream-stable: released (4.9.96) [4dfb3442bb7e1fb80515df4a199ca5a7a8edf900]
-3.16-upstream-stable: N/A "Vulnerable code not present"
-3.2-upstream-stable: N/A "Vulnerable code not present"
-sid: released (4.16.5-1)
-4.19-buster-security: N/A "Fixed before branching point"
-4.9-stretch-security: released (4.9.320-2)
-3.16-jessie-security: N/A "Vulnerable code not present"
-3.2-wheezy-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2021-3772 b/active/CVE-2021-3772
deleted file mode 100644
index 90a5b95b..00000000
--- a/active/CVE-2021-3772
+++ /dev/null
@@ -1,22 +0,0 @@
-Description: Invalid chunks may be used to remotely remove existing associations
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=2000694
- https://lore.kernel.org/stable/20220315132009.2080417-1-ovidiu.panait@windriver.com/
- https://lore.kernel.org/stable/20220315132510.2088935-1-ovidiu.panait@windriver.com/
-Notes:
- carnil> Fixed as well in 5.14.16 for 5.14.y series.
- carnil> One comit was missing in the initial 5.10.y series, the
- carnil> backport of eae578390804 ("sctp: fix the processing for INIT
- carnil> chunk"). Two commits were missing in the 4.19.y series
- carnil> initially, eae578390804 ("sctp: fix the processing for INIT
- carnil> chunk") and 438b95a7c98f ("sctp: fix the processing for
- carnil> INIT_ACK chunk").
-Bugs:
-upstream: released (5.15) [4f7019c7eb33967eb87766e0e4602b5576873680, eae5783908042a762c24e1bd11876edb91d314b1, 438b95a7c98f77d51cbf4db021f41b602d750a3f, a64b341b8695e1c744dd972b39868371b4f68f83, aa0f697e45286a6b5f0ceca9418acf54b9099d99, ef16b1734f0a176277b7bb9c71a6d977a6ef3998, 9d02831e517aa36ee6bdb453a0eb47bd49923fe3]
-5.10-upstream-stable: released (5.10.77) [ad111d4435d85fd3eeb2c09692030d89f8862401, 8c50693d25e4ab6873b32bc3cea23b382a94d05f, dad2486414b5c81697aa5a24383fbb65fad13cae, 14c1e02b11c2233343573aff90766ef8472f27e7, c2442f721972ea7c317fbfd55c902616b3151ad5, a7112b8eeb14b3db21bc96abc79ca7525d77e129], released (5.10.107) [6056abc99b58fe55033577f3ad6e28d001a27641]
-4.19-upstream-stable: released (4.19.215) [1f52dfacca7bb315d89f5ece5660b0337809798e, 86044244fc6f9eaec0070cb668e0d500de22dbba, 7bf2f6a30d1851c530ad5e4ee7e5c45fb6be0128, d9a4f990aab48dd5c134a9e76c7b651d404b05d3, 1ff3c379248ea579aa122d4ca245028e4bc9af23], released (4.19.236) [59e2c108bf5ff90db5310ce749f57e37f6d3da38, 0ad6f021f6c354ab8daf29ec10f3c2340918d5d3]
-4.9-upstream-stable: released (4.9.289) [42ce7a69f8140783bab908dc29a93c0bcda315d5, 16d0bfb045abf587c72d46dfea56c20c4aeda927], needed
-sid: released (5.14.16-1)
-5.10-bullseye-security: released (5.10.84-1), released (5.10.113-1)
-4.19-buster-security: released (4.19.232-1), released (4.19.235-1)
-4.9-stretch-security: ignored "EOL"
diff --git a/active/CVE-2021-39802 b/active/CVE-2021-39802
deleted file mode 100644
index 643a5eb5..00000000
--- a/active/CVE-2021-39802
+++ /dev/null
@@ -1,25 +0,0 @@
-Description: ANDROID: mm: Incorrect page permission management
-References:
- https://source.android.com/security/bulletin/2022-04-01
- https://android.googlesource.com/kernel/common/+/ac4488815518c
- https://android.googlesource.com/kernel/common/+/b44e46bb047d1
- https://android.googlesource.com/kernel/common/+/67d075d23a8bc
- https://android.googlesource.com/kernel/common/+/6f9aba5a20b84
- https://bugzilla.suse.com/show_bug.cgi?id=1198445
- https://lore.kernel.org/all/CAHk-=wj4KCujAH_oPh40Bkp48amM4MXr+8AcbZ=qd5LF4Q+TDg@mail.gmail.com/#t
-Notes:
- carnil> Unclear if this is Android specific. If so we might just drop
- carnil> this entry.
- carnil> this is probably not an issue in mainline, the propblematic
- carnil> patch introducing the vulnerability was not merged in Linus
- carnil> tree, cf. https://lore.kernel.org/all/CAHk-=wj4KCujAH_oPh40Bkp48amM4MXr+8AcbZ=qd5LF4Q+TDg@mail.gmail.com/#t
- bwh> This is indeed Android-specific.
-Bugs:
-upstream: N/A "Vulnerability never present"
-5.10-upstream-stable: N/A "Vulnerability never present"
-4.19-upstream-stable: N/A "Vulnerability never present"
-4.9-upstream-stable: N/A "Vulnerability never present"
-sid: N/A "Vulnerability never present"
-5.10-bullseye-security: N/A "Vulnerability never present"
-4.19-buster-security: N/A "Vulnerability never present"
-4.9-stretch-security: N/A "Vulnerability never present"
diff --git a/active/CVE-2021-4149 b/active/CVE-2021-4149
deleted file mode 100644
index 05808c87..00000000
--- a/active/CVE-2021-4149
+++ /dev/null
@@ -1,17 +0,0 @@
-Description: Improper lock operation in btrfs
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=2026485
- https://lkml.org/lkml/2021/10/18/885
- https://lkml.org/lkml/2021/9/13/2565
-Notes:
- bwh> Commit message says the fix is applicable to 5.4 onward,
- bwh> but earlier versions seem to have the same bug.
-Bugs:
-upstream: released (5.15-rc6) [19ea40dddf1833db868533958ca066f368862211]
-5.10-upstream-stable: released (5.10.75) [206868a5b6c14adc4098dd3210a2f7510d97a670]
-4.19-upstream-stable: released (4.19.235) [73d55fa1b9310573f623195a4f7ab3170bbaf248]
-4.9-upstream-stable: released (4.9.307) [43bfa08ba62a1ca7a22365c7092e491e04327efb]
-sid: released (5.14.16-1)
-5.10-bullseye-security: released (5.10.84-1)
-4.19-buster-security: released (4.19.235-1)
-4.9-stretch-security: released (4.9.320-2)
diff --git a/active/CVE-2022-0494 b/active/CVE-2022-0494
deleted file mode 100644
index 1a3b874a..00000000
--- a/active/CVE-2022-0494
+++ /dev/null
@@ -1,14 +0,0 @@
-Description: block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=2039448
- https://lore.kernel.org/all/20220216084038.15635-1-tcs.kernel@gmail.com/
-Notes:
-Bugs:
-upstream: released (5.17-rc5) [cc8f7fe1f5eab010191aa4570f27641876fa1267]
-5.10-upstream-stable: released (5.10.115) [a439819f4797f0846c7cffa9475f44aef23c541f]
-4.19-upstream-stable: released (4.19.246) [18243d8479fd77952bdb6340024169d30b173a40]
-4.9-upstream-stable: released (4.9.317) [d59073bedb7cf752b8cd4027dd0f67cf7ac4330f]
-sid: released (5.16.14-1)
-5.10-bullseye-security: released (5.10.120-1)
-4.19-buster-security: released (4.19.249-1)
-4.9-stretch-security: released (4.9.320-2)
diff --git a/active/CVE-2022-0812 b/active/CVE-2022-0812
deleted file mode 100644
index e53cf514..00000000
--- a/active/CVE-2022-0812
+++ /dev/null
@@ -1,19 +0,0 @@
-Description: NFS over RDMA random memory leakage
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=2058955
- https://bugzilla.suse.com/show_bug.cgi?id=1196639
-Notes:
- carnil> As per 2022-03-02 no details provided yet in the Red Hat
- carnil> Bugzilla entry.
- carnil> The fix is possibly 912288442cb2 ("xprtrdma: fix incorrect
- carnil> header size calculations"). Intorduced by 302d3deb2068
- carnil> ("xprtrdma: Prevent inline overflow").
-Bugs:
-upstream: released (5.8-rc6) [912288442cb2f431bf3c8cb097a5de83bc6dbac1]
-5.10-upstream-stable: N/A "Fixed before branching point"
-4.19-upstream-stable: released (4.19.249) [4103bc54d8684a099615ae1fbab0590cf2167024]
-4.9-upstream-stable: released (4.9.320) [ca6226b5c5b4cf8c41ab7c759686c9aab43a2a33]
-sid: released (5.7.10-1)
-5.10-bullseye-security: N/A "Fixed before branching point"
-4.19-buster-security: released (4.19.249-1)
-4.9-stretch-security: released (4.9.320-1)
diff --git a/active/CVE-2022-0854 b/active/CVE-2022-0854
deleted file mode 100644
index 5ca5db34..00000000
--- a/active/CVE-2022-0854
+++ /dev/null
@@ -1,26 +0,0 @@
-Description: swiotlb information leak with DMA_FROM_DEVICE
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=2058395
- https://bugzilla.suse.com/show_bug.cgi?id=1196823
-Notes:
- carnil> For 5.16.y fixed as well in 5.16.15.
- carnil> The initial fix commited to mainline which landed in 5.17-rc6
- carnil> was an old version and so made necessary to followup with a
- carnil> rework commit aa6f8dcbab47 ("swiotlb: rework "fix info leak
- carnil> with DMA_FROM_DEVICE"").
- carnil> The second part of the fix was holded back for stable trees due to
- carnil> regression caused on at least some wireless drivers, cf.
- carnil> https://lore.kernel.org/stable/Yj7oXgoCdhWAwFQt@kroah.com/
- bwh> The second part (commit aa6f8dcbab47) was reverted and replaced by
- bwh> commit 901c7280ca0d "Reinstate some of "swiotlb: rework "fix info
- bwh> leak with DMA_FROM_DEVICE""" in 5.18-rc1. That was applied in 5.17.2
- bwh> but should probably be applied to other stable branches too.
-Bugs:
-upstream: released (5.17-rc6) [ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e], released (5.18-rc1) [901c7280ca0d5e2b4a8929fbe0bfb007ac2a6544]
-5.10-upstream-stable: released (5.10.110) [d4d975e7921079f877f828099bb8260af335508f], released (5.10.118) [f3f2247ac31cb71d1f05f56536df5946c6652f4a]
-4.19-upstream-stable: released (4.19.245) [8d9ac1b6665c73f23e963775f85d99679fd8e192, 06cb238b0f7ac1669cb06390704c61794724c191]
-4.9-upstream-stable: released (4.9.320) [c132f2ba716b5ee6b35f82226a6e5417d013d753, fd97de9c7b973f46a6103f4170c5efc7b8ef8797]
-sid: released (5.17.3-1)
-5.10-bullseye-security: released (5.10.113-1), released (5.10.120-1)
-4.19-buster-security: released (4.19.249-1)
-4.9-stretch-security: released (4.9.320-2)
diff --git a/active/CVE-2022-1198 b/active/CVE-2022-1198
deleted file mode 100644
index d0dd0faf..00000000
--- a/active/CVE-2022-1198
+++ /dev/null
@@ -1,19 +0,0 @@
-Description: use-after-free in drivers/net/hamradio/6pack.c
-References:
- https://www.openwall.com/lists/oss-security/2022/04/02/3
- https://bugzilla.redhat.com/show_bug.cgi?id=2070689
-Notes:
- bwh> I'm not sure how old this is but it seems to be present back to 4.9.
- bwh> This depeneds on commits 0b9111922b1f "hamradio: defer 6pack kfree
- bwh> after unregister_netdev" and 81b1d548d00b "hamradio: remove
- bwh> needs_free_netdev to avoid UAF", but those are *not* yet included
- bwh> in the stable backports.
-Bugs:
-upstream: released (5.17-rc6) [efe4186e6a1b54bf38b9e05450d43b0da1fd7739]
-5.10-upstream-stable: released (5.10.110) [f67a1400788f550d201c71aeaf56706afe57f0da]
-4.19-upstream-stable: released (4.19.238) [79e2f40c210a47f283bca352745068207798fbb9]
-4.9-upstream-stable: released (4.9.311) [45d1a63bacf2b6ab27f9b11b5a2431e19d34d01f]
-sid: released (5.16.18-1)
-5.10-bullseye-security: released (5.10.113-1)
-4.19-buster-security: released (4.19.249-1)
-4.9-stretch-security: released (4.9.320-2)
diff --git a/active/CVE-2022-1199 b/active/CVE-2022-1199
deleted file mode 100644
index ef5734f4..00000000
--- a/active/CVE-2022-1199
+++ /dev/null
@@ -1,14 +0,0 @@
-Description: Null pointer dereference and use-after-free in ax25_release()
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=2070694
- https://www.openwall.com/lists/oss-security/2022/04/02/5
-Notes:
-Bugs:
-upstream: released (5.17-rc3) [4e0f718daf97d47cf7dec122da1be970f145c809], released (5.17-rc4) [7ec02f5ac8a5be5a3f20611731243dc5e1d9ba10], released (5.17-rc8) [71171ac8eb34ce7fe6b3267dce27c313ab3cb3ac]
-5.10-upstream-stable: released (5.10.102) [b9a229fd48bfa45edb954c75a57e3931a3da6c5f], released (5.10.106) [e2201ef32f933944ee02e59205adb566bafcdf91], released (5.10.112) [145ea8d213e8f46667cd904ae79d17f298750f00]
-4.19-upstream-stable: released (4.19.231) [3072e72814de56f3c674650a8af98233ddf78b19], released (4.19.235) [5ab8de9377edde3eaf1de9872e2f01d43157cd6c], released (4.19.240) [cb18d72179bf42a6ccd2b311739017b0ba9bc26e]
-4.9-upstream-stable: released (4.9.303) [851901d339b2ba766ffcf754d37a6f52fa07cea2], released (4.9.307) [cad71f1094834eb69f7ceec8100d300c26b43053]
-sid: released (5.16.18-1)
-5.10-bullseye-security: released (5.10.106-1), released (5.10.113-1)
-4.19-buster-security: released (4.19.235-1), released (4.19.249-1)
-4.9-stretch-security: released (4.9.320-2)
diff --git a/active/CVE-2022-1353 b/active/CVE-2022-1353
deleted file mode 100644
index c255de10..00000000
--- a/active/CVE-2022-1353
+++ /dev/null
@@ -1,14 +0,0 @@
-Description: af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=2066819
- https://lore.kernel.org/all/20220321215240.490132-2-sashal@kernel.org/
-Notes:
-Bugs:
-upstream: released (5.17) [9a564bccb78a76740ea9d75a259942df8143d02c]
-5.10-upstream-stable: released (5.10.110) [8d3f4ad43054619379ccc697cfcbdb2c266800d8]
-4.19-upstream-stable: released (4.19.238) [693fe8af9a2625139de07bd1ae212a7d89c37795]
-4.9-upstream-stable: released (4.9.311) [7b0e01a9b7f2aaeb6fa73b35864b1d7dc6e795c4]
-sid: released (5.17.3-1)
-5.10-bullseye-security: released (5.10.113-1)
-4.19-buster-security: released (4.19.249-1)
-4.9-stretch-security: released (4.9.320-2)
diff --git a/active/CVE-2022-1508 b/active/CVE-2022-1508
deleted file mode 100644
index 8993a0e5..00000000
--- a/active/CVE-2022-1508
+++ /dev/null
@@ -1,15 +0,0 @@
-Description: io_uring: reexpand under-reexpanded iters
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=2075533
-Notes:
- bwh> Introduced in 5.9 by commit 842163154b87 "io_uring: revert consumed
- bwh> iov_iter bytes on error".
-Bugs:
-upstream: released (5.15-rc1) [2112ff5ce0c1128fe7b4d19cfe7f2b8ce5b595fa, 89c2b3b74918200e46699338d7bcc19b1ea12110]
-5.10-upstream-stable: released (5.10.120) [8adb751d294ed3b668f1c7e41bd7ebe49002a744]
-4.19-upstream-stable: N/A "Vulnerable code not present"
-4.9-upstream-stable: N/A "Vulnerable code not present"
-sid: released (5.15.3-1)
-5.10-bullseye-security: released (5.10.120-1)
-4.19-buster-security: N/A "Vulnerable code not present"
-4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2022-1516 b/active/CVE-2022-1516
deleted file mode 100644
index 5923750a..00000000
--- a/active/CVE-2022-1516
+++ /dev/null
@@ -1,13 +0,0 @@
-Description: net/x25: Fix null-ptr-deref caused by x25_disconnect
-References:
-Notes:
- carnil> CONFIG_X25 is not set in Debian.
-Bugs:
-upstream: released (5.18-rc1) [7781607938c8371d4c2b243527430241c62e39c2]
-5.10-upstream-stable: released (5.10.110) [5c94b6205e87411dbe9dc1ca088eb36b8837fb47]
-4.19-upstream-stable: released (4.19.238) [4c240c5a105557e4546d0836e694868f22fd09b0]
-4.9-upstream-stable: released (4.9.311) [dffc859d1d9560da594e4282091781b8d2715f00]
-sid: released (5.17.3-1)
-5.10-bullseye-security: released (5.10.113-1)
-4.19-buster-security: released (4.19.249-1)
-4.9-stretch-security: released (4.9.320-2)
diff --git a/active/CVE-2022-1652 b/active/CVE-2022-1652
deleted file mode 100644
index a6ddf10a..00000000
--- a/active/CVE-2022-1652
+++ /dev/null
@@ -1,14 +0,0 @@
-Description: A concurrency use-after-free in bad_flp_intr
-References:
- https://www.openwall.com/lists/oss-security/2022/05/10/1
- https://www.openwall.com/lists/oss-security/2022/05/10/2
-Notes:
-Bugs:
-upstream: released (5.18-rc6) [f71f01394f742fc4558b3f9f4c7ef4c4cf3b07c8]
-5.10-upstream-stable: released (5.10.118) [911b36267855501f7f80a75927c128c0ac03fe58]
-4.19-upstream-stable: released (4.19.245) [3392d8711ad9e5b688999c948fd36d798c0d075d]
-4.9-upstream-stable: released (4.9.316) [2adafe1c646b462c755e99216f966927eec96059]
-sid: released (5.17.11-1)
-5.10-bullseye-security: released (5.10.120-1)
-4.19-buster-security: released (4.19.249-1)
-4.9-stretch-security: ignored "EOL"
diff --git a/active/CVE-2022-1734 b/active/CVE-2022-1734
deleted file mode 100644
index d0d7df2e..00000000
--- a/active/CVE-2022-1734
+++ /dev/null
@@ -1,17 +0,0 @@
-Description: nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
-References:
- https://www.openwall.com/lists/oss-security/2022/06/05/3
- https://bugzilla.redhat.com/show_bug.cgi?id=2086766
-Notes:
- carnil> CONFIG_NFC_MRVL to support Marvell NFC devices is not set in
- carnil> Debian.
- carnil> For 5.17.y fixed as well in 5.17.7.
-Bugs:
-upstream: released (5.18-rc6) [d270453a0d9ec10bb8a802a142fb1b3601a83098]
-5.10-upstream-stable: released (5.10.115) [1961c5a688edb53fe3bc25cbda57f47adf12563c]
-4.19-upstream-stable: released (4.19.242) [b266f492b2af82269aaaab871ac3949420ae678c]
-4.9-upstream-stable: released (4.9.313) [4721695be941626e4b18b89e0641e36fc385cfd8]
-sid: released (5.17.11-1)
-5.10-bullseye-security: released (5.10.120-1)
-4.19-buster-security: released (4.19.249-1)
-4.9-stretch-security: released (4.9.320-2)
diff --git a/active/CVE-2022-1789 b/active/CVE-2022-1789
deleted file mode 100644
index 7378b6e8..00000000
--- a/active/CVE-2022-1789
+++ /dev/null
@@ -1,18 +0,0 @@
-Description: KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
-References:
- https://www.openwall.com/lists/oss-security/2022/05/25/2
-Notes:
- carnil> Fixed in 5.17.12 for 5.17.y.
- bwh> This appears to have been introduced in 5.8 by commit 5efac0741ce2
- bwh> "KVM: x86: introduce kvm_mmu_invalidate_gva", as before that
- bwh> the invlpg function pointer would not be set to NULL when paging
- bwh> was disabled.
-Bugs:
-upstream: released (5.18) [9f46c187e2e680ecd9de7983e4d081c3391acc76]
-5.10-upstream-stable: released (5.10.119) [9b4aa0d80b18b9d19e62dd47d22e274ce92cdc95]
-4.19-upstream-stable: N/A "Vulnerability introduced later"
-4.9-upstream-stable: N/A "Vulnerability introduced later"
-sid: released (5.17.11-1) [bugfix/x86/KVM-x86-mmu-fix-NULL-pointer-dereference-on-guest-IN.patch]
-5.10-bullseye-security: released (5.10.120-1)
-4.19-buster-security: N/A "Vulnerability introduced later"
-4.9-stretch-security: N/A "Vulnerability introduced later"
diff --git a/active/CVE-2022-1972 b/active/CVE-2022-1972
deleted file mode 100644
index 4820c22a..00000000
--- a/active/CVE-2022-1972
+++ /dev/null
@@ -1,17 +0,0 @@
-Description: netfilter: nf_tables: sanitize nft_set_desc_concat_parse()
-References:
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=fecf31ee395b0295f2d7260aa29946b7605f7c85
- https://www.openwall.com/lists/oss-security/2022/06/02/1
-Notes:
- carnil> Commit fixes f3a2181e16f1 ("netfilter: nf_tables: Support for
- carnil> sets with multiple ranged fields") in 5.6-rc1.
- carnil> Fixed for 5.17.y in 5.17.13 and for 5.18.y in 5.18.2
-Bugs:
-upstream: released (5.19-rc1) [fecf31ee395b0295f2d7260aa29946b7605f7c85]
-5.10-upstream-stable: released (5.10.120) [c0aff1faf66b6b7a19103f83e6a5d0fdc64b9048]
-4.19-upstream-stable: N/A "Vulnerable code not present"
-4.9-upstream-stable: N/A "Vulnerable code not present"
-sid: released (5.18.2-1)
-5.10-bullseye-security: released (5.10.120-1)
-4.19-buster-security: N/A "Vulnerable code not present"
-4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2022-1973 b/active/CVE-2022-1973
deleted file mode 100644
index 9de5b1ed..00000000
--- a/active/CVE-2022-1973
+++ /dev/null
@@ -1,15 +0,0 @@
-Description: fs/ntfs3: Fix invalid free in log_replay
-References:
- https://www.openwall.com/lists/oss-security/2022/06/08/1
-Notes:
- carnil> Unimportant for Debian as NTFS3_FS not enabled.
- carnil> For 5.18.y fixed in 5.18.3.
-Bugs:
-upstream: released (5.19-rc1) [f26967b9f7a830e228bb13fb41bd516ddd9d789d]
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-4.9-upstream-stable: N/A "Vulnerable code not present"
-sid: released (5.18.5-1)
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
-4.9-stretch-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2022-1974 b/active/CVE-2022-1974
deleted file mode 100644
index 95aeeb38..00000000
--- a/active/CVE-2022-1974
+++ /dev/null
@@ -1,13 +0,0 @@
-Description: nfc: replace improper check device_is_registered() in netlink related functions
-References:
- https://www.openwall.com/lists/oss-security/2022/06/05/1
-Notes:
-Bugs:
-upstream: released (5.18-rc6) [da5c0f119203ad9728920456a0f52a6d850c01cd]
-5.10-upstream-stable: released (5.10.115) [8a9e7c64f4a02c4c397e55ba379609168ec7df4a]
-4.19-upstream-stable: released (4.19.242) [7deebb94a311da0e02e621e765c3aef3d5936572]
-4.9-upstream-stable: released (4.9.313) [fa2217b66467917a623993c14d671661ad625fb6]
-sid: released (5.17.11-1)
-5.10-bullseye-security: released (5.10.120-1)
-4.19-buster-security: released (4.19.249-1)
-4.9-stretch-security: released (4.9.320-2)
diff --git a/active/CVE-2022-1975 b/active/CVE-2022-1975
deleted file mode 100644
index 3c5d6bcd..00000000
--- a/active/CVE-2022-1975
+++ /dev/null
@@ -1,13 +0,0 @@
-Description: NFC: netlink: fix sleep in atomic bug when firmware download timeout
-References:
- https://www.openwall.com/lists/oss-security/2022/06/05/2
-Notes:
-Bugs:
-upstream: released (5.18-rc6) [4071bf121d59944d5cd2238de0642f3d7995a997]
-5.10-upstream-stable: released (5.10.115) [879b075a9a364a325988d4484b74311edfef82a1]
-4.19-upstream-stable: released (4.19.242) [d360fc8df363ecd7892d755d69ffc8c61d699e38]
-4.9-upstream-stable: released (4.9.313) [a93ea9595fde438996d7b9322749d4d1921162f7]
-sid: released (5.17.11-1)
-5.10-bullseye-security: released (5.10.120-1)
-4.19-buster-security: released (4.19.249-1)
-4.9-stretch-security: released (4.9.320-2)
diff --git a/active/CVE-2022-20148 b/active/CVE-2022-20148
deleted file mode 100644
index 437ccdb2..00000000
--- a/active/CVE-2022-20148
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: f2fs: fix UAF in f2fs_available_free_memory
-References:
- https://source.android.com/security/bulletin/pixel/2022-06-01
-Notes:
- bwh> Actually introduced in 5.13, not fixed, by the first
- bwh> referenced commit d6d2b491a82e "f2fs: allow to change discard
- bwh> policy based on cached discard cmds".
-Bugs:
-upstream: released (5.16-rc1) [5429c9dbc9025f9a166f64e22e3a69c94fd5b29b]
-5.10-upstream-stable: N/A "Vulnerability introduced later"
-4.19-upstream-stable: N/A "Vulnerability introduced later"
-4.9-upstream-stable: N/A "Vulnerability introduced later"
-sid: released (5.15.3-1)
-5.10-bullseye-security: N/A "Vulnerability introduced later"
-4.19-buster-security: N/A "Vulnerability introduced later"
-4.9-stretch-security: N/A "Vulnerability introduced later"
diff --git a/active/CVE-2022-20154 b/active/CVE-2022-20154
deleted file mode 100644
index 955029ff..00000000
--- a/active/CVE-2022-20154
+++ /dev/null
@@ -1,15 +0,0 @@
-Description: sctp: use call_rcu to free endpoint
-References:
- https://source.android.com/security/bulletin/pixel/2022-06-01
-Notes:
- bwh> Introdued in 4.14 by commit d25adbeb0cdb "sctp: fix an
- bwh> use-after-free issue in sctp_sock_dump".
-Bugs:
-upstream: released (5.16-rc8) [5ec7d18d1813a5bead0b495045606c93873aecbb]
-5.10-upstream-stable: released (5.10.90) [769d14abd35e0e153b5149c3e1e989a9d719e3ff]
-4.19-upstream-stable: released (4.19.224) [af6e6e58f7ebf86b4e7201694b1e4f3a62cbc3ec]
-4.9-upstream-stable: N/A "Vulnerability introduced later"
-sid: released (5.15.15-1)
-5.10-bullseye-security: released (5.10.92-1)
-4.19-buster-security: released (4.19.232-1)
-4.9-stretch-security: N/A "Vulnerability introduced later"
diff --git a/active/CVE-2022-21123 b/active/CVE-2022-21123
deleted file mode 100644
index 6f01a4d2..00000000
--- a/active/CVE-2022-21123
+++ /dev/null
@@ -1,20 +0,0 @@
-Description: Shared Buffers Data Read (SBDR)
-References:
- https://lwn.net/Articles/898011/
- https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_stale_data.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
- https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#SBDR
-Notes:
- carnil> Got fixed for stable series in 5.18.5, 5.15.48, 5.10.123,
- carnil> 5.4.199, 4.19.248, 4.14.284, and 4.9.319. The older series
- carnil> required some preparational commits as well not listed here
- carnil> though.
-Bugs:
-upstream: released (5.19-rc3) [4419470191386456e0b8ed4eb06a70b0021798a6, 51802186158c74a0304f51ab963e7c2b3a2b046f, f52ea6c26953fed339aa4eae717ee5c2133c7ff2, 8cb861e9e3c9a55099ad3d08e1a3b653d29c33ca, e5925fb867290ee924fcf2fe3ca887b792714366, 99a83db5a605137424e1efe29dc0573d6a5b6316, 8d50cdf8b8341770bc6367bce40c0c1bb0e1d5b3, 22cac9c677c95f3ac5c9244f8ca0afdc7c8afb19, a992b8a4682f119ae035a01b40d4d0665c4a2875, 027bbb884be006b05d9c577d6401686053aa789e, 1dc6ff02c8bf77d71b9b5d11cbc9df77cfb28626]
-5.10-upstream-stable: released (5.10.123) [f8a85334a57e7842320476ff27be3a5f151da364, e66310bc96b74ed3df9993e5d835ef3084d62048, f83d4e5be4a3955a6c8af61ecec0934d0ece40c0, 26f6f231f6a5a79ccc274967939b22602dec76e8, 56f0bca5e9c8456b7bb7089cbb6de866a9ba6da9, 3eb1180564fa0ecedc33b44029da7687c0a9fbf5, 001415e4e626403c9ff35f2498feb0021d0c8328, cf1c01a5e4c3e269b9211ae2ef0a57f8c9474bfc, 6df693dca31218f76c63b6fd4aa7b7db3bd6e049, bde15fdcce44956278b4f50680b7363ca126ffb9, aa238a92cc94a15812c0de4adade86ba8f22707a]
-4.19-upstream-stable: released (4.19.248) [2bb1c263b6797e2701a5f4ffe503a8ce15c0167e, 9277b11cafd0472db9e7d634de52d7c5d8d25462, d03de576a604899741a0ebadcfe2a4a19ee53ba3, 9f2ce43ebc33713ba02a89a66bd5f93c2f3a82cf, 54974c8714283feb5bf64df3bfe0f44267db5a3c, 8b42145e8c9903d4805651e08f4fca628e166642, f2983fbba1cccac611d4966277f0336374fad0be, 3ecb6dbad25b448ed8240f0ec2c7a8ff5155b7ea, 0e94464009ee37217a7e450c96ea1f8d42d3a6b5, e0d1437042f0b491bf2cb7880628b0bd7783f80d, 0255c936bfaa1887f7043b995f1c9e1049bb25f1]
-4.9-upstream-stable: released (4.9.319) [63c10e92b86a6cddd5294cda9f80eb7961cb1046, 19aa53c9eb2cf3a78ee44800e20bb34babe60f45, 91ab1073814aa5d44fb3d8e2423ffdc61a421cac, a11f2f05f5c605d1f6573b0cdcd2a6f38667fda1, 5da4d16872d3d15dac54b5a6f83f54e28bc3a477, 6ecdbc9dc777a5b66a9ec293af88ab330dd644a2, 8acd4bf9427eaf18a801db3f2508a2d89914d51d, 48e40e2cccb37c1f9c345014ca55c41bb8baee66, b7efb3a62fffa509e21d076aa2e75331c79fe36d, da06c60d1dfef826512068d09aed3b6a70b5e5c9, 71078b82164e36c893dc0764866e3783b1988fb4]
-sid: released (5.18.5-1)
-5.10-bullseye-security: released (5.10.127-1)
-4.19-buster-security: released (4.19.249-1)
-4.9-stretch-security: released (4.9.320-2)
diff --git a/active/CVE-2022-21125 b/active/CVE-2022-21125
deleted file mode 100644
index d4dcedcc..00000000
--- a/active/CVE-2022-21125
+++ /dev/null
@@ -1,20 +0,0 @@
-Description: Shared Buffers Data Sampling (SBDS)
-References:
- https://lwn.net/Articles/898011/
- https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_stale_data.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
- https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#SBDS
-Notes:
- carnil> Got fixed for stable series in 5.18.5, 5.15.48, 5.10.123,
- carnil> 5.4.199, 4.19.248, 4.14.284, and 4.9.319. The older series
- carnil> required some preparational commits as well not listed here
- carnil> though.
-Bugs:
-upstream: released (5.19-rc3) [4419470191386456e0b8ed4eb06a70b0021798a6, 51802186158c74a0304f51ab963e7c2b3a2b046f, f52ea6c26953fed339aa4eae717ee5c2133c7ff2, 8cb861e9e3c9a55099ad3d08e1a3b653d29c33ca, e5925fb867290ee924fcf2fe3ca887b792714366, 99a83db5a605137424e1efe29dc0573d6a5b6316, 8d50cdf8b8341770bc6367bce40c0c1bb0e1d5b3, 22cac9c677c95f3ac5c9244f8ca0afdc7c8afb19, a992b8a4682f119ae035a01b40d4d0665c4a2875, 027bbb884be006b05d9c577d6401686053aa789e, 1dc6ff02c8bf77d71b9b5d11cbc9df77cfb28626]
-5.10-upstream-stable: released (5.10.123) [f8a85334a57e7842320476ff27be3a5f151da364, e66310bc96b74ed3df9993e5d835ef3084d62048, f83d4e5be4a3955a6c8af61ecec0934d0ece40c0, 26f6f231f6a5a79ccc274967939b22602dec76e8, 56f0bca5e9c8456b7bb7089cbb6de866a9ba6da9, 3eb1180564fa0ecedc33b44029da7687c0a9fbf5, 001415e4e626403c9ff35f2498feb0021d0c8328, cf1c01a5e4c3e269b9211ae2ef0a57f8c9474bfc, 6df693dca31218f76c63b6fd4aa7b7db3bd6e049, bde15fdcce44956278b4f50680b7363ca126ffb9, aa238a92cc94a15812c0de4adade86ba8f22707a]
-4.19-upstream-stable: released (4.19.248) [2bb1c263b6797e2701a5f4ffe503a8ce15c0167e, 9277b11cafd0472db9e7d634de52d7c5d8d25462, d03de576a604899741a0ebadcfe2a4a19ee53ba3, 9f2ce43ebc33713ba02a89a66bd5f93c2f3a82cf, 54974c8714283feb5bf64df3bfe0f44267db5a3c, 8b42145e8c9903d4805651e08f4fca628e166642, f2983fbba1cccac611d4966277f0336374fad0be, 3ecb6dbad25b448ed8240f0ec2c7a8ff5155b7ea, 0e94464009ee37217a7e450c96ea1f8d42d3a6b5, e0d1437042f0b491bf2cb7880628b0bd7783f80d, 0255c936bfaa1887f7043b995f1c9e1049bb25f1]
-4.9-upstream-stable: released (4.9.319) [63c10e92b86a6cddd5294cda9f80eb7961cb1046, 19aa53c9eb2cf3a78ee44800e20bb34babe60f45, 91ab1073814aa5d44fb3d8e2423ffdc61a421cac, a11f2f05f5c605d1f6573b0cdcd2a6f38667fda1, 5da4d16872d3d15dac54b5a6f83f54e28bc3a477, 6ecdbc9dc777a5b66a9ec293af88ab330dd644a2, 8acd4bf9427eaf18a801db3f2508a2d89914d51d, 48e40e2cccb37c1f9c345014ca55c41bb8baee66, b7efb3a62fffa509e21d076aa2e75331c79fe36d, da06c60d1dfef826512068d09aed3b6a70b5e5c9, 71078b82164e36c893dc0764866e3783b1988fb4]
-sid: released (5.18.5-1)
-5.10-bullseye-security: released (5.10.127-1)
-4.19-buster-security: released (4.19.249-1)
-4.9-stretch-security: released (4.9.320-2)
diff --git a/active/CVE-2022-21166 b/active/CVE-2022-21166
deleted file mode 100644
index 7bf4511b..00000000
--- a/active/CVE-2022-21166
+++ /dev/null
@@ -1,20 +0,0 @@
-Description: Device Register Partial Write (DRPW)
-References:
- https://lwn.net/Articles/898011/
- https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_stale_data.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
- https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#DRPW
-Notes:
- carnil> Got fixed for stable series in 5.18.5, 5.15.48, 5.10.123,
- carnil> 5.4.199, 4.19.248, 4.14.284, and 4.9.319. The older series
- carnil> required some preparational commits as well not listed here
- carnil> though.
-Bugs:
-upstream: released (5.19-rc3) [4419470191386456e0b8ed4eb06a70b0021798a6, 51802186158c74a0304f51ab963e7c2b3a2b046f, f52ea6c26953fed339aa4eae717ee5c2133c7ff2, 8cb861e9e3c9a55099ad3d08e1a3b653d29c33ca, e5925fb867290ee924fcf2fe3ca887b792714366, 99a83db5a605137424e1efe29dc0573d6a5b6316, 8d50cdf8b8341770bc6367bce40c0c1bb0e1d5b3, 22cac9c677c95f3ac5c9244f8ca0afdc7c8afb19, a992b8a4682f119ae035a01b40d4d0665c4a2875, 027bbb884be006b05d9c577d6401686053aa789e, 1dc6ff02c8bf77d71b9b5d11cbc9df77cfb28626]
-5.10-upstream-stable: released (5.10.123) [f8a85334a57e7842320476ff27be3a5f151da364, e66310bc96b74ed3df9993e5d835ef3084d62048, f83d4e5be4a3955a6c8af61ecec0934d0ece40c0, 26f6f231f6a5a79ccc274967939b22602dec76e8, 56f0bca5e9c8456b7bb7089cbb6de866a9ba6da9, 3eb1180564fa0ecedc33b44029da7687c0a9fbf5, 001415e4e626403c9ff35f2498feb0021d0c8328, cf1c01a5e4c3e269b9211ae2ef0a57f8c9474bfc, 6df693dca31218f76c63b6fd4aa7b7db3bd6e049, bde15fdcce44956278b4f50680b7363ca126ffb9, aa238a92cc94a15812c0de4adade86ba8f22707a]
-4.19-upstream-stable: released (4.19.248) [2bb1c263b6797e2701a5f4ffe503a8ce15c0167e, 9277b11cafd0472db9e7d634de52d7c5d8d25462, d03de576a604899741a0ebadcfe2a4a19ee53ba3, 9f2ce43ebc33713ba02a89a66bd5f93c2f3a82cf, 54974c8714283feb5bf64df3bfe0f44267db5a3c, 8b42145e8c9903d4805651e08f4fca628e166642, f2983fbba1cccac611d4966277f0336374fad0be, 3ecb6dbad25b448ed8240f0ec2c7a8ff5155b7ea, 0e94464009ee37217a7e450c96ea1f8d42d3a6b5, e0d1437042f0b491bf2cb7880628b0bd7783f80d, 0255c936bfaa1887f7043b995f1c9e1049bb25f1]
-4.9-upstream-stable: released (4.9.319) [63c10e92b86a6cddd5294cda9f80eb7961cb1046, 19aa53c9eb2cf3a78ee44800e20bb34babe60f45, 91ab1073814aa5d44fb3d8e2423ffdc61a421cac, a11f2f05f5c605d1f6573b0cdcd2a6f38667fda1, 5da4d16872d3d15dac54b5a6f83f54e28bc3a477, 6ecdbc9dc777a5b66a9ec293af88ab330dd644a2, 8acd4bf9427eaf18a801db3f2508a2d89914d51d, 48e40e2cccb37c1f9c345014ca55c41bb8baee66, b7efb3a62fffa509e21d076aa2e75331c79fe36d, da06c60d1dfef826512068d09aed3b6a70b5e5c9, 71078b82164e36c893dc0764866e3783b1988fb4]
-sid: released (5.18.5-1)
-5.10-bullseye-security: released (5.10.127-1)
-4.19-buster-security: released (4.19.249-1)
-4.9-stretch-security: released (4.9.320-2)
author	Salvatore Bonaccorso <carnil@debian.org>	2022-07-09 09:17:00 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-07-09 09:17:00 +0200
commit	1d7ab5b770f647285a30a7beb8b89849d90a7239 (patch)
tree	b2ecf3a6324dfefc0c411817cf3bcdfd369ca30c /active
parent	84f20296db7ee0ec1846e790ad100c292c93a1b7 (diff)