diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2022-02-25 03:01:20 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2022-02-25 03:01:20 +0100 |
commit | 48a9a9513a23b164588f78f42c492b1d05b462d2 (patch) | |
tree | 5a8d9581beb8035904ea135a82faa0e245cae9ea /active | |
parent | 322eaf84fa0d24cdfa4acc99ff4a8d5635ab0654 (diff) |
Retire inactive issues
Diffstat (limited to 'active')
-rw-r--r-- | active/CVE-2020-26556 | 17 | ||||
-rw-r--r-- | active/CVE-2020-26557 | 16 | ||||
-rw-r--r-- | active/CVE-2020-26559 | 16 | ||||
-rw-r--r-- | active/CVE-2020-26560 | 16 | ||||
-rw-r--r-- | active/CVE-2021-4148 | 19 | ||||
-rw-r--r-- | active/CVE-2021-4150 | 17 | ||||
-rw-r--r-- | active/CVE-2021-4218 | 17 | ||||
-rw-r--r-- | active/CVE-2022-0382 | 15 | ||||
-rw-r--r-- | active/CVE-2022-0480 | 15 | ||||
-rw-r--r-- | active/CVE-2022-0646 | 15 | ||||
-rw-r--r-- | active/CVE-2022-25265 | 16 |
11 files changed, 0 insertions, 179 deletions
diff --git a/active/CVE-2020-26556 b/active/CVE-2020-26556 deleted file mode 100644 index 60be7fc6..00000000 --- a/active/CVE-2020-26556 +++ /dev/null @@ -1,17 +0,0 @@ -Description: malleable commitment Bluetooth Mesh Provisioning -References: - https://kb.cert.org/vuls/id/799380 - https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/malleable/ - https://bugzilla.redhat.com/show_bug.cgi?id=1960012 -Notes: - bwh> Mesh provisioning seems to be handled in user-space. - bwh> This was addressed in bluez 5.50-1.1. -Bugs: -upstream: N/A "Not implemented in kernel" -5.10-upstream-stable: N/A "Not implemented in kernel" -4.19-upstream-stable: N/A "Not implemented in kernel" -4.9-upstream-stable: N/A "Not implemented in kernel" -sid: N/A "Not implemented in kernel" -5.10-bullseye-security: N/A "Not implemented in kernel" -4.19-buster-security: N/A "Not implemented in kernel" -4.9-stretch-security: N/A "Not implemented in kernel" diff --git a/active/CVE-2020-26557 b/active/CVE-2020-26557 deleted file mode 100644 index 4a86b8c4..00000000 --- a/active/CVE-2020-26557 +++ /dev/null @@ -1,16 +0,0 @@ -Description: predictable Authvalue in Bluetooth Mesh Provisioning Leads to MITM -References: - https://kb.cert.org/vuls/id/799380 - https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/predicatable-authvalue/ - https://bugzilla.redhat.com/show_bug.cgi?id=1960009 -Notes: - bwh> Mesh provisioning seems to be handled in user-space. -Bugs: -upstream: N/A "Not implemented in kernel" -5.10-upstream-stable: N/A "Not implemented in kernel" -4.19-upstream-stable: N/A "Not implemented in kernel" -4.9-upstream-stable: N/A "Not implemented in kernel" -sid: N/A "Not implemented in kernel" -5.10-bullseye-security: N/A "Not implemented in kernel" -4.19-buster-security: N/A "Not implemented in kernel" -4.9-stretch-security: N/A "Not implemented in kernel" diff --git a/active/CVE-2020-26559 b/active/CVE-2020-26559 deleted file mode 100644 index 3112e2b1..00000000 --- a/active/CVE-2020-26559 +++ /dev/null @@ -1,16 +0,0 @@ -Description: Authvalue leak in Bluetooth Mesh Provisioning -References: - https://kb.cert.org/vuls/id/799380 - https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/authvalue-leak/ - https://bugzilla.redhat.com/show_bug.cgi?id=1960011 -Notes: - bwh> Mesh provisioning seems to be handled in user-space. -Bugs: -upstream: N/A "Not implemented in kernel" -5.10-upstream-stable: N/A "Not implemented in kernel" -4.19-upstream-stable: N/A "Not implemented in kernel" -4.9-upstream-stable: N/A "Not implemented in kernel" -sid: N/A "Not implemented in kernel" -5.10-bullseye-security: N/A "Not implemented in kernel" -4.19-buster-security: N/A "Not implemented in kernel" -4.9-stretch-security: N/A "Not implemented in kernel" diff --git a/active/CVE-2020-26560 b/active/CVE-2020-26560 deleted file mode 100644 index be0abd40..00000000 --- a/active/CVE-2020-26560 +++ /dev/null @@ -1,16 +0,0 @@ -Description: impersonation attack in Bluetooth Mesh Provisioning -References: - https://kb.cert.org/vuls/id/799380 - https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/impersonation-mesh/ - https://bugzilla.redhat.com/show_bug.cgi?id=1959994 -Notes: - bwh> Mesh provisioning seems to be handled in user-space. -Bugs: -upstream: N/A "Not implemented in kernel" -5.10-upstream-stable: N/A "Not implemented in kernel" -4.19-upstream-stable: N/A "Not implemented in kernel" -4.9-upstream-stable: N/A "Not implemented in kernel" -sid: N/A "Not implemented in kernel" -5.10-bullseye-security: N/A "Not implemented in kernel" -4.19-buster-security: N/A "Not implemented in kernel" -4.9-stretch-security: N/A "Not implemented in kernel" diff --git a/active/CVE-2021-4148 b/active/CVE-2021-4148 deleted file mode 100644 index 90eddbb5..00000000 --- a/active/CVE-2021-4148 +++ /dev/null @@ -1,19 +0,0 @@ -Description: mm: Opening THP-backed special file for write causes crash in block_invalidatepage() -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2026487 - https://lkml.org/lkml/2021/9/17/1037 - https://lkml.org/lkml/2021/9/12/323 - https://lore.kernel.org/linux-mm/a07564a3-b2fc-9ffe-3ace-3f276075ea5c@google.com/ - https://lore.kernel.org/lkml/CACkBjsYwLYLRmX8GpsDpMthagWOjWWrNxqY6ZLNQVr6yx+f5vA@mail.gmail.com/ -Notes: - bwh> Introduced in 5.4 by commit 99cb0dbd47a1 "mm,thp: add read-only THP - bwh> support for (non-shmem) FS". -Bugs: -upstream: released (5.15) [a4aeaa06d45e90f9b279f0b09de84bd00006e733] -5.10-upstream-stable: released (5.10.78) [6d67b2a73b8e3a079c355bab3c1aef7d85a044b8] -4.19-upstream-stable: N/A "Vulnerable code not present" -4.9-upstream-stable: N/A "Vulnerable code not present" -sid: released (5.14.16-1) -5.10-bullseye-security: released (5.10.84-1) -4.19-buster-security: N/A "Vulnerable code not present" -4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-4150 b/active/CVE-2021-4150 deleted file mode 100644 index 588d6073..00000000 --- a/active/CVE-2021-4150 +++ /dev/null @@ -1,17 +0,0 @@ -Description: Block subsystem mishandles reference counts -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2025938 - https://lkml.org/lkml/2021/9/6/781 - https://lkml.org/lkml/2021/10/18/485 -Notes: - bwh> Introduced in 5.15-rc1 by commit 9d3b8813895d "block: change the - bwh> refcounting for partitions", so never appeared in a stable release. -Bugs: -upstream: released (5.15-rc7) [9fbfabfda25d8774c5a08634fdd2da000a924890] -5.10-upstream-stable: N/A "Vulnerability introduced later" -4.19-upstream-stable: N/A "Vulnerability introduced later" -4.9-upstream-stable: N/A "Vulnerability introduced later" -sid: N/A "Vulnerability introduced and fixed in experimental" -5.10-bullseye-security: N/A "Vulnerability introduced later" -4.19-buster-security: N/A "Vulnerability introduced later" -4.9-stretch-security: N/A "Vulnerability introduced later" diff --git a/active/CVE-2021-4218 b/active/CVE-2021-4218 deleted file mode 100644 index 12445f6a..00000000 --- a/active/CVE-2021-4218 +++ /dev/null @@ -1,17 +0,0 @@ -Description: xprtrdma: Wrong copy function used in sysctl handler -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2048359 - https://bugs.centos.org/view.php?id=18395 -Notes: - bwh> This issue is specific to CentOS/RHEL. In mainline, - bwh> xprtrdma always used copy_to_user() until the general - bwh> conversion of sysctls to use a kernel buffer. -Bugs: -upstream: N/A "Vulnerability never present" -5.10-upstream-stable: N/A "Vulnerability never present" -4.19-upstream-stable: N/A "Vulnerability never present" -4.9-upstream-stable: N/A "Vulnerability never present" -sid: N/A "Vulnerability never present" -5.10-bullseye-security: N/A "Vulnerability never present" -4.19-buster-security: N/A "Vulnerability never present" -4.9-stretch-security: N/A "Vulnerability never present" diff --git a/active/CVE-2022-0382 b/active/CVE-2022-0382 deleted file mode 100644 index 102b3dc4..00000000 --- a/active/CVE-2022-0382 +++ /dev/null @@ -1,15 +0,0 @@ -Description: net ticp:fix a kernel-infoleak in __tipc_sendmsg() -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2046440 -Notes: - bwh> Introduced in 5.13-rc1 by commit 908148bc5046 - bwh> "tipc: refactor tipc_sendmsg() and tipc_lookup_anycast()". -Bugs: -upstream: released (5.16) [d6d86830705f173fca6087a3e67ceaf68db80523] -5.10-upstream-stable: N/A "Vulnerability introduced later" -4.19-upstream-stable: N/A "Vulnerability introduced later" -4.9-upstream-stable: N/A "Vulnerability introduced later" -sid: released (5.15.15-1) -5.10-bullseye-security: N/A "Vulnerability introduced later" -4.19-buster-security: N/A "Vulnerability introduced later" -4.9-stretch-security: N/A "Vulnerability introduced later" diff --git a/active/CVE-2022-0480 b/active/CVE-2022-0480 deleted file mode 100644 index 1a5cebfb..00000000 --- a/active/CVE-2022-0480 +++ /dev/null @@ -1,15 +0,0 @@ -Description: memcg: enable accounting for file lock caches -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2049700 - https://github.com/kata-containers/kata-containers/issues/3373 - https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm@linux-foundation.org/ -Notes: -Bugs: -upstream: released (5.15-rc1) [0f12156dff2862ac54235fc72703f18770769042] -5.10-upstream-stable: ignored "Minor issue" -4.19-upstream-stable: ignored "Minor issue" -4.9-upstream-stable: ignored "Minor issue" -sid: released (5.15.3-1) -5.10-bullseye-security: ignored "Minor issue" -4.19-buster-security: ignored "Minor issue" -4.9-stretch-security: ignored "Minor issue" diff --git a/active/CVE-2022-0646 b/active/CVE-2022-0646 deleted file mode 100644 index fa793b06..00000000 --- a/active/CVE-2022-0646 +++ /dev/null @@ -1,15 +0,0 @@ -Description: mctp: serial: Cancel pending work from ndo_uninit handler -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2055206 - https://lore.kernel.org/all/20220211011552.1861886-1-jk@codeconstruct.com.au/T/ -Notes: - bwh> This driver was only added in 5.17-rc1! -Bugs: -upstream: released (5.17-rc5) [6c342ce2239c182c2428ce5a44cb32330434ae6e] -5.10-upstream-stable: N/A "Vulnerable code not present" -4.19-upstream-stable: N/A "Vulnerable code not present" -4.9-upstream-stable: N/A "Vulnerable code not present" -sid: N/A "Vulnerable code not present" -5.10-bullseye-security: N/A "Vulnerable code not present" -4.19-buster-security: N/A "Vulnerable code not present" -4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2022-25265 b/active/CVE-2022-25265 deleted file mode 100644 index 8e6b64d2..00000000 --- a/active/CVE-2022-25265 +++ /dev/null @@ -1,16 +0,0 @@ -Description: x86: Old ELF binaries run with executable stack and data segment -References: - https://github.com/x0reaxeax/exec-prot-bypass - https://github.com/torvalds/linux/blob/1c33bb0507508af24fd754dd7123bd8e997fab2f/arch/x86/include/asm/elf.h#L281-L294 -Notes: - bwh> This is necessary backward compatibility and can be disabled - bwh> through an LSM if wanted. -Bugs: -upstream: ignored "Not a security flaw" -5.10-upstream-stable: ignored "Not a security flaw" -4.19-upstream-stable: ignored "Not a security flaw" -4.9-upstream-stable: ignored "Not a security flaw" -sid: ignored "Not a security flaw" -5.10-bullseye-security: ignored "Not a security flaw" -4.19-buster-security: ignored "Not a security flaw" -4.9-stretch-security: ignored "Not a security flaw" |