diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2022-03-25 20:49:54 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-03-25 20:49:54 +0100 |
commit | 799d3c586b6df4d41fccd5fc2ff796a087c26329 (patch) | |
tree | 58859fea1691e870e5406a47cbb0c08c1e4582e6 /active | |
parent | e3e90ffdadf6bb9b0e7ff277a38879d594f49edd (diff) |
Retire several CVEs
Diffstat (limited to 'active')
56 files changed, 0 insertions, 902 deletions
diff --git a/active/CVE-2020-29374 b/active/CVE-2020-29374 deleted file mode 100644 index 888e85ea..00000000 --- a/active/CVE-2020-29374 +++ /dev/null @@ -1,19 +0,0 @@ -Description: gup: document and work around "COW can break either way" issue -References: - https://bugs.chromium.org/p/project-zero/issues/detail?id=2045 - https://lore.kernel.org/stable/20210401182125.171484-1-surenb@google.com/ - https://lore.kernel.org/stable/20211012015244.693594-1-surenb@google.com/ -Notes: - bwh> The issue is said to go back to "2.x kernels" - carnil> The backport for 4.9.y got reverted in 4.9.298, cf. - carnil> 6fbb8383884f2c89f4c7e2c8603b5ed1b90b815f, and then followed by - carnil> 0c29640bdecad332b9e2b884217c159f4aeb2556. -Bugs: -upstream: released (5.8-rc1) [17839856fd588f4ab6b789f482ed3ffd7c403e1f] -5.10-upstream-stable: N/A "Fixed before branch point" -4.19-upstream-stable: released (4.19.189) [5e24029791e809d641e9ea46a1f99806484e53fc], released (4.19.226) [294c7a9fb608c29a9e49010b515228e20ccbec8f] -4.9-upstream-stable: released (4.9.298) [0c29640bdecad332b9e2b884217c159f4aeb2556] -sid: released (5.7.6-1) -5.10-bullseye-security: N/A "Fixed before branching point" -4.19-buster-security: released (4.19.194-1), released (4.19.232-1) -4.9-stretch-security: released (4.9.272-1) [bugfix/all/gup-document-and-work-around-cow-can-break-either-wa.patch] diff --git a/active/CVE-2020-36322 b/active/CVE-2020-36322 deleted file mode 100644 index 5aa1831c..00000000 --- a/active/CVE-2020-36322 +++ /dev/null @@ -1,16 +0,0 @@ -Description: fuse: fix bad inode -References: -Notes: - carnil> Note that this CVE relates as well to CVE-2021-28950, which is - carnil> assigned because of an initial incomplete fix for this CVE. - bwh> Commit message says this bug has been present since the - bwh> introduction of fuse. -Bugs: -upstream: released (5.11-rc1) [5d069dbe8aaf2a197142558b6fb2978189ba3454] -5.10-upstream-stable: released (5.10.6) [36cf9ae54b0ead0daab7701a994de3dcd9ef605d] -4.19-upstream-stable: released (4.19.226) [1e1bb4933f1faafc68db8e0ecd5838a65dd1aae9] -4.9-upstream-stable: released (4.9.298) [3a2f8823aa565cc67bdd00c4cd5e1d8ad81e8436] -sid: released (5.10.9-1) -5.10-bullseye-security: N/A "Fixed before branching point" -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.272-1) [bugfix/all/fuse-fix-bad-inode.patch] diff --git a/active/CVE-2021-20317 b/active/CVE-2021-20317 deleted file mode 100644 index 44ec6985..00000000 --- a/active/CVE-2021-20317 +++ /dev/null @@ -1,17 +0,0 @@ -Description: lib/timerqueue: Rely on rbtree semantics for next timer -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2005258 -Notes: - bwh> It's not totally clear what the bug is, but the code in 4.9 is - bwh> similar enough to 4.19 that I think it must also be affected. - bwh> For 4.9, commit cd9e61ed1eeb "rbtree: cache leftmost node internally" - bwh> needs to be applied first. -Bugs: -upstream: released (5.4-rc1) [511885d7061eda3eb1faf3f57dcc936ff75863f1] -5.10-upstream-stable: N/A "Fixed before branching point" -4.19-upstream-stable: released (4.19.210) [b9a1ac8e7c03fd09992352c7fb1a61cbbb9ad52b] -4.9-upstream-stable: released (4.9.298) [ef2e64035f074bfeef14c28347aaec0b486a9e9f] -sid: released (5.4.6-1) -5.10-bullseye-security: N/A "Fixed before branching point" -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.290-1) [bugfix/all/lib-timerqueue-rely-on-rbtree-semantics-for-next-tim.patch] diff --git a/active/CVE-2021-20321 b/active/CVE-2021-20321 deleted file mode 100644 index ecbcf558..00000000 --- a/active/CVE-2021-20321 +++ /dev/null @@ -1,13 +0,0 @@ -Description: ovl: fix missing negative dentry check in ovl_rename() -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2013242 -Notes: -Bugs: -upstream: released (5.15-rc5) [a295aef603e109a47af355477326bd41151765b6] -5.10-upstream-stable: released (5.10.73) [9763ffd4da217adfcbdcd519e9f434dfa3952fc3] -4.19-upstream-stable: released (4.19.211) [9d4969d8b5073d02059bae3f1b8d9a20cf023c55] -4.9-upstream-stable: released (4.9.287) [286f94453fb34f7bd6b696861c89f9a13f498721] -sid: released (5.14.12-1) -5.10-bullseye-security: released (5.10.84-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.290-1) diff --git a/active/CVE-2021-20322 b/active/CVE-2021-20322 deleted file mode 100644 index d5917886..00000000 --- a/active/CVE-2021-20322 +++ /dev/null @@ -1,27 +0,0 @@ -Description: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2014230 - https://lore.kernel.org/stable/YXwNmcIcmOYTRhG2@kroah.com/T/#m0104263473be2806725abb19a30d6288da622898 -Notes: - carnil> Backports for 4.19.y and 4.9.y seems incomplete for the time - carnil> beeing and only have the "ipv4: make exception cache less - carnil> predictible" patch. - bwh> Introduced for ipv4 in 3.6 by commit 4895c771c7f0 "ipv4: Add FIB nexthop - bwh> exceptions." - bwh> Introduced For ipv6 in 4.15 by commits 35732d01fe31 "ipv6: introduce a - bwh> hash table to store dst cache" and 2b760fcf5cfb "ipv6: hook up exception - bwh> table to store dst cache". - bwh> So for the 4.9 branches only ipv4 needs to be fixed. - carnil> For 4.19.y additionally required - carnil> ipv4: use siphash instead of Jenkins in fnhe_hashfun() - carnil> ipv6: use siphash in rt6_exception_hash() - carnil> ipv6: make exception cache less predictible -Bugs: -upstream: released (5.14) [4785305c05b25a242e5314cc821f54ade4c18810, 6457378fe796815c973f631a1904e147d6ee33b1], released (5.15-rc1) [a00df2caffed3883c341d5685f830434312e4a43, 67d6d681e15b578c1725bad8ad079e05d1c48a8e] -5.10-upstream-stable: released (5.10.62) ]dced8347a727528b388f04820f48166f1e651af6, beefd5f0c63a31a83bc5a99e6888af884745684b], released (5.10.65) [8692f0bb29927d13a871b198adff1d336a8d2d00, 5867e20e1808acd0c832ddea2587e5ee49813874] -4.19-upstream-stable: released (4.19.207) [3e6bd2b583f18da9856fc9741ffa200a74a52cba], released (4.19.215) [6e2856767eb1a9cfcfcd82136928037f04920e97, ad829847ad59af8e26a1f1c345716099abbc7a58, c6d0d68d6da68159948cad3d808d61bb291a0283] -4.9-upstream-stable: released (4.9.283) [f10ce783bcc4d8ea454563a7d56ae781640e7dcb] -sid: released (5.14.6-1) -5.10-bullseye-security: released (5.10.70-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.290-1) diff --git a/active/CVE-2021-28711 b/active/CVE-2021-28711 deleted file mode 100644 index d5df5134..00000000 --- a/active/CVE-2021-28711 +++ /dev/null @@ -1,15 +0,0 @@ -Description: Rogue backends can cause DoS of guests via high frequency events (blkfront) -References: - https://xenbits.xen.org/xsa/advisory-391.html - https://xenbits.xen.org/xsa/xsa391-linux-1.patch -Notes: - carnil> Fixed as well in 5.15.11 for 5.15.y. -Bugs: -upstream: released (5.16-rc7) [0fd08a34e8e3b67ec9bd8287ac0facf8374b844a] -5.10-upstream-stable: released (5.10.88) [8ac3b6ee7c9ff2df7c99624bb1235e2e55623825] -4.19-upstream-stable: released (4.19.222) [269d7124bcfad2558d2329d0fe603ca20b20d3f4] -4.9-upstream-stable: released (4.9.294) [25898389795bd85d8e1520c0c75c3ad906c17da7] -sid: released (5.15.15-1) -5.10-bullseye-security: released (5.10.92-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2021-28712 b/active/CVE-2021-28712 deleted file mode 100644 index de8b6230..00000000 --- a/active/CVE-2021-28712 +++ /dev/null @@ -1,15 +0,0 @@ -Description: Rogue backends can cause DoS of guests via high frequency events (netfront) -References: - https://xenbits.xen.org/xsa/advisory-391.html - https://xenbits.xen.org/xsa/xsa391-linux-2.patch -Notes: - carnil> Fixed as well in 5.15.11 for 5.15.y. -Bugs: -upstream: released (5.16-rc7) [b27d47950e481f292c0a5ad57357edb9d95d03ba] -5.10-upstream-stable: released (5.10.88) [d31b3379179d64724d3bbfa87bd4ada94e3237de] -4.19-upstream-stable: released (4.19.222) [3559ca594f15fcd23ed10c0056d40d71e5dab8e5] -4.9-upstream-stable: released (4.9.294) [99120c8230fdd5e8b72a6e4162db9e1c0a61954a] -sid: released (5.15.15-1) -5.10-bullseye-security: released (5.10.92-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2021-28713 b/active/CVE-2021-28713 deleted file mode 100644 index 84225079..00000000 --- a/active/CVE-2021-28713 +++ /dev/null @@ -1,15 +0,0 @@ -Description: Rogue backends can cause DoS of guests via high frequency events (hvc_xen (console)) -References: - https://xenbits.xen.org/xsa/advisory-391.html - https://xenbits.xen.org/xsa/xsa391-linux-3.patch -Notes: - carnil> For 5.15.y fixed as well in 5.15.11. -Bugs: -upstream: released (5.16-rc7) [fe415186b43df0db1f17fa3a46275fd92107fe71] -5.10-upstream-stable: released (5.10.88) [8fa3a370cc2af858a9ba662ca4f2bd0917550563] -4.19-upstream-stable: released (4.19.222) [57e46acb3b48ea4e8efb1e1bea2e89e0c6cc43e2] -4.9-upstream-stable: released (4.9.294) [728389c21176b2095fa58e858d5ef1d2f2aac429] -sid: released (5.15.15-1) -5.10-bullseye-security: released (5.10.92-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2021-28714 b/active/CVE-2021-28714 deleted file mode 100644 index d6d8c567..00000000 --- a/active/CVE-2021-28714 +++ /dev/null @@ -1,17 +0,0 @@ -Description: Guest can force Linux netback driver to hog large amounts of kernel memory -References: - https://xenbits.xen.org/xsa/advisory-392.html - https://xenbits.xen.org/xsa/xsa392-linux-1.patch -Notes: - carnil> Commit fixes 1d5d48523900 ("xen-netback: require fewer guest Rx - carnil> slots when not using GSO") in 4.3-rc1. - carnil> Fixed as well in 5.15.11 for 5.15.y. -Bugs: -upstream: released (5.16-rc7) [6032046ec4b70176d247a71836186d47b25d1684] -5.10-upstream-stable: released (5.10.88) [525875c410df5d876b9615c44885ca7640aed6f2] -4.19-upstream-stable: released (4.19.222) [1de7644eac41981817fb66b74e0f82ca4477dc9d] -4.9-upstream-stable: released (4.9.294) [1f66dc775092e5a353e0155fc3aca5dabce77c63] -sid: released (5.15.15-1) -5.10-bullseye-security: released (5.10.92-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2021-28715 b/active/CVE-2021-28715 deleted file mode 100644 index 27309792..00000000 --- a/active/CVE-2021-28715 +++ /dev/null @@ -1,17 +0,0 @@ -Description: Guest can force Linux netback driver to hog large amounts of kernel memory -References: - https://xenbits.xen.org/xsa/advisory-392.html - https://xenbits.xen.org/xsa/xsa392-linux-2.patch -Notes: - carnil> Commit fixes f48da8b14d04 ("xen-netback: fix unlimited guest Rx - carnil> internal queue and carrier flapping"). - carnil> For 5.15.y fixed as well in 5.15.11. -Bugs: -upstream: released (5.16-rc7) [be81992f9086b230623ae3ebbc85ecee4d00a3d3] -5.10-upstream-stable: released (5.10.88) [88f20cccbeec9a5e83621df5cc2453b5081454dc] -4.19-upstream-stable: released (4.19.222) [c9f17e92917fd5786be872626a3928979ecc4c39] -4.9-upstream-stable: released (4.9.294) [b4226b387436315e7f57465c15335f4f4b5b075d] -sid: released (5.15.15-1) -5.10-bullseye-security: released (5.10.92-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2021-28950 b/active/CVE-2021-28950 deleted file mode 100644 index 18e926a5..00000000 --- a/active/CVE-2021-28950 +++ /dev/null @@ -1,18 +0,0 @@ -Description: fuse: fix live lock in fuse_iget() -References: -Notes: - carnil> Commit fixes 5d069dbe8aaf ("fuse: fix bad inode") which is only - carnil> present in 5.4.88, 5.10.6 and 5.11-rc1 so might not affect - carnil> older versions. - bwh> Commit 5d069dbe8aaf "fuse: fix bad inode" fixed another DoS issue, - bwh> so we'll need to backport both of them. - carnil> The 5d069dbe8aaf "fuse: fix bad inode" is CVE-2020-36322. -Bugs: -upstream: released (5.12-rc4) [775c5033a0d164622d9d10dd0f0a5531639ed3ed] -5.10-upstream-stable: released (5.10.25) [d955f13ea2120269319d6133d0dd82b66d1eeca3] -4.19-upstream-stable: released (4.19.226) [8a8908cb82568c71b672e83d834e8b59ccf75f8e] -4.9-upstream-stable: released (4.9.298) [fde32bbe9a540af28579da6480fc55cc50099ece] -sid: released (5.10.24-1) [bugfix/all/fuse-fix-live-lock-in-fuse_iget.patch] -5.10-bullseye-security: N/A "Fixed before branching point" -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.272-1) [bugfix/all/fuse-fix-live-lock-in-fuse_iget.patch] diff --git a/active/CVE-2021-29264 b/active/CVE-2021-29264 deleted file mode 100644 index 14e831ba..00000000 --- a/active/CVE-2021-29264 +++ /dev/null @@ -1,15 +0,0 @@ -Description: gianfar: fix jumbo packets+napi+rx overrun crash -References: -Notes: - bwh> Introduced in 4.8 by commit 6c389fc931bc "gianfar: fix size of - bwh> scatter-gathered frames". - bwh> Driver is not enabled by any Debian official config. -Bugs: -upstream: released (5.12-rc3) [d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f] -5.10-upstream-stable: released (5.10.27) [b8bfda6e08b8a419097eea5a8e57671bc36f9939] -4.19-upstream-stable: released (4.19.184) [9943741c2792a7f1d091aad38f496ed6eb7681c4] -4.9-upstream-stable: released (4.9.298) [2cf34285e6eac396a180762c5504e2911df88c9a] -sid: released (5.10.28-1) -5.10-bullseye-security: N/A "Fixed before branching point" -4.19-buster-security: released (4.19.194-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2021-33033 b/active/CVE-2021-33033 deleted file mode 100644 index ce1e7319..00000000 --- a/active/CVE-2021-33033 +++ /dev/null @@ -1,22 +0,0 @@ -Description: cipso,calipso: resolve a number of problems with the DOI refcounts -References: - https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-cipso_v4_genopt - https://syzkaller.appspot.com/bug?id=96e7d345748d8814901c91cd92084ed04b46701e -Notes: - carnil> First commit required landed in 4.19.181, 5.10.24, 5.12-rc3. - carnil> Second one in 4.19.187, 5.10.30, 5.12-rc7. - bwh> The "second commit" in ieee802154 (1165affd4848) is fixing a - bwh> totally different issue. These components are part of Netlabel - bwh> which was only enabled by Debian official configs since version - bwh> 5.6.7-1. - carnil> The "second comit" is indeed a completely different issue, and - carnil> got CVE-2021-3659 assigned. -Bugs: -upstream: released (5.12-rc7) [ad5d07f4a9cd671233ae20983848874731102c08] -5.10-upstream-stable: released (5.10.24) [85178d76febd30a745b7d947dbd9751919d0fa5b] -4.19-upstream-stable: released (4.19.181) [a44af1c69737f9e64d5134c34eb9d5c4c2e04da1] -4.9-upstream-stable: released (4.9.298) [f49f0e65a95664b648e058aa923f651ec08dfeb7] -sid: released (5.10.24-1) -5.10-bullseye-security: N/A "Fixed before branching point" -4.19-buster-security: released (4.19.181-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2021-3640 b/active/CVE-2021-3640 deleted file mode 100644 index 9442849a..00000000 --- a/active/CVE-2021-3640 +++ /dev/null @@ -1,22 +0,0 @@ -Description: UAF in sco_send_frame function -References: - https://www.openwall.com/lists/oss-security/2021/07/22/1 - https://bugzilla.suse.com/show_bug.cgi?id=1188172 - https://x-lore.kernel.org/all/883dc4b7-d1a1-3d31-a5a8-8fa1791084b6@i-love.sakura.ne.jp/ -Notes: - carnil> Prerequisites before the "last piece for fixing CVE-2021-3640" - carnil> are e04480920d1e ("Bluetooth: defer cleanup of resources in - carnil> hci_unregister_dev()") and 734bc5ff7831 ("Bluetooth: avoid - carnil> circular locks in sco_sock_connect"), ba316be1b6a0 ("Bluetooth: - carnil> schedule SCO timeouts with delayed_work"), 27c24fda62b6 - carnil> ("Bluetooth: switch to lock_sock in SCO") - carnil> For 5.15.y fixed as well in 5.15.3 -Bugs: -upstream: released (5.16-rc1) [99c23da0eed4fd20cae8243f2b51e10e66aa0951] -5.10-upstream-stable: released (5.10.80) [4dfba42604f08a505f1a1efc69ec5207ea6243de] -4.19-upstream-stable: released (4.19.218) [c1c913f797f3d2441310182ad75b7bd855a327ff] -4.9-upstream-stable: released (4.9.291) [9bbe312ebea40c9b586c2b07a0d0948ff418beca] -sid: released (5.15.3-1) -5.10-bullseye-security: released (5.10.84-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2021-3744 b/active/CVE-2021-3744 deleted file mode 100644 index 47438db1..00000000 --- a/active/CVE-2021-3744 +++ /dev/null @@ -1,16 +0,0 @@ -Description: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2000627 - https://www.openwall.com/lists/oss-security/2021/09/14/1 -Notes: - bwh> Introduced in 4.12 by commit 36cf515b9bbe "crypto: ccp - Enable support - bwh> for AES GCM on v5 CCPs". -Bugs: -upstream: released (5.15-rc4) [505d9dcb0f7ddf9d075e729523a33d38642ae680] -5.10-upstream-stable: released (5.10.71) [17ccc64e4fa5d3673528474bfeda814d95dc600a] -4.19-upstream-stable: released (4.19.209) [710be7c42d2f724869e5b18b21998ceddaffc4a9] -4.9-upstream-stable: N/A "Vulnerability introduced later" -sid: released (5.14.12-1) -5.10-bullseye-security: released (5.10.84-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: N/A "Vulnerability introduced later" diff --git a/active/CVE-2021-3752 b/active/CVE-2021-3752 deleted file mode 100644 index dd73c677..00000000 --- a/active/CVE-2021-3752 +++ /dev/null @@ -1,18 +0,0 @@ -Description: UAF in bluetooth -References: - https://www.openwall.com/lists/oss-security/2021/09/15/4 - https://bugzilla.suse.com/show_bug.cgi?id=1190023 - https://lore.kernel.org/lkml/20210714031733.1395549-1-bobo.shaobowang@huawei.com/ -Notes: - carnil> With the presence of 3af70b39fa2d ("Bluetooth: check for zapped - carnil> sk before connecting") in 5.13-rc1 (and 5.10.38, 4.19.191) this - carnil> bug is not easy to trigger itself. -Bugs: -upstream: released (5.16-rc1) [1bff51ea59a9afb67d2dd78518ab0582a54a472c] -5.10-upstream-stable: released (5.10.80) [c10465f6d6208db2e45a6dac1db312b9589b2583] -4.19-upstream-stable: released (4.19.218) [72bb30165337b7bce77578ad151fbfab6c8e693c] -4.9-upstream-stable: released (4.9.291) [d19ea7da0eeb61be28ec05d8b8bddec3dde71610] -sid: released (5.15.3-1) -5.10-bullseye-security: released (5.10.84-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2021-3760 b/active/CVE-2021-3760 deleted file mode 100644 index fbf47f7e..00000000 --- a/active/CVE-2021-3760 +++ /dev/null @@ -1,18 +0,0 @@ -Description: nfc: nci: fix the UAF of rf_conn_info object -References: - https://www.openwall.com/lists/oss-security/2021/10/26/2 -Notes: - carnil> Fixed as well in 5.14.15 for 5.14.y. - bwh> Introduced in 4.0 by commits 12bdf27d46c9 "NFC: nci: Add reference to - bwh> the RF logical connection" and 15d4a8da0e44 "NFC: nci: Move logical - bwh> connection structure allocation". - carnil> CONFIG_NFC_NCI is not set in Debian. -Bugs: -upstream: released (5.15-rc6) [1b1499a817c90fd1ce9453a2c98d2a01cca0e775] -5.10-upstream-stable: released (5.10.76) [77c0ef979e32b8bc22f36a013bab77cd37e31530] -4.19-upstream-stable: released (4.19.214) [1ac0d736c8ae9b59ab44e4e80ad73c8fba5c6132] -4.9-upstream-stable: released (4.9.288) [8a44904ce83ebcb1281b04c8d37ad7f8ab537a3d] -sid: released (5.14.16-1) -5.10-bullseye-security: released (5.10.84-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.290-1) diff --git a/active/CVE-2021-3764 b/active/CVE-2021-3764 deleted file mode 100644 index 437f5019..00000000 --- a/active/CVE-2021-3764 +++ /dev/null @@ -1,16 +0,0 @@ -Description: DoS in ccp_run_aes_gcm_cmd() function -References: - https://bugzilla.redhat.com/show_bug.cgi?id=1997467 -Notes: - carnil> Patch for CVE-2021-3744 contains fix as well for this issue. - bwh> Introduced in 4.12 by commit 36cf515b9bbe "crypto: ccp - Enable support - bwh> for AES GCM on v5 CCPs". -Bugs: -upstream: released (5.15-rc4) [505d9dcb0f7ddf9d075e729523a33d38642ae680] -5.10-upstream-stable: released (5.10.71) [17ccc64e4fa5d3673528474bfeda814d95dc600a] -4.19-upstream-stable: released (4.19.209) [710be7c42d2f724869e5b18b21998ceddaffc4a9] -4.9-upstream-stable: N/A "Vulnerability introduced later" -sid: released (5.14.12-1) -5.10-bullseye-security: released (5.10.84-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: N/A "Vulnerability introduced later" diff --git a/active/CVE-2021-39685 b/active/CVE-2021-39685 deleted file mode 100644 index 5229b871..00000000 --- a/active/CVE-2021-39685 +++ /dev/null @@ -1,14 +0,0 @@ -Description: Linux Kernel USB Gadget buffer overflow -References: - https://www.openwall.com/lists/oss-security/2021/12/15/4 -Notes: - carnil> Fixed as well in 5.15.8 for 5.15.y. -Bugs: -upstream: released (5.16-rc5) [153a2d7e3350cc89d406ba2d35be8793a64c2038, 86ebbc11bb3f60908a51f3e41a17e3f477c2eaa3] -5.10-upstream-stable: released (5.10.85) [7193ad3e50e596ac2192531c58ba83b9e6d2444b, e4de8ca013f06ad4a0bf40420a291c23990e4131] -4.19-upstream-stable: released (4.19.221) [13e45e7a262dd96e8161823314679543048709b9, 32de5efd483db68f12233fbf63743a2d92f20ae4] -4.9-upstream-stable: released (4.9.293) [d2ca6859ea96c6d4c6ad3d6873a308a004882419, e4de8ca013f06ad4a0bf40420a291c23990e4131] -sid: released (5.15.5-2) [bugfix/all/USB-gadget-detect-too-big-endpoint-0-requests.patch, bugfix/all/USB-gadget-zero-allocate-endpoint-0-buffers.patch] -5.10-bullseye-security: released (5.10.92-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2021-39686 b/active/CVE-2021-39686 deleted file mode 100644 index 866327d4..00000000 --- a/active/CVE-2021-39686 +++ /dev/null @@ -1,13 +0,0 @@ -Description: -References: - https://source.android.com/security/bulletin/2022-03-01 -Notes: -Bugs: -upstream: released (5.16-rc1) [29bc22ac5e5bc63275e850f0c8fc549e3d0e306b, 52f88693378a58094c538662ba652aff0253c4fe, 4d5b5539742d2554591751b4248b0204d20dcc9d, c21a80ca0684ec2910344d72556c816cb8940c01] -5.10-upstream-stable: released (5.10.80) [bd9cea41ac6e08f615030dea28b23e12b7a2674f, 0d9f4ae7cd6f5283dd0e343265268c695ef592b0, afbec52fbce006a775edb21f87ccae713bc0e7d6], released (5.10.83) [4402cf0402526f7c5befa97481be13b131797838] -4.19-upstream-stable: released (4.19.218) [5d40061285b81a7e213dc9b37acc4a0545eedf32, e82f3f9638f17d58e9a217bce127e2376aefcb9d], released (4.19.219) [c3b9f29fca6682550d731c80745b421415c1e0af] -4.9-upstream-stable: released (4.9.291) [443fc43d2fdbf55be7aa86faae1f7655e761e683, 22d4a6dacee058b58640ef8109b0c8fc5d1b80e2], released (4.9.292) [404fb1097298690b1d7d1c59eab806bbdd757267] -sid: released (5.15.15-1) -5.10-bullseye-security: released (5.10.84-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2021-39698 b/active/CVE-2021-39698 deleted file mode 100644 index 1cd1d5fb..00000000 --- a/active/CVE-2021-39698 +++ /dev/null @@ -1,13 +0,0 @@ -Description: -References: - https://source.android.com/security/bulletin/2022-03-01 -Notes: -Bugs: -upstream: released (5.16-rc5) [42288cb44c4b5fff7653bc392b583a2b8bd6a8c0, a880b28a71e39013e357fd3adccd1d8a31bc69a8, 9537bae0da1f8d1e2361ab6d0479e8af7824e160, 363bee27e25804d8981dd1c025b4ad49dc39c530, 50252e4b5e989ce64555c7aef7516bdefc2fea72] -5.10-upstream-stable: released (5.10.85) [8e04c8397bf98235b1aa41153717de7a05e652a2, 9f3acee7eac8d8690134b09ba55e2c12164d24ae, fc2f636ffc446d8e9530e441897f877922269051, e4d19740bccab792f16c7ca6fd1f9aea06193cb2, 47ffefd88abfffe8a040bcc1dd0554d4ea6f7689] -4.19-upstream-stable: released (4.19.221) [8dd7c46a59756bdc29cb9783338b899cd3fb4b83, 32288f504035b6c359cc33ee615f74f14be2e38a, f226fdd855b7d9c1f2a6e878d82eb3e1fbc880e9, 580c7e023303ce3a187adcaa40868bfc740725d2, 321fba81ec034f88aea4898993c1bf15605c023f] -4.9-upstream-stable: released (4.9.293) [0e92a7e47a0411d5208990c83a3d200515e314e8, 0487ea896e62b5a90a81ac6e73c35e595d77f499, 5ecb4e93d70a21f3b7094029986ef0c3e321f56c] -sid: released (5.15.15-1) -5.10-bullseye-security: released (5.10.92-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2021-39714 b/active/CVE-2021-39714 deleted file mode 100644 index 52109ef2..00000000 --- a/active/CVE-2021-39714 +++ /dev/null @@ -1,16 +0,0 @@ -Description: -References: - https://source.android.com/security/bulletin/pixel/2022-03-01 -Notes: - carnil> ion driver removing from the tree in 5.11-rc1. Earlier the - carnil> affected code was removed with e3b914bc7eb6 ("staging: android: - carnil> ion: Drop ion_map_kernel interface") in 4.12-rc1. -Bugs: -upstream: released (4.12-rc1) [e3b914bc7eb6bcecc5b597ee6e31fc40442c291f] -5.10-upstream-stable: N/A "Fixed before branching point" -4.19-upstream-stable: N/A "Fixed before branching point" -4.9-upstream-stable: released (4.9.292) [16b34e53eaadda6cbb1f0452fd99700c44db23be] -sid: released (4.12.6-1) -5.10-bullseye-security: N/A "Fixed before branching point" -4.19-buster-security: N/A "Fixed before branching point" -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2021-4002 b/active/CVE-2021-4002 deleted file mode 100644 index 307fe96a..00000000 --- a/active/CVE-2021-4002 +++ /dev/null @@ -1,16 +0,0 @@ -Description: hugetlbfs: flush TLBs correctly after huge_pmd_unshare -References: - https://www.openwall.com/lists/oss-security/2021/11/25/1 -Notes: - carnil> For 5.16-rc1 onwards only additionally there is 13e4ad2ce8df - carnil> ("hugetlbfs: flush before unlock on - carnil> move_hugetlb_page_tables()") to be applied. -Bugs: -upstream: released (5.16-rc3) [a4a118f2eead1d6c49e00765de89878288d4b890] -5.10-upstream-stable: released (5.10.82) [40bc831ab5f630431010d1ff867390b07418a7ee] -4.19-upstream-stable: released (4.19.219) [b0313bc7f5fbb6beee327af39d818ffdc921821a] -4.9-upstream-stable: released (4.9.292) [8e80bf5d001594b037de04fb4fe89f34cfbcb3ba] -sid: released (5.15.5-1) -5.10-bullseye-security: released (5.10.84-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2021-4083 b/active/CVE-2021-4083 deleted file mode 100644 index 7bea8215..00000000 --- a/active/CVE-2021-4083 +++ /dev/null @@ -1,15 +0,0 @@ -Description: fget: check that the fd still exists after getting a ref to it -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2029923 - https://bugs.chromium.org/p/project-zero/issues/detail?id=2247 -Notes: - carnil> Fixed as weil in 5.15.7 for 5.15.y. -Bugs: -upstream: released (5.16-rc4) [054aa8d439b9185d4f5eb9a90282d1ce74772969] -5.10-upstream-stable: released (5.10.84) [4baba6ba56eb91a735a027f783cc4b9276b48d5b] -4.19-upstream-stable: released (4.19.220) [8bf31f9d9395b71af3ed33166a057cd3ec0c59da] -4.9-upstream-stable: released (4.9.292) [a043f5a600052dc93bc3d7a6a2c1592b6ee77482] -sid: released (5.15.5-2) [bugfix/all/fget-check-that-the-fd-still-exists-after-getting-a-.patch] -5.10-bullseye-security: released (5.10.84-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2021-4135 b/active/CVE-2021-4135 deleted file mode 100644 index afb593ef..00000000 --- a/active/CVE-2021-4135 +++ /dev/null @@ -1,17 +0,0 @@ -Description: netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2026786 -Notes: - carnil> Commit fixes 395cacb5f1a0 ("netdevsim: bpf: support fake map - carnil> offload") in 4.16-rc1. - carnil> Fixed as well in 5.15.11 for 5.15.y. - carnil> CONFIG_NETDEVSIM is not set is not set in Debian -Bugs: -upstream: released (5.16-rc6) [481221775d53d6215a6e5e9ce1cce6d2b4ab9a46] -5.10-upstream-stable: released (5.10.88) [1a34fb9e2bf3029f7c0882069d67ff69cbd645d8] -4.19-upstream-stable: released (4.19.222) [d861443c4dc88650eed113310d933bd593d37b23] -4.9-upstream-stable: N/A "Vulnerable code introduced later" -sid: released (5.15.15-1) -5.10-bullseye-security: released (5.10.92-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: N/A "Vulnerable code introduced later" diff --git a/active/CVE-2021-4155 b/active/CVE-2021-4155 deleted file mode 100644 index 932a7f33..00000000 --- a/active/CVE-2021-4155 +++ /dev/null @@ -1,15 +0,0 @@ -Description: xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2034813 - https://www.openwall.com/lists/oss-security/2022/01/10/1 -Notes: - carnil> Fixed as well in 5.15.14 for 5.15.y. -Bugs: -upstream: released (5.16) [983d8e60f50806f90534cc5373d0ce867e5aaf79] -5.10-upstream-stable: released (5.10.91) [16d8568378f9ee2d1e69216d39961aa72710209f] -4.19-upstream-stable: released (4.19.225) [1c3564fca0e7b8c9e96245a2cb35e198b036ee9a] -4.9-upstream-stable: released (4.9.297) [19e3d9a26f28f432ae89acec22ec47b2a72a502c] -sid: released (5.15.15-1) -5.10-bullseye-security: released (5.10.92-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2021-41864 b/active/CVE-2021-41864 deleted file mode 100644 index baa29594..00000000 --- a/active/CVE-2021-41864 +++ /dev/null @@ -1,17 +0,0 @@ -Description: bpf: Fix integer overflow in prealloc_elems_and_freelist() -References: - https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=30e29a9a2bc6a4888335a6ede968b75cd329657a - https://lore.kernel.org/bpf/728b238e-a481-eb50-98e9-b0f430ab01e7@gmail.com/ -Notes: - carnil> Commit fixes 557c0c6e7df8 ("bpf: convert stackmap to pre- - carnil> allocation"). - carnil> Fixed as well in 5.14.12 in the 5.14.y series. -Bugs: -upstream: released (5.15-rc5) [30e29a9a2bc6a4888335a6ede968b75cd329657a] -5.10-upstream-stable: released (5.10.73) [064faa8e8a9b50f5010c5aa5740e06d477677a89] -4.19-upstream-stable: released (4.19.211) [078cdd572408176a3900a6eb5a403db0da22f8e0] -4.9-upstream-stable: released (4.9.287) [4fd6663eb01bc3c73143cd27fefd7b8351bc6aa6] -sid: released (5.14.12-1) -5.10-bullseye-security: released (5.10.84-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.290-1) diff --git a/active/CVE-2021-4202 b/active/CVE-2021-4202 deleted file mode 100644 index 95ef54c0..00000000 --- a/active/CVE-2021-4202 +++ /dev/null @@ -1,14 +0,0 @@ -Description: Race condition in nci_request() leads to use after free while the device is getting removed -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2036682 -Notes: - carnil> CONFIG_NFC_NCI not enabled in Debian. -Bugs: -upstream: released (5.16-rc2) [86cdf8e38792545161dbe3350a7eced558ba4d15, 48b71a9e66c2eab60564b1b1c85f4928ed04e406] -5.10-upstream-stable: released (5.10.82) [cb14b196d991c864ed2d1b6e79d68a7ce38e6538, 34e54703fb0fdbfc0a3cfc065d71e9a8353d3ac9] -4.19-upstream-stable: released (4.19.218) [62be2b1e7914b7340281f09412a7bbb62e6c8b67], (4.19.219) 2350cffd71e74bf81dedc989fdec12aebe89a4a5] -4.9-upstream-stable: released (4.9.291) [4a59a3681158a182557c75bacd00d184f9b2a8f5], (4.9.292) [57c076e64ab55adf556cc515914564d61979f7c2] -sid: released (5.15.5-1) -5.10-bullseye-security: released (5.10.84-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2021-4203 b/active/CVE-2021-4203 deleted file mode 100644 index ec6f6bc4..00000000 --- a/active/CVE-2021-4203 +++ /dev/null @@ -1,17 +0,0 @@ -Description: af_unix: fix races in sk_peer_pid and sk_peer_cred accesses -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2036934 - https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet@gmail.com/T/ - https://bugs.chromium.org/p/project-zero/issues/detail?id=2230 -Notes: - carnil> Commit fixes 109f6e39fa07 ("af_unix: Allow SO_PEERCRED to work - carnil> across namespaces."). -Bugs: -upstream: released (5.15-rc4) [35306eb23814444bd4021f8a1c3047d3cb0c8b2b] -5.10-upstream-stable: released (5.10.71) [3db53827a0e9130d9e2cbe3c3b5bca601caa4c74] -4.19-upstream-stable: released (4.19.209) [0512a9aede6e4417c4fa6e0042a7ca8bc7e06b86] -4.9-upstream-stable: released (4.9.286) [09818f629bafbe20e24bac919019853ea3ac5ca4] -sid: released (5.14.12-1) -5.10-bullseye-security: released (5.10.84-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.290-1) diff --git a/active/CVE-2021-42739 b/active/CVE-2021-42739 deleted file mode 100644 index 7dfd3bdf..00000000 --- a/active/CVE-2021-42739 +++ /dev/null @@ -1,16 +0,0 @@ -Description: media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() -References: - https://bugzilla.redhat.com/show_bug.cgi?id=1951739 - https://www.openwall.com/lists/oss-security/2021/04/20/1 - https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/ - https://lore.kernel.org/linux-media/20210913152302.76d57784@coco.lan/ -Notes: -Bugs: -upstream: released (5.16-rc1) [35d2969ea3c7d32aee78066b1f3cf61a0d935a4e] -5.10-upstream-stable: released (5.10.78) [d7fc85f6104259541ec136199d3bf7c8a736613d] -4.19-upstream-stable: released (4.19.216) [53ec9dab4eb0a8140fc85760fb50effb526fe219] -4.9-upstream-stable: released (4.9.299) [1795af6435fa5f17ced2d34854fd4871e0780092] -sid: released (5.14.16-1) [bugfix/all/media-firewire-firedtv-avc-fix-a-buffer-overflow-in-.patch] -5.10-bullseye-security: released (5.10.84-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.290-1) [bugfix/all/media-firewire-firedtv-avc-fix-a-buffer-overflow-in-.patch] diff --git a/active/CVE-2021-43389 b/active/CVE-2021-43389 deleted file mode 100644 index bd1b7e47..00000000 --- a/active/CVE-2021-43389 +++ /dev/null @@ -1,17 +0,0 @@ -Description: isdn: cpai: check ctr->cnr to avoid array index out of bound -References: - https://www.openwall.com/lists/oss-security/2021/10/19/1 - https://lore.kernel.org/netdev/CAFcO6XOvGQrRTaTkaJ0p3zR7y7nrAWD79r48=L_BbOyrK9X-vA@mail.gmail.com/ -Notes: - carnil> Fixed as well in 5.14.15 in 5.14.y. - bwh> This seems to really be a bug in the Bluetooth CMTP subsystem, which has - bwh> been present since that was added in Linux 2.6.2. -Bugs: -upstream: released (5.15-rc6) [1f3e2e97c003f80c4b087092b225c8787ff91e4d] -5.10-upstream-stable: released (5.10.76) [7f221ccbee4ec662e2292d490a43ce6c314c4594] -4.19-upstream-stable: released (4.19.214) [7d91adc0ccb060ce564103315189466eb822cc6a] -4.9-upstream-stable: released (4.9.288) [24219a977bfe3d658687e45615c70998acdbac5a] -sid: released (5.14.16-1) -5.10-bullseye-security: released (5.10.84-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.290-1) diff --git a/active/CVE-2021-43976 b/active/CVE-2021-43976 deleted file mode 100644 index 8c5e07d0..00000000 --- a/active/CVE-2021-43976 +++ /dev/null @@ -1,15 +0,0 @@ -Description: mwifiex_usb: Fix skb_over_panic in mwifiex_usb_recv -References: - https://patchwork.kernel.org/project/linux-wireless/patch/YX4CqjfRcTa6bVL+@Zekuns-MBP-16.fios-router.home/ - https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next.git/commit/?id=04d80663f67ccef893061b49ec8a42ff7045ae84 -Notes: - carnil> Fixed as well in 5.15.17 for 5.15.y. -Bugs: -upstream: released (5.17-rc1) [04d80663f67ccef893061b49ec8a42ff7045ae84] -5.10-upstream-stable: released (5.10.94) [6036500fdf77caaca9333003f78d25a3d61c4e40] -4.19-upstream-stable: released (4.19.226) [2f4b037bf6e8c663a593b8149263c5b6940c7afd] -4.9-upstream-stable: released (4.9.298) [b233d7395cd104398dd83f130df5f0d57036c95e] -sid: released (5.15.15-2) [bugfix/x86/mwifiex-Fix-skb_over_panic-in-mwifiex_usb_recv.patch] -5.10-bullseye-security: released (5.10.92-2) [bugfix/x86/mwifiex-Fix-skb_over_panic-in-mwifiex_usb_recv.patch] -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2021-44733 b/active/CVE-2021-44733 deleted file mode 100644 index d4431c92..00000000 --- a/active/CVE-2021-44733 +++ /dev/null @@ -1,14 +0,0 @@ -Description: tee: handle lookup of shm with reference count 0 -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2030747 - https://lore.kernel.org/lkml/20211214123540.1789434-1-jens.wiklander@linaro.org/ -Notes: -Bugs: -upstream: released (5.16-rc7) [dfd0743f1d9ea76931510ed150334d571fbab49d] -5.10-upstream-stable: released (5.10.89) [c05d8f66ec3470e5212c4d08c46d6cb5738d600d] -4.19-upstream-stable: released (4.19.224) [b4a661b4212b8fac8853ec3b68e4a909dccc88a1] -4.9-upstream-stable: N/A "Vulnerable code not present" -sid: released (5.15.15-1) -5.10-bullseye-security: released (5.10.92-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-45095 b/active/CVE-2021-45095 deleted file mode 100644 index e52acc95..00000000 --- a/active/CVE-2021-45095 +++ /dev/null @@ -1,14 +0,0 @@ -Description: phonet: refcount leak in pep_sock_accep -References: - https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=bcd0f93353326954817a4f9fa55ec57fb38acbb0 -Notes: - carnil> Fixed as well in 5.15.14 for 5.15.y. -Bugs: -upstream: released (5.16-rc6) [bcd0f93353326954817a4f9fa55ec57fb38acbb0] -5.10-upstream-stable: released (5.10.91) [4f260ea5537db35d2eeec9bca78a74713078a544] -4.19-upstream-stable: released (4.19.225) [4dece2760af408ad91d6e43afc485d20386c2885] -4.9-upstream-stable: released (4.9.297) [3bae29ecb2909c46309671090311230239f1bdd7] -sid: released (5.15.15-1) -5.10-bullseye-security: released (5.10.92-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2021-45480 b/active/CVE-2021-45480 deleted file mode 100644 index f4c59a49..00000000 --- a/active/CVE-2021-45480 +++ /dev/null @@ -1,15 +0,0 @@ -Description: rds: memory leak in __rds_conn_create() -References: -Notes: - carnil> commit fixes aced3ce57cd3 ("RDS tcp loopback connection can - carnil> hang") in 5.15-rc4 (but was backported to 5.10.44, 4.19.195 in - carnil> particular). Fixed as well in 5.15.11 for 5.15.y. -Bugs: -upstream: released (5.16-rc6) [5f9562ebe710c307adc5f666bf1a2162ee7977c0] -5.10-upstream-stable: released (5.10.88) [74dc97dfb276542f12746d706abef63364d816bb] -4.19-upstream-stable: released (4.19.222) [1ed173726c1a0082e9d77c7d5a85411e85bdd983] -4.9-upstream-stable: N/A "Vulnerable code not present" -sid: released (5.15.15-1) -5.10-bullseye-security: released (5.10.92-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2021-45868 b/active/CVE-2021-45868 deleted file mode 100644 index fd0e3b14..00000000 --- a/active/CVE-2021-45868 +++ /dev/null @@ -1,15 +0,0 @@ -Description: -References: - https://bugzilla.kernel.org/show_bug.cgi?id=214655 - https://www.openwall.com/lists/oss-security/2022/03/17/1 - https://www.openwall.com/lists/oss-security/2022/03/17/2 -Notes: -Bugs: -upstream: released (5.16-rc1) [9bf3d20331295b1ecb81f4ed9ef358c51699a050] -5.10-upstream-stable: released (5.10.80) [ceeb0a8a8716a1c72af3fa4d4f98c3aced32b037] -4.19-upstream-stable: released (4.19.218) [e5222c87dc441dcc8a66e93cb3fd34dfff03d3ec] -4.9-upstream-stable: released (4.9.291) [f7dd331a896700728492e02c20a69e53221cd7a4] -sid: released (5.15.3-1) -5.10-bullseye-security: released (5.10.84-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2022-0001 b/active/CVE-2022-0001 deleted file mode 100644 index 5cf3b1ea..00000000 --- a/active/CVE-2022-0001 +++ /dev/null @@ -1,15 +0,0 @@ -Description: Sharing of branch predictor selectors between contexts on Intel CPUs -References: - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html - https://github.com/vusec/bhi-spectre-bhb -Notes: - bwh> A.k.a. "Spectre BHB". Details to be published in INTEL-SA-00598 -Bugs: -upstream: released (5.17-rc8) [d45476d9832409371537013ebdd8dc1a7781f97a, 1e19da8522c81bf46b335f84137165741e0d82b7, 5ad3eb1132453b9795ce5fd4572b1c18b292cca9, 44a3918c8245ab10c6c9719dd12e7a8d291980d8, 244d00b5dd4755f8df892c86cab35fb2cfd4f14b, e9b6013a7ce31535b04b02ba99babefe8a8599fa, eafd987d4a82c7bb5aa12f0e3b4f8f3dea93e678, 0de05d056afdb00eca8c7bbb0c79a3438daf700c] -5.10-upstream-stable: released (5.10.105) [f38774bb6e231d647d40ceeb8ddf9082eabde667, a6a119d647ad1f73067d3cffb43104df3f920bcc, 071e8b69d7808d96f388d7c5ed606e75fd3d518d, afc2d635b5e18e2b33116d8e121ee149882e33eb, 2fdf67a1d215574c31b1a716f80fa0fdccd401d7, e335384560d1e106b609e8febd7e0427075a8938, cc9e3e55bde71b2fac1494f503d5ffc560c7fb8d, d04937ae94903087279e4a016b7741cdee59d521] -4.19-upstream-stable: released (4.19.234) [25440a8c77dd2fde6a8e9cfc0c616916febf408e, 3f66bedb96ff4c064a819e68499f79b38297ba26, 7af95ef3ec6248696300fce5c68f6c8c4f50e4a4, 995629e1d8e6751936c6e2b738f70b392b0461de, d3cb3a6927222268a10b2f12dfb8c9444f7cc39e, c034d344e733a3ac574dd09e39e911a50025c607, 8bfdba77595aee5c3e83ed1c9994c35d6d409605, 9711b12a3f4c0fc73dd257c1e467e6e42155a5f1] -4.9-upstream-stable: released (4.9.306) [a771511caa8e31cb5cac4fa39165ebbca3e62795, d0ba50275860b456ff570edf3dcc2db5d2eb9eb8, f9238d33710d74ac3dd668abaa53b2274f8e6fe6, 6481835a9a5b74e349e5c20ae8a9cb10a2e907fa, b6a1aec08a84ccb331ce526c051df074150cf3c5, 0db1c4307aded2c5e618654f9341a249e0c1051f, 8edabefdc13294a9b15671937d165b948cf34d69, 0753760184745250e39018bb25ba77557390fe91] -sid: released (5.16.12-1) [bugfix/x86/bhb/0001-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch, bugfix/x86/bhb/0002-x86-speculation-Add-eIBRS-Retpoline-options.patch, bugfix/x86/bhb/0003-Documentation-hw-vuln-Update-spectre-doc.patch, bugfix/x86/bhb/0004-x86-speculation-Include-unprivileged-eBPF-status-in-.patch, bugfix/x86/bhb/0005-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0006-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0007-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0008-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch] -5.10-bullseye-security: released (5.10.103-1) [bugfix/x86/bhb/0002-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch, bugfix/x86/bhb/0003-x86-speculation-Add-eIBRS-Retpoline-options.patch, bugfix/x86/bhb/0004-Documentation-hw-vuln-Update-spectre-doc.patch, bugfix/x86/bhb/0005-x86-speculation-Include-unprivileged-eBPF-status-in-.patch, bugfix/x86/bhb/0006-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0007-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0008-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0009-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch] -4.19-buster-security: released (4.19.232-1) [bugfix/x86/bhb/0004-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch, bugfix/x86/bhb/0005-x86-speculation-Add-eIBRS-Retpoline-options.patch, bugfix/x86/bhb/0006-Documentation-hw-vuln-Update-spectre-doc.patch, bugfix/x86/bhb/0007-x86-speculation-Include-unprivileged-eBPF-status-in-.patch, bugfix/x86/bhb/0008-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0009-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0010-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0011-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch] -4.9-stretch-security: released (4.9.303-1) [bugfix/x86/bhb/0004-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch, bugfix/x86/bhb/0005-x86-speculation-Add-eIBRS-Retpoline-options.patch, bugfix/x86/bhb/0006-Documentation-hw-vuln-Update-spectre-doc.patch, bugfix/x86/bhb/0007-x86-speculation-Include-unprivileged-eBPF-status-in-.patch, bugfix/x86/bhb/0008-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0009-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0010-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0011-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch] diff --git a/active/CVE-2022-0002 b/active/CVE-2022-0002 deleted file mode 100644 index fb8fda60..00000000 --- a/active/CVE-2022-0002 +++ /dev/null @@ -1,17 +0,0 @@ -Description: Sharing of branch predictor selectors in same context on Intel CPUs -References: - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html - https://github.com/vusec/bhi-spectre-bhb -Notes: - bwh> A.k.a. "Spectre BHB". Details to be published in INTEL-SA-00598. - bwh> Unprivileged eBPF must also be disabled - bwh> (CONFIG_BPF_UNPRIV_DEFAULT_OFF=y). -Bugs: -upstream: released (5.17-rc8) [d45476d9832409371537013ebdd8dc1a7781f97a, 1e19da8522c81bf46b335f84137165741e0d82b7, 5ad3eb1132453b9795ce5fd4572b1c18b292cca9, 44a3918c8245ab10c6c9719dd12e7a8d291980d8, 244d00b5dd4755f8df892c86cab35fb2cfd4f14b, e9b6013a7ce31535b04b02ba99babefe8a8599fa, eafd987d4a82c7bb5aa12f0e3b4f8f3dea93e678, 0de05d056afdb00eca8c7bbb0c79a3438daf700c] -5.10-upstream-stable: released (5.10.105) [f38774bb6e231d647d40ceeb8ddf9082eabde667, a6a119d647ad1f73067d3cffb43104df3f920bcc, 071e8b69d7808d96f388d7c5ed606e75fd3d518d, afc2d635b5e18e2b33116d8e121ee149882e33eb, 2fdf67a1d215574c31b1a716f80fa0fdccd401d7, e335384560d1e106b609e8febd7e0427075a8938, cc9e3e55bde71b2fac1494f503d5ffc560c7fb8d, d04937ae94903087279e4a016b7741cdee59d521] -4.19-upstream-stable: released (4.19.234) [25440a8c77dd2fde6a8e9cfc0c616916febf408e, 3f66bedb96ff4c064a819e68499f79b38297ba26, 7af95ef3ec6248696300fce5c68f6c8c4f50e4a4, 995629e1d8e6751936c6e2b738f70b392b0461de, d3cb3a6927222268a10b2f12dfb8c9444f7cc39e, c034d344e733a3ac574dd09e39e911a50025c607, 8bfdba77595aee5c3e83ed1c9994c35d6d409605, 9711b12a3f4c0fc73dd257c1e467e6e42155a5f1] -4.9-upstream-stable: released (4.9.306) [a771511caa8e31cb5cac4fa39165ebbca3e62795, d0ba50275860b456ff570edf3dcc2db5d2eb9eb8, f9238d33710d74ac3dd668abaa53b2274f8e6fe6, 6481835a9a5b74e349e5c20ae8a9cb10a2e907fa, b6a1aec08a84ccb331ce526c051df074150cf3c5, 0db1c4307aded2c5e618654f9341a249e0c1051f, 8edabefdc13294a9b15671937d165b948cf34d69, 0753760184745250e39018bb25ba77557390fe91] -sid: released (5.16.12-1) [bugfix/x86/bhb/0001-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch, bugfix/x86/bhb/0002-x86-speculation-Add-eIBRS-Retpoline-options.patch, bugfix/x86/bhb/0003-Documentation-hw-vuln-Update-spectre-doc.patch, bugfix/x86/bhb/0004-x86-speculation-Include-unprivileged-eBPF-status-in-.patch, bugfix/x86/bhb/0005-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0006-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0007-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0008-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch] -5.10-bullseye-security: released (5.10.103-1) [bugfix/x86/bhb/0002-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch, bugfix/x86/bhb/0003-x86-speculation-Add-eIBRS-Retpoline-options.patch, bugfix/x86/bhb/0004-Documentation-hw-vuln-Update-spectre-doc.patch, bugfix/x86/bhb/0005-x86-speculation-Include-unprivileged-eBPF-status-in-.patch, bugfix/x86/bhb/0006-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0007-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0008-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0009-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch] -4.19-buster-security: released (4.19.232-1) [bugfix/x86/bhb/0004-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch, bugfix/x86/bhb/0005-x86-speculation-Add-eIBRS-Retpoline-options.patch, bugfix/x86/bhb/0006-Documentation-hw-vuln-Update-spectre-doc.patch, bugfix/x86/bhb/0007-x86-speculation-Include-unprivileged-eBPF-status-in-.patch, bugfix/x86/bhb/0008-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0009-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0010-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0011-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch] -4.9-stretch-security: released (4.9.303-1) [bugfix/x86/bhb/0004-x86-speculation-Rename-RETPOLINE_AMD-to-RETPOLINE_LF.patch, bugfix/x86/bhb/0005-x86-speculation-Add-eIBRS-Retpoline-options.patch, bugfix/x86/bhb/0006-Documentation-hw-vuln-Update-spectre-doc.patch, bugfix/x86/bhb/0007-x86-speculation-Include-unprivileged-eBPF-status-in-.patch, bugfix/x86/bhb/0008-x86-speculation-Use-generic-retpoline-by-default-on-.patch, bugfix/x86/bhb/0009-x86-speculation-Update-link-to-AMD-speculation-white.patch, bugfix/x86/bhb/0010-x86-speculation-Warn-about-Spectre-v2-LFENCE-mitigat.patch, bugfix/x86/bhb/0011-x86-speculation-Warn-about-eIBRS-LFENCE-Unprivileged.patch] diff --git a/active/CVE-2022-0322 b/active/CVE-2022-0322 deleted file mode 100644 index 77a02941..00000000 --- a/active/CVE-2022-0322 +++ /dev/null @@ -1,15 +0,0 @@ -Description: sctp: account stream padding length for reconf chunk -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2042822 -Notes: - carnil> Commit fixes cc16f00f6529 ("sctp: add support for generating - carnil> stream reconf ssn reset request chunk") in 4.11-rc1. -Bugs: -upstream: released (5.15-rc6) [a2d859e3fc97e79d907761550dbc03ff1b36479c] -5.10-upstream-stable: released (5.10.75) [d84a69ac410f6228873d05d35120f6bdddab7fc3] -4.19-upstream-stable: released (4.19.213) [c57fdeff69b152185fafabd37e6bfecfce51efda] -4.9-upstream-stable: N/A "Vulnerable code not present" -sid: released (5.14.16-1) -5.10-bullseye-security: released (5.10.84-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2022-0330 b/active/CVE-2022-0330 deleted file mode 100644 index 806ddbbe..00000000 --- a/active/CVE-2022-0330 +++ /dev/null @@ -1,14 +0,0 @@ -Description: drm/i915: Flush TLBs before releasing backing store -References: - https://www.openwall.com/lists/oss-security/2022/01/25/12 -Notes: - carnil> Fixed in 5.16.4 for 5.16.y and 5.15.18 for 5.15.y. -Bugs: -upstream: released (5.17-rc2) [7938d61591d33394a21bdd7797a245b65428f44c] -5.10-upstream-stable: released (5.10.95) [6a6acf927895c38bdd9f3cd76b8dbfc25ac03e88] -4.19-upstream-stable: released (4.19.227) [b188780649081782e341e52223db47c49f172712] -4.9-upstream-stable: released (4.9.299) [84f4ab5b47d955ad2bb30115d7841d3e8f0994f4] -sid: released (5.15.15-2) [bugfix/x86/drm-i915-Flush-TLBs-before-releasing-backing-store.patch] -5.10-bullseye-security: released (5.10.92-2) [bugfix/x86/drm-i915-Flush-TLBs-before-releasing-backing-store.patch] -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2022-0435 b/active/CVE-2022-0435 deleted file mode 100644 index 5495d3cf..00000000 --- a/active/CVE-2022-0435 +++ /dev/null @@ -1,16 +0,0 @@ -Description: tipc: improve size validations for received domain records -References: - https://www.openwall.com/lists/oss-security/2022/02/10/1 -Notes: - carnil> Introduced with 35c55c9877f8 ("tipc: add neighbor monitoring - carnil> framework") in 4.8-rc1. - carnil> Fixed as well in 5.16.9 for 5.16.y. -Bugs: -upstream: released (5.17-rc4) [9aa422ad326634b76309e8ff342c246800621216] -5.10-upstream-stable: released (5.10.100) [3c7e5943553594f68bbc070683db6bb6f6e9e78e] -4.19-upstream-stable: released (4.19.229) [f1af11edd08dd8376f7a84487cbb0ea8203e3a1d] -4.9-upstream-stable: released (4.9.301) [175db196e45d6f0e6047eccd09c8ba55465eb131] -sid: released (5.16.10-1) -5.10-bullseye-security: released (5.10.92-2) [bugfix/all/tipc-improve-size-validations-for-received-domain-re.patch] -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2022-0487 b/active/CVE-2022-0487 deleted file mode 100644 index 5194a44d..00000000 --- a/active/CVE-2022-0487 +++ /dev/null @@ -1,16 +0,0 @@ -Description: Use after free in moxart_remove -References: - https://lore.kernel.org/all/20220114075934.302464-1-gregkh@linuxfoundation.org/ - https://bugzilla.suse.com/show_bug.cgi?id=1194516 - https://lore.kernel.org/all/20220127071638.4057899-1-gregkh@linuxfoundation.org/ -Notes: - carnil> CONFIG_MMC_MOXART is not set in Debian. -Bugs: -upstream: released (5.17-rc4) [bd2db32e7c3e35bd4d9b8bbff689434a50893546] -5.10-upstream-stable: released (5.10.100) [be93028d306dac9f5b59ebebd9ec7abcfc69c156] -4.19-upstream-stable: released (4.19.229) [9c25d5ff1856b91bd4365e813f566cb59aaa9552] -4.9-upstream-stable: released (4.9.301) [f5dc193167591e88797262ec78515a0cbe79ff5f] -sid: released (5.16.10-1) -5.10-bullseye-security: released (5.10.103-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2022-0492 b/active/CVE-2022-0492 deleted file mode 100644 index bf08c11e..00000000 --- a/active/CVE-2022-0492 +++ /dev/null @@ -1,17 +0,0 @@ -Description: cgroup-v1: Require capabilities to set release_agent -References: - https://www.openwall.com/lists/oss-security/2022/02/04/1 - https://twitter.com/chompie1337/status/1489366167600906240 -Notes: - carnil> Fixed as well in 5.15.20 for 5.15.y and 5.16.6 for 5.16.y. - carnil> Original fix will need a followup fix 467a726b754f ("cgroup-v1: - carnil> Correct privileges check in release_agent writes") -Bugs: -upstream: released (5.17-rc3) [24f6008564183aa120d07c03d9289519c2fe02af] -5.10-upstream-stable: released (5.10.97) [1fc3444cda9a78c65b769e3fa93455e09ff7a0d3] -4.19-upstream-stable: released (4.19.229) [939f8b491887c27585933ea7dc5ad4123de58ff3] -4.9-upstream-stable: released (4.9.301) [7e33a0ad792f04bad920c7197bda8cc2ea08d304] -sid: released (5.16.7-1) -5.10-bullseye-security: released (5.10.103-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2022-0516 b/active/CVE-2022-0516 deleted file mode 100644 index 51685098..00000000 --- a/active/CVE-2022-0516 +++ /dev/null @@ -1,17 +0,0 @@ -Description: KVM: s390: Return error on SIDA memop on normal guest -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2050237 - https://www.openwall.com/lists/oss-security/2022/02/11/2 -Notes: - carnil> Introduced by 19e122776886 (KVM: S390: protvirt: Introduce - carnil> instruction data area bounce buffer) in 5.7-rc1 - carnil> Fixed as well in 5.16.9 for 5.16.y. -Bugs: -upstream: released (5.17-rc4) [2c212e1baedcd782b2535a3f86bc491977677c0e] -5.10-upstream-stable: released (5.10.100) [b62267b8b06e9b8bb429ae8f962ee431e6535d60] -4.19-upstream-stable: N/A "Vulnerable code not present" -4.9-upstream-stable: N/A "Vulnerable code not present" -sid: released (5.16.10-1) -5.10-bullseye-security: released (5.10.92-2) [bugfix/s390x/KVM-s390-Return-error-on-SIDA-memop-on-normal-guest.patch] -4.19-buster-security: N/A "Vulnerable code not present" -4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2022-0617 b/active/CVE-2022-0617 deleted file mode 100644 index fb1e3316..00000000 --- a/active/CVE-2022-0617 +++ /dev/null @@ -1,13 +0,0 @@ -Description: Null pointer dereference can be triggered when write to an ICB inode -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2053632 -Notes: -Bugs: -upstream: released (5.17-rc2) [7fc3b7c2981bbd1047916ade327beccb90994eee, ea8569194b43f0f01f0a84c689388542c7254a1f] -5.10-upstream-stable: released (5.10.96) [de7cc8bcca90a9d77c915ee1d922dbd670c47d84, 0a3cfd258923aee63e7f144f134d42e205421848] -4.19-upstream-stable: released (4.19.228) [a23a59717f9f01a49394488f515550f9382fbada, 3740d41e7363374182a42f1621e06d5029c837d5] -4.9-upstream-stable: released (4.9.300) [f24454e42b5a58267928b0de53b0dd9b43e4dd46, de10d14ce3aacba73c835cb979a85ef9683c193f] -sid: released (5.16.7-1) -5.10-bullseye-security: released (5.10.103-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2022-0644 b/active/CVE-2022-0644 deleted file mode 100644 index 90a15c08..00000000 --- a/active/CVE-2022-0644 +++ /dev/null @@ -1,15 +0,0 @@ -Description: vfs: check fd has read access in kernel_read_file_from_fd() -References: - https://bugzilla.redhat.com/show_bug.cgi?id=2026491 - https://lore.kernel.org/all/20211007220110.600005-1-willy@infradead.org/ - https://lkml.org/lkml/2021/10/6/254 -Notes: -Bugs: -upstream: released (5.15-rc7) [032146cda85566abcd1c4884d9d23e4e30a07e9a] -5.10-upstream-stable: released (5.10.76) [b721500c979b71a9f02eb84ca384082722c62d4e] -4.19-upstream-stable: released (4.19.214) [c1ba20965b59c2eeb54a845ca5cab4fc7bcf9735] -4.9-upstream-stable: released (4.9.288) [52ed5a196b1146e0368e95edc23c38fa1b50825a] -sid: released (5.14.16-1) -5.10-bullseye-security: released (5.10.84-1) -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.290-1) diff --git a/active/CVE-2022-0847 b/active/CVE-2022-0847 deleted file mode 100644 index 725813f9..00000000 --- a/active/CVE-2022-0847 +++ /dev/null @@ -1,17 +0,0 @@ -Description: lib/iov_iter: initialize "flags" in new pipe_buffer -References: - https://www.openwall.com/lists/oss-security/2022/03/07/1 - https://dirtypipe.cm4all.com/ -Notes: - carnil> Only exploitable starting in 5.8-rc1 due to f6dd975583bd - carnil> ("pipe: merge anon_pipe_buf*_ops"). The commit which landed in - carnil> 5.17-rc6 was still backported to all stable series. -Bugs: -upstream: released (5.17-rc6) [9d2231c5d74e13b2a0546fee6737ee4446017903] -5.10-upstream-stable: released (5.10.102) [b19ec7afa9297d862ed86443e0164643b97250ab] -4.19-upstream-stable: released (4.19.231) [d46c42d8d2742742eddf9290e72df4b563f2e301] -4.9-upstream-stable: released (4.9.303) [c460ef6e0596eb5ca844c45338c20f6023f1e43c] -sid: released (5.16.11-1) -5.10-bullseye-security: released (5.10.92-2) [bugfix/all/lib-iov_iter-initialize-flags-in-new-pipe_buffer.patch] -4.19-buster-security: N/A "Vulnerable code introduced later" -4.9-stretch-security: N/A "Vulnerable code introduced later" diff --git a/active/CVE-2022-0998 b/active/CVE-2022-0998 deleted file mode 100644 index 7ef46ebb..00000000 --- a/active/CVE-2022-0998 +++ /dev/null @@ -1,19 +0,0 @@ -Description: vdpa: clean up get_config_size ret value handling -References: - https://lore.kernel.org/netdev/20220123001216.2460383-13-sashal@kernel.org/ - https://bugzilla.redhat.com/show_bug.cgi?id=2057506 -Notes: - carnil> CONFIG_VHOST_VDPA not set in Debian. - bwh> The vhost vDPA backend was introduced in 5.7. - bwh> The change in 5.17 is described as only clean up, while the actual - bwh> fix was commit 3ed21c1451a1, already included in all vulnerable - bwh> branches. -Bugs: -upstream: released (5.16-rc6) [3ed21c1451a14d139e1ceb18f2fa70865ce3195a] -5.10-upstream-stable: released (5.10.88) [51f6302f81d243772047a74ffeceddfb11c964d5] -4.19-upstream-stable: N/A "Vulnerable code not present" -4.9-upstream-stable: N/A "Vulnerable code not present" -sid: released (5.15.15-1) -5.10-bullseye-security: released (5.10.92-1) -4.19-buster-security: N/A "Vulnerable code not present" -4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2022-1043 b/active/CVE-2022-1043 deleted file mode 100644 index 6adac930..00000000 --- a/active/CVE-2022-1043 +++ /dev/null @@ -1,16 +0,0 @@ -Description: io_uring: fix xa_alloc_cycle() error return value check -References: - https://bugzilla.redhat.com/show_bug.cgi?id=1997328 - https://bugzilla.suse.com/show_bug.cgi?id=1197393 -Notes: - carnil> Introduced by 61cf93700fe6 ("io_uring: Convert personality_idr - carnil> to XArray") in 5.12-rc3 (got backported to 5.10.51). -Bugs: -upstream: released (5.14-rc7) [a30f895ad3239f45012e860d4f94c1a388b36d14] -5.10-upstream-stable: released (5.10.61) [695ab28a7fa107d0350ab19eba8ec89fac45a95d] -4.19-upstream-stable: N/A "Vulnerable code not present" -4.9-upstream-stable: N/A "Vulnerable code not present" -sid: released (5.14.6-1) -5.10-bullseye-security: released (5.10.70-1) -4.19-buster-security: N/A "Vulnerable code not present" -4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2022-22942 b/active/CVE-2022-22942 deleted file mode 100644 index 4012da6b..00000000 --- a/active/CVE-2022-22942 +++ /dev/null @@ -1,17 +0,0 @@ -Description: drm/vmwgfx: Fix stale file descriptors on failed usercopy -References: - https://www.openwall.com/lists/oss-security/2022/01/27/4 - https://www.openwall.com/lists/oss-security/2022/02/03/1 -Notes: - carnil> Commit fixes c906965dee22 ("drm/vmwgfx: Add export fence to - carnil> file descriptor support") in 4.14-rc1. - carnil> Fixed in 5.16.4 for 5.16.y and 5.15.18 for 5.15.y. -Bugs: -upstream: released (5.17-rc2) [a0f90c8815706981c483a652a6aefca51a5e191c] -5.10-upstream-stable: released (5.10.95) [ae2b20f27732fe92055d9e7b350abc5cdf3e2414] -4.19-upstream-stable: released (4.19.227) [0008a0c78fc33a84e2212a7c04e6b21a36ca6f4d] -4.9-upstream-stable: N/A "Vulnerable code not present" -sid: released (5.15.15-2) [bugfix/all/drm-vmwgfx-Fix-stale-file-descriptors-on-failed-user.patch] -5.10-bullseye-security: released (5.10.92-2) [bugfix/x86/drm-vmwgfx-Fix-stale-file-descriptors-on-failed-user.patch] -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2022-24448 b/active/CVE-2022-24448 deleted file mode 100644 index 3081a0fd..00000000 --- a/active/CVE-2022-24448 +++ /dev/null @@ -1,13 +0,0 @@ -Description NFSv4: Handle case where the lookup of a directory fails: -References: - NFSv4: Handle case where the lookup of a directory fails -Notes: -Bugs: -upstream: released (5.17-rc2) [ac795161c93699d600db16c1a8cc23a65a1eceaf] -5.10-upstream-stable: released (5.10.96) [ce8c552b88ca25d775ecd0a0fbef4e0e03de9ed2] -4.19-upstream-stable: released (4.19.228) [b00b4c6faad0f21e443fb1584f7a8ea222beb0de] -4.9-upstream-stable: released (4.9.300) [8788981e120694a82a3672e062fe4ea99446634a] -sid: released (5.16.7-1) -5.10-bullseye-security: released (5.10.92-2) [bugfix/all/NFSv4-Handle-case-where-the-lookup-of-a-directory-fa.patch] -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2022-24959 b/active/CVE-2022-24959 deleted file mode 100644 index 323dcedb..00000000 --- a/active/CVE-2022-24959 +++ /dev/null @@ -1,15 +0,0 @@ -Description: yam: fix a memory leak in yam_siocdevprivate() -References: -Notes: - bwh> Introduced in 4.19 by commit 0781168e23a2 "yam: fix a missing- - bwh> check bug". (That didn't actually fix any bug because the - bwh> driver never looks at the second copy of the cmd field.) -Bugs: -upstream: released (5.17-rc2) [29eb31542787e1019208a2e1047bb7c76c069536] -5.10-upstream-stable: released (5.10.96) [729e54636b3ebefb77796702a5b1f1ed5586895e] -4.19-upstream-stable: released (4.19.228) [4bd197ce18329e3725fe3af5bd27daa4256d3ac7] -4.9-upstream-stable: N/A "Vulnerability introduced later" -sid: released (5.16.7-1) -5.10-bullseye-security: released (5.10.92-2) [bugfix/all/yam-fix-a-memory-leak-in-yam_siocdevprivate.patch] -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: N/A "Vulnerability introduced later" diff --git a/active/CVE-2022-25258 b/active/CVE-2022-25258 deleted file mode 100644 index c6034e00..00000000 --- a/active/CVE-2022-25258 +++ /dev/null @@ -1,13 +0,0 @@ -Description: USB: gadget: validate interface OS descriptor requests -References: - https://github.com/szymonh/d-os-descriptor -Notes: -Bugs: -upstream: released (5.17-rc4) [75e5b4849b81e19e9efe1654b30d7f3151c33c2c] -5.10-upstream-stable: released (5.10.101) [22ec1004728548598f4f5b4a079a7873409eacfd] -4.19-upstream-stable: released (4.19.230) [e5eb8d19aee115d8fb354d1eff1b8df700467164] -4.9-upstream-stable: released (4.9.302) [f3bcd744b0bc8dcc6cdb3ac5be20f54aecfb78a4] -sid: released (5.16.10-1) -5.10-bullseye-security: released (5.10.92-2) [bugfix/all/USB-gadget-validate-interface-OS-descriptor-requests.patch] -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2022-25375 b/active/CVE-2022-25375 deleted file mode 100644 index e9b29ca0..00000000 --- a/active/CVE-2022-25375 +++ /dev/null @@ -1,14 +0,0 @@ -Description: usb: gadget: rndis: check size of RNDIS_MSG_SET command -References: - https://github.com/szymonh/rndis-co - https://www.openwall.com/lists/oss-security/2022/02/21/1 -Notes: -Bugs: -upstream: released (5.17-rc4) [38ea1eac7d88072bbffb630e2b3db83ca649b826] -5.10-upstream-stable: released (5.10.101) [fb4ff0f96de37c44236598e8b53fe43b1df36bf3] -4.19-upstream-stable: released (4.19.230) [db9aaa3026298d652e98f777bc0f5756e2455dda] -4.9-upstream-stable: released (4.9.302) [ff0a90739925734c91c7e39befe3f4378e0c1369] -sid: released (5.16.10-1) -5.10-bullseye-security: released (5.10.92-2) [bugfix/all/usb-gadget-rndis-check-size-of-RNDIS_MSG_SET-command.patch] -4.19-buster-security: released (4.19.232-1) -4.9-stretch-security: released (4.9.303-1) diff --git a/active/CVE-2022-25636 b/active/CVE-2022-25636 deleted file mode 100644 index 775e8cf2..00000000 --- a/active/CVE-2022-25636 +++ /dev/null @@ -1,18 +0,0 @@ -Description: netfilter: nf_tables_offload: incorrect flow offload action array size -References: - https://www.openwall.com/lists/oss-security/2022/02/21/2 - https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=b1a5983f56e371046dcf164f90bfaf704d2b89f6 - https://github.com/Bonfee/CVE-2022-25636 - https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/ -Notes: - carnil> Introduced in be2861dc36d7 ("netfilter: nft_{fwd,dup}_netdev: - carnil> add offload support") in 5.4-rc1. -Bugs: -upstream: released (5.17-rc6) [b1a5983f56e371046dcf164f90bfaf704d2b89f6] -5.10-upstream-stable: released (5.10.103) [68f19845f580a1d3ac1ef40e95b0250804e046bb] -4.19-upstream-stable: N/A "Vulnerable code not present" -4.9-upstream-stable: N/A "Vulnerable code not present" -sid: released (5.16.11-1) [bugfix/all/netfilter-nf_tables_offload-incorrect-flow-offload-a.patch] -5.10-bullseye-security: released (5.10.103-1) -4.19-buster-security: N/A "Vulnerable code not present" -4.9-stretch-security: N/A "Vulnerable code not present" diff --git a/active/CVE-2022-26878 b/active/CVE-2022-26878 deleted file mode 100644 index 373e0eaa..00000000 --- a/active/CVE-2022-26878 +++ /dev/null @@ -1,16 +0,0 @@ -Description: Bluetooth: virtio_bt: fix memory leak in virtbt_rx_handle() -References: - https://lore.kernel.org/linux-bluetooth/1A203F5E-FB5E-430C-BEA3-86B191D69D58@holtmann.org/ -Notes: - carnil> Commit fixes afd2daa26c7a ("Bluetooth: Add support for virtio - carnil> transport driver") in 5.13-rc1. Additionally BT_VIRTIO is not - carnil> set in Debian. -Bugs: -upstream: released (5.17-rc1) [ad7cb5f6fa5f7ea37208c98a9457dd98025a89ca] -5.10-upstream-stable: N/A "Vulnerable code not present" -4.19-upstream-stable: N/A "Vulnerable code not present" -4.9-upstream-stable: N/A "Vulnerable code not present" -sid: released (5.16.7-1) -5.10-bullseye-security: N/A "Vulnerable code not present" -4.19-buster-security: N/A "Vulnerable code not present" -4.9-stretch-security: N/A "Vulnerable code not present" |