Retire inactive issues

13 files changed, 0 insertions, 228 deletions

diff --git a/active/CVE-2020-26140 b/active/CVE-2020-26140
deleted file mode 100644
index 908c2fc0f..000000000
--- a/active/CVE-2020-26140
+++ /dev/null
@@ -1,23 +0,0 @@
-Description: Accepting plaintext data frames in protected networks
-References:
- https://papers.mathyvanhoef.com/usenix2021.pdf
- https://www.fragattacks.com/
- https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
-Notes:
- carnil> Needs to be checked if this really has a fix in Linux.
- bwh> I don't think this bug was present in mac80211, but individual
- bwh> drivers or firmware might be affected.  The same issue was found
- bwh> earlier in some vendor drivers which were assigned
- bwh> CVE-2019-18989, CVE-2019-18990, and CVE-2019-18991:
- bwh> https://www.synopsys.com/blogs/software-security/cyrc-advisory-sept2020/
-Bugs:
-upstream: N/A "Found in firmware, not kernel or drivers"
-6.1-upstream-stable: N/A "Found in firmware, not kernel or drivers"
-5.10-upstream-stable: N/A "Found in firmware, not kernel or drivers"
-4.19-upstream-stable: N/A "Found in firmware, not kernel or drivers"
-4.9-upstream-stable: N/A "Found in firmware, not kernel or drivers"
-sid: N/A "Found in firmware, not kernel or drivers"
-6.1-bookworm-security: N/A "Found in firmware, not kernel or drivers"
-5.10-bullseye-security: N/A "Found in firmware, not kernel or drivers"
-4.19-buster-security: N/A "Found in firmware, not kernel or drivers"
-4.9-stretch-security: N/A "Found in firmware, not kernel or drivers"
diff --git a/active/CVE-2020-26142 b/active/CVE-2020-26142
deleted file mode 100644
index 2733fcf8a..000000000
--- a/active/CVE-2020-26142
+++ /dev/null
@@ -1,20 +0,0 @@
-Description: Processing fragmented frames as full frames
-References:
- https://papers.mathyvanhoef.com/usenix2021.pdf
- https://www.fragattacks.com/
- https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
-Notes:
- carnil> Needs to be checked if this really has a fix in Linux.
- bwh> I don't think this bug was present in mac80211, but individual
- bwh> drivers or firmware might be affected.
-Bugs:
-upstream: N/A "Found in OpenBSD, not Linux"
-6.1-upstream-stable: N/A "Found in OpenBSD, not Linux"
-5.10-upstream-stable: N/A "Found in OpenBSD, not Linux"
-4.19-upstream-stable: N/A "Found in OpenBSD, not Linux"
-4.9-upstream-stable: N/A "Found in OpenBSD, not Linux"
-sid: N/A "Found in OpenBSD, not Linux"
-6.1-bookworm-security: N/A "Found in OpenBSD, not Linux"
-5.10-bullseye-security: N/A "Found in OpenBSD, not Linux"
-4.19-buster-security: N/A "Found in OpenBSD, not Linux"
-4.9-stretch-security: N/A "Found in OpenBSD, not Linux"
diff --git a/active/CVE-2020-26143 b/active/CVE-2020-26143
deleted file mode 100644
index b4a183ddf..000000000
--- a/active/CVE-2020-26143
+++ /dev/null
@@ -1,20 +0,0 @@
-Description: Accepting fragmented plaintext frames in protected networks
-References:
- https://papers.mathyvanhoef.com/usenix2021.pdf
- https://www.fragattacks.com/
- https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
-Notes:
- carnil> Needs to be checked if this really has a fix in Linux.
- bwh> I don't think this bug was present in mac80211, but individual
- bwh> drivers or firmware might be affected.
-Bugs:
-upstream: N/A "Found in firmware, not kernel or drivers"
-6.1-upstream-stable: N/A "Found in firmware, not kernel or drivers"
-5.10-upstream-stable: N/A "Found in firmware, not kernel or drivers"
-4.19-upstream-stable: N/A "Found in firmware, not kernel or drivers"
-4.9-upstream-stable: N/A "Found in firmware, not kernel or drivers"
-sid: N/A "Found in firmware, not kernel or drivers"
-6.1-bookworm-security: N/A "Found in firmware, not kernel or drivers"
-5.10-bullseye-security: N/A "Found in firmware, not kernel or drivers"
-4.19-buster-security: N/A "Found in firmware, not kernel or drivers"
-4.9-stretch-security: N/A "Found in firmware, not kernel or drivers"
diff --git a/active/CVE-2023-0615 b/active/CVE-2023-0615
deleted file mode 100644
index 91ceb465c..000000000
--- a/active/CVE-2023-0615
+++ /dev/null
@@ -1,26 +0,0 @@
-Description: multiple issues for the Video for Linux version 2 test driver
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=2166287
- https://bugzilla.redhat.com/show_bug.cgi?id=2166287#c7
-Notes:
- carnil> According to the Red Hat Bugzilla #c7 reference, they should be
- carnil> fixed all in the latest upstream vivid code. Debian builds
- carnil> VIDEO_VIVID as module.
-Bugs:
- bwh> The issues mentioned are (1) memory leak (2) divide by zero
- bwh> (3) integer overflow and were already fixed by 2023-02-01.
- bwh> So I think (1) was fixed by 1f65ea411cc7 "media: vivid:
- bwh> dev->bitmap_cap wasn't freed in all cases" and (3) was fixed
- bwh> by f8bcaf714abf "media: vivid: s_fbuf: add more sanity checks".
- bwh> By process of elimination, I think (2) must have been fixed by
- bwh> 69d78a80da4e "media: vivid: set num_in/outputs to 0 if not
- bwh> supported" although I didn't see a specific code flow that
- bwh> would lead to division by zero.
-upstream: released (6.1-rc3) [1f65ea411cc7b6ff128d82a3493d7b5648054e6f, 69d78a80da4ef12faf2a6f9cfa2097ab4ac43983, f8bcaf714abfc94818dff8c0db84d750433984f4]
-6.1-upstream-stable: N/A "Fixed before branch point"
-5.10-upstream-stable: released (5.10.153) [147b8f1892aaa474f912ac75babfd316ee0de672, 905f05c0ab1950e6f24611b2ea69625f154392d5, 1cf51d51581c1e0a876623e0a89d10029fc8cdc4]
-4.19-upstream-stable: released (4.19.264) [29385e601f3420cfe46550271714b6685719eb33, c106967b34725dfb1c76a914b6c2e2773936323f]
-sid: released (6.1.4-1)
-6.1-bookworm-security: N/A "Fixed before branch point"
-5.10-bullseye-security: released (5.10.158-1)
-4.19-buster-security: released (4.19.282-1)
diff --git a/active/CVE-2023-1611 b/active/CVE-2023-1611
deleted file mode 100644
index a1f620f39..000000000
--- a/active/CVE-2023-1611
+++ /dev/null
@@ -1,19 +0,0 @@
-Description: btrfs: fix race between quota disable and quota assign ioctls
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=2181342
- https://lore.kernel.org/linux-btrfs/35b9a70650ea947387cf352914a8774b4f7e8a6f.1679481128.git.fdmanana@suse.com/
-Notes:
- bwh> It looks like this was introduced in 5.17 by commit 232796df8c14
- bwh> "btrfs: fix deadlock between quota enable and other quota
- bwh> operations" which was then backported into 5.10.94.  This
- bwh> issue doesn't currently affect 4.19, but will do if that earlier
- bwh> fix is picked alone.
-Bugs:
-upstream: released (6.3-rc5) [2f1a6be12ab6c8470d5776e68644726c94257c54]
-6.1-upstream-stable: released (6.1.23) [a38ff2024805a30d9b96f52557c6ea0bbc31252a]
-5.10-upstream-stable: released (5.10.177) [5f6347034341bf45056ca1ec3fa72040152ecf83]
-4.19-upstream-stable: N/A "Vulnerability introduced later"
-sid: released (6.1.25-1)
-6.1-bookworm-security: N/A "Fixed before branch point"
-5.10-bullseye-security: released (5.10.178-1)
-4.19-buster-security: N/A "Vulnerability introduced later"
diff --git a/active/CVE-2023-2019 b/active/CVE-2023-2019
deleted file mode 100644
index cea0c000c..000000000
--- a/active/CVE-2023-2019
+++ /dev/null
@@ -1,14 +0,0 @@
-Description: netdevsim: fib: Fix reference count leak on route deletion failure
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=2189137
- https://www.zerodayinitiative.com/advisories/ZDI-CAN-17811/
-Notes:
-Bugs:
-upstream: released (6.0-rc1) [180a6a3ee60a7cb69ed1232388460644f6a21f00]
-6.1-upstream-stable: N/A "Fixed before branching point"
-5.10-upstream-stable: N/A "Vulnerable code not present"
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (5.19.6-1)
-6.1-bookworm-security: N/A "Fixed before branch point"
-5.10-bullseye-security: N/A "Vulnerable code not present"
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-21102 b/active/CVE-2023-21102
deleted file mode 100644
index 31a6de3e0..000000000
--- a/active/CVE-2023-21102
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: arm64: efi: Execute runtime services from a dedicated stack
-References:
- https://source.android.com/docs/security/bulletin/2023-05-01
- https://android.googlesource.com/kernel/common/+/ec6fe823507b2f6ef4a58f3a9bee9a5ec086c32c%5E%21/#F2
-Notes:
- bwh> Introduced in 5.14 by commit cefc7ca46235 "ACPI: PRM: implement
- bwh> OperationRegion handler for the PlatformRtMechanism subtype".
-Bugs:
-upstream: released (6.2-rc1) [ff7a167961d1b97e0e205f245f806e564d3505e7], released (6.2-rc4) [18bba1843fc7f264f58c9345d00827d082f9c558]
-6.1-upstream-stable: released (6.1.8) [f75a91c82dc805af8f718ff106ec9c090234b37b, 72b0e5faa5149f09c6a7a74e4012f29e33509bab]
-5.10-upstream-stable: released (5.10.165) [4012603cbd469223f225637d265a233f034c567a, d6544bccc1967cd6a883d6abac71fc7d863e8baa]
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.1.8-1)
-6.1-bookworm-security: N/A "Fixed before branch point"
-5.10-bullseye-security: released (5.10.178-1)
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-22998 b/active/CVE-2023-22998
deleted file mode 100644
index be85220d2..000000000
--- a/active/CVE-2023-22998
+++ /dev/null
@@ -1,14 +0,0 @@
-Description: drm/virtio: Fix NULL vs IS_ERR checking in virtio_gpu_object_shmem_init
-References:
-Notes:
- bwh> Introduced in 5.5 by commit c66df701e783 "drm/virtio: switch
- bwh> from ttm to gem shmem helpers".
-Bugs:
-upstream: released (6.0-rc1) [c24968734abfed81c8f93dc5f44a7b7a9aecadfa, 64b88afbd92fbf434759d1896a7cf705e1c00e79]
-6.1-upstream-stable: N/A "Fixed before branching point"
-5.10-upstream-stable: released (5.10.171) [0a4181b23acf53e9c95b351df6a7891116b98f9b, 87c647def389354c95263d6635c62ca0de7d12ca]
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (6.0.3-1)
-6.1-bookworm-security: N/A "Fixed before branch point"
-5.10-bullseye-security: released (5.10.178-1)
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-22999 b/active/CVE-2023-22999
deleted file mode 100644
index 8d0f764a9..000000000
--- a/active/CVE-2023-22999
+++ /dev/null
@@ -1,14 +0,0 @@
-Description: usb: dwc3: qcom: Fix NULL vs IS_ERR checking in dwc3_qcom_probe
-References:
-Notes:
- bwh> Introduced in 5.12 by commit c25c210f590e "usb: dwc3: qcom: add
- bwh> URS Host support for sdm845 ACPI boot" and backported into 5.10.
-Bugs:
-upstream: released (5.17-rc1) [b52fe2dbb3e655eb1483000adfab68a219549e13]
-6.1-upstream-stable: N/A "Fixed before branching point"
-5.10-upstream-stable: released (5.10.94) [94177fcecc35e9e9d3aecaa5813556c6b5aed7b6]
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (5.16.7-1)
-6.1-bookworm-security: N/A "Fixed before branch point"
-5.10-bullseye-security: released (5.10.103-1)
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-23000 b/active/CVE-2023-23000
deleted file mode 100644
index 78b340f6e..000000000
--- a/active/CVE-2023-23000
+++ /dev/null
@@ -1,17 +0,0 @@
-Description: phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function
-References:
-Notes:
- bwh> This doesn't seem to have a security impact as this function is
- bwh> only called during probe of a platform device.  Introduced in
- bwh> 4.14 by commit 1df79cb3bae7 "phy: tegra: Handle return value of
- bwh> kasprintf", which itself fixed a (theoretical) null pointer
- bwh> dereference.
-Bugs:
-upstream: released (5.17-rc1) [045a31b95509c8f25f5f04ec5e0dec5cd09f2c5f]
-6.1-upstream-stable: N/A "Fixed before branching point"
-5.10-upstream-stable: ignored "Not a security issue"
-4.19-upstream-stable: ignored "Not a security issue"
-sid: released (5.17.3-1)
-6.1-bookworm-security: N/A "Fixed before branch point"
-5.10-bullseye-security: ignored "Not a security issue"
-4.19-buster-security: ignored "Not a security issue"
diff --git a/active/CVE-2023-23003 b/active/CVE-2023-23003
deleted file mode 100644
index b68c04642..000000000
--- a/active/CVE-2023-23003
+++ /dev/null
@@ -1,14 +0,0 @@
-Description: perf expr: Fix missing check for return value of hashmap__new()
-References:
-Notes:
- bwh> This is user-space code, and the result of the missing check
- bwh> would be a segfault.  I don't see any security impact.
-Bugs:
-upstream: released (5.16-rc6) [0a515a06c5ebfa46fee3ac519e418f801e718da4]
-6.1-upstream-stable: N/A "Fixed before branching point"
-5.10-upstream-stable: ignored "Not a security issue"
-4.19-upstream-stable: ignored "Not a security issue"
-sid: released (5.16.7-1)
-6.1-bookworm-security: N/A "Fixed before branch point"
-5.10-bullseye-security: ignored "Not a security issue"
-4.19-buster-security: ignored "Not a security issue"
diff --git a/active/CVE-2023-23004 b/active/CVE-2023-23004
deleted file mode 100644
index 8beaf28fb..000000000
--- a/active/CVE-2023-23004
+++ /dev/null
@@ -1,14 +0,0 @@
-Description: malidp: Fix NULL vs IS_ERR() checking
-References:
-Notes:
- bwh> Introduced in 4.20 by commit 1f23a56a46b8 "drm/malidp: Enable
- bwh> MMU prefetch on Mali-DP650".
-Bugs:
-upstream: released (5.19-rc1) [15342f930ebebcfe36f2415049736a77d7d2e045]
-6.1-upstream-stable: N/A "Fixed before branching point"
-5.10-upstream-stable: released (5.10.173) [a5bbea50d622b8f49ab8ee3b0eb283107febcf1a]
-4.19-upstream-stable: N/A "Vulnerable code not present"
-sid: released (5.19.6-1)
-6.1-bookworm-security: N/A "Fixed before branch point"
-5.10-bullseye-security: released (5.10.178-1)
-4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/active/CVE-2023-31085 b/active/CVE-2023-31085
deleted file mode 100644
index 8251312eb..000000000
--- a/active/CVE-2023-31085
+++ /dev/null
@@ -1,17 +0,0 @@
-Description: divide error in ubi_attach_mtd_dev
-References:
- https://lore.kernel.org/all/CA+UBctD_w=75wChmePZHp7KsBSNPWYGDBtzHPRPPtaFoqhGvXA@mail.gmail.com/
-Notes:
- bwh> I don't think this has security impact, as it requires creating
- bwh> an MTD with a specific erasesize.  Several drivers support that
- bwh> but they all have to be configured through module parameters
- bwh> or the kernel command line.
-Bugs:
-upstream: ignored "Not a security issue"
-6.1-upstream-stable: ignored "Not a security issue"
-5.10-upstream-stable: ignored "Not a security issue"
-4.19-upstream-stable: ignored "Not a security issue"
-sid: ignored "Not a security issue"
-6.1-bookworm-security: ignored "Not a security issue"
-5.10-bullseye-security: ignored "Not a security issue"
-4.19-buster-security: ignored "Not a security issue"