Retire some CVEs fixed everywhere

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5025 e094ebfe-e918-0410-adfb-c712417f3574
author: Salvatore Bonaccorso <carnil@debian.org> 2017-02-27 07:34:54 +0000
committer: Salvatore Bonaccorso <carnil@debian.org> 2017-02-27 07:34:54 +0000
commit: 168752cc6fc4e21854fc4fa450139ed872c81f6d (patch)
tree: 4a4358d5f07316d5aaa10afed6380cb026940e56 /retired/CVE-2017-2584
parent: 79e0fa160a992e5f828209260a0cb6d506251c3f (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/retired/CVE-2017-2584 b/retired/CVE-2017-2584
new file mode 100644
index 00000000..414b5615
--- /dev/null
+++ b/retired/CVE-2017-2584
@@ -0,0 +1,16 @@
+Description: kvm: use after free in complete_emulated_mmio
+References:
+ https://www.spinics.net/lists/kvm/msg143571.html
+Notes:
+ carnil> Introduced in 3.6-rc1 with 96051572c819194c37a8367624b285be10297eca,
+ carnil> but after 4.10-rc1 with 283c95d0e3891b64087706b344a4b545d04a6e62
+ carnil> also exploitable for kernel memory write.
+Bugs:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1413001
+upstream: released (4.10-rc4) [129a72a0d3c8e139a04512325384fe5ac119e74d]
+4.9-upstream-stable: released (4.9.5) [736e77c07fba8b49cead504b885a82ce52c0ff10]
+3.16-upstream-stable: released (3.16.41) [kvm-x86-introduce-segmented_write_std.patch]
+3.2-upstream-stable: N/A "Vulnerable code introduced in 3.6-rc1 with 96051572c819194c37a8367624b285be10297eca"
+sid: released (4.9.6-1)
+3.16-jessie-security: released (3.16.39-1+deb8u1) [bugfix/x86/kvm-x86-introduce-segmented_write_std.patch]
+3.2-wheezy-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2017-02-27 07:34:54 +0000
committer	Salvatore Bonaccorso <carnil@debian.org>	2017-02-27 07:34:54 +0000
commit	168752cc6fc4e21854fc4fa450139ed872c81f6d (patch)
tree	4a4358d5f07316d5aaa10afed6380cb026940e56 /retired/CVE-2017-2584
parent	79e0fa160a992e5f828209260a0cb6d506251c3f (diff)