Retire some CVEs

1 files changed, 20 insertions, 0 deletions

diff --git a/retired/CVE-2019-19462 b/retired/CVE-2019-19462
new file mode 100644
index 00000000..14fd4745
--- /dev/null
+++ b/retired/CVE-2019-19462
@@ -0,0 +1,20 @@
+Description: relay: handle alloc_percpu returning NULL in relay_open
+References:
+ https://lore.kernel.org/lkml/20191129013745.7168-1-dja@axtens.net/
+ https://syzkaller-ppc64.appspot.com/bug?id=1c09906c83a8ea811a9e318c2a4f8e243becc6f8
+ https://syzkaller-ppc64.appspot.com/bug?id=b05b4d005191cc375cdf848c3d4d980308d50531
+ https://syzkaller.appspot.com/bug?id=e4265490d26d6c01cd9bc79dc915ef0a1bf15046
+ https://syzkaller.appspot.com/bug?id=f4d1cb4330bd3ddf4a628332b4285407b2eedd7b 
+ https://lore.kernel.org/lkml/20191219121256.26480-1-dja@axtens.net/
+Notes:
+ bwh> Introduced in 4.9 (not 4.10) by commit 017c59c042d0 "relay: Use per
+ bwh> CPU constructs for the relay channel buffer pointers".
+Bugs:
+upstream: released (5.8-rc1) [54e200ab40fc14c863bcc80a51e20b7906608fce]
+4.19-upstream-stable: released (4.19.127) [8b5dfa53eeb6c8bba5a035d38f6f8b981aebb622]
+4.9-upstream-stable: released (4.9.227) [d1774b0459875e2bf3e93b86294296e5494fd0b7]
+3.16-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (5.6.14-2) [bugfix/all/kernel-relay.c-handle-alloc_percpu-returning-NULL-in.patch]
+4.19-buster-security: released (4.19.118-2+deb10u1) [bugfix/all/kernel-relay.c-handle-alloc_percpu-returning-NULL-in.patch]
+4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/kernel-relay.c-handle-alloc_percpu-returning-NULL-in.patch]
+3.16-jessie-security: N/A "Vulnerability introduced later"