Retire inactive issues

1 files changed, 23 insertions, 0 deletions

diff --git a/retired/CVE-2019-19927 b/retired/CVE-2019-19927
new file mode 100644
index 00000000..83dfc784
--- /dev/null
+++ b/retired/CVE-2019-19927
@@ -0,0 +1,23 @@
+Description: drm/ttm: Out-of-bounds access in THP handling in ttm_put_pages()
+References:
+ https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19927
+ https://github.com/torvalds/linux/commit/453393369dc9806d2455151e329c599684762428
+ https://github.com/torvalds/linux/commit/a66477b0efe511d98dde3e4aaeb189790e6f0a39
+ https://github.com/torvalds/linux/commit/ac1e516d5a4c56bf0cb4a3dfc0672f689131cfd4
+Notes:
+ carnil> One of the commits, a66477b0efe5 ("drm/ttm: fix out-of-bounds
+ carnil> read in ttm_put_pages() v2") was as well backported to 4.19.37.
+ carnil> What is relevant to the supported branches to be backported?
+ carnil> All three commits need to be applied, cf.
+ carnil> https://lore.kernel.org/stable/20200116064439.GA62849@google.com/
+ bwh> This is related to THP (transparent huge page) support which was
+ bwh> added in 4.15.
+Bugs:
+upstream: released (5.1-rc6) [453393369dc9806d2455151e329c599684762428, a66477b0efe511d98dde3e4aaeb189790e6f0a39, ac1e516d5a4c56bf0cb4a3dfc0672f689131cfd4]
+4.19-upstream-stable: released (4.19.97) [8c2cdfb2c81bb533b9e6a3874ee5399102c4c580, 96800ba9e565ab752774cd88328f96aed28a1436, 83a88fb92950ef34b9924c39ff7554ae92c9af69]
+4.9-upstream-stable: N/A "Vulnerable code not present"
+3.16-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.2.6-1)
+4.19-buster-security: released (4.19.98-1)
+4.9-stretch-security: N/A "Vulnerable code not present"
+3.16-jessie-security: N/A "Vulnerable code not present"