Retire released/invalid issues

author: Ben Hutchings <ben@decadent.org.uk> 2020-04-20 22:06:11 +0100
committer: Ben Hutchings <ben@decadent.org.uk> 2020-04-20 22:06:18 +0100
commit: 972d6f4a261a04da3f002f48d6fd89c59783f894 (patch)
tree: a6fc4009526233792cbeceddd32a5c34805dc97f /retired/CVE-2020-8835
parent: 5d3ae9fd09f1af75d49d8121da800c5f55762910 (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/retired/CVE-2020-8835 b/retired/CVE-2020-8835
new file mode 100644
index 00000000..4e9d4d6d
--- /dev/null
+++ b/retired/CVE-2020-8835
@@ -0,0 +1,21 @@
+Description:
+References:
+ https://lore.kernel.org/bpf/20200330160324.15259-1-daniel@iogearbox.net/T/
+ https://www.openwall.com/lists/oss-security/2020/03/30/3
+ https://bugzilla.redhat.com/show_bug.cgi?id=1817350
+ https://www.zerodayinitiative.com/advisories/ZDI-20-350/
+Notes:
+ carnil> CRD: Monday, March 30th, 16:00 UTC.
+ carnil> Introduced by commit 581738a681b6 ("bpf: Provide better
+ carnil> register bounds after jmp32 instructions") in 5.5-rc1 and was
+ carnil> backported to 5.4.7.
+ carnil> CVE as well known as ZDI-CAN-10780.
+Bugs:
+upstream: released (5.7-rc1) [f2d67fec0b43edce8c416101cdc52e71145b5fef]
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+3.16-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.5.13-2) [bugfix/all/bpf-Undo-incorrect-__reg_bound_offset32-handling.patch]
+4.19-buster-security: N/A "Vulnerable code introduced later"
+4.9-stretch-security: N/A "Vulnerable code introduced later"
+3.16-jessie-security: N/A "Vulnerable code introduced later"
author	Ben Hutchings <ben@decadent.org.uk>	2020-04-20 22:06:11 +0100
committer	Ben Hutchings <ben@decadent.org.uk>	2020-04-20 22:06:18 +0100
commit	972d6f4a261a04da3f002f48d6fd89c59783f894 (patch)
tree	a6fc4009526233792cbeceddd32a5c34805dc97f /retired/CVE-2020-8835
parent	5d3ae9fd09f1af75d49d8121da800c5f55762910 (diff)