Retire CVE-2021-20239

1 files changed, 20 insertions, 0 deletions

diff --git a/retired/CVE-2021-20239 b/retired/CVE-2021-20239
new file mode 100644
index 00000000..3b0408b0
--- /dev/null
+++ b/retired/CVE-2021-20239
@@ -0,0 +1,20 @@
+Description: Untrusted Pointer Dereference in setsockopt system call
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1923636
+ https://www.zerodayinitiative.com/advisories/ZDI-21-100/
+ https://gist.github.com/Ga-ryo/2ec958e78f55c5d18558960f3fe1c6ec
+Notes:
+ carnil> In 5.4.y fixed in 5.4.92 with 55bac51762c3 ("net, sctp, filter:
+ carnil> remap copy_from_user failure error"). For later kernel
+ carnil> versions: " In case of later kernel versions this issue won't
+ carnil> work anymore thanks to Christoph Hellwig's work that got rid of
+ carnil> the various temporary set_fs() address space overrides
+ carnil> altogether."
+Bugs:
+upstream: released (5.10-rc1) [f56e65dff6ad52395ef45738799b4fb70ff43376]
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.10.4-1)
+4.19-buster-security: N/A "Vulnerable code introduced later"
+4.9-stretch-security: N/A "Vulnerable code introduced later"