diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-02-16 20:46:57 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-02-16 20:46:57 +0100 |
commit | 242be483aad6fdd5fac742bd6bb256c10dd4904d (patch) | |
tree | 85bfd253156d3763dc5accb03c666a396fc20b7c /retired/CVE-2021-20239 | |
parent | 025bd9c278c3d0a9e0516cd732881a21625fb5e0 (diff) |
Retire CVE-2021-20239
Diffstat (limited to 'retired/CVE-2021-20239')
-rw-r--r-- | retired/CVE-2021-20239 | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/retired/CVE-2021-20239 b/retired/CVE-2021-20239 new file mode 100644 index 00000000..3b0408b0 --- /dev/null +++ b/retired/CVE-2021-20239 @@ -0,0 +1,20 @@ +Description: Untrusted Pointer Dereference in setsockopt system call +References: + https://bugzilla.redhat.com/show_bug.cgi?id=1923636 + https://www.zerodayinitiative.com/advisories/ZDI-21-100/ + https://gist.github.com/Ga-ryo/2ec958e78f55c5d18558960f3fe1c6ec +Notes: + carnil> In 5.4.y fixed in 5.4.92 with 55bac51762c3 ("net, sctp, filter: + carnil> remap copy_from_user failure error"). For later kernel + carnil> versions: " In case of later kernel versions this issue won't + carnil> work anymore thanks to Christoph Hellwig's work that got rid of + carnil> the various temporary set_fs() address space overrides + carnil> altogether." +Bugs: +upstream: released (5.10-rc1) [f56e65dff6ad52395ef45738799b4fb70ff43376] +5.10-upstream-stable: N/A "Fixed before branching point" +4.19-upstream-stable: N/A "Vulnerable code introduced later" +4.9-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (5.10.4-1) +4.19-buster-security: N/A "Vulnerable code introduced later" +4.9-stretch-security: N/A "Vulnerable code introduced later" |