Retire three CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2021-06-19 08:30:23 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-06-19 08:30:23 +0200
commit: bdf5fbb57f82af45b3da620b8c7115da83db34c6 (patch)
tree: 4ff8d50a79cc13d6b96d9115658788f6393a3f36 /retired/CVE-2021-31829
parent: f4295eb10bce00f7e79ecf153e17f55295c941c6 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/retired/CVE-2021-31829 b/retired/CVE-2021-31829
new file mode 100644
index 00000000..e03d0f45
--- /dev/null
+++ b/retired/CVE-2021-31829
@@ -0,0 +1,15 @@
+Description: Linux kernel protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory
+References:
+ https://www.openwall.com/lists/oss-security/2021/05/04/4
+ https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=b9b34ddbe2076ade359cd5ce7537d5ed019e9807
+ https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=801c6058d14a82179a7ee17a4b532cac6fad067f
+Notes:
+ bwh> Introduced by fix for CVE-2019-7308.
+Bugs:
+upstream: released (5.13-rc1) [b9b34ddbe2076ade359cd5ce7537d5ed019e9807, 801c6058d14a82179a7ee17a4b532cac6fad067f]
+5.10-upstream-stable: released (5.10.35) [2cfa537674cd1051a3b8111536d77d0558f33d5d, 2fa15d61e4cbaaa1d1250e67b251ff96952fa614]
+4.19-upstream-stable: released (4.19.190) [0e2dfdc74a7f4036127356d42ea59388f153f42c], released (4.19.193) [bd9df99da9569befff2234b1201ac4e065e363d0]
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.38-1)
+4.19-buster-security: released (4.19.194-1)
+4.9-stretch-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2021-06-19 08:30:23 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-06-19 08:30:23 +0200
commit	bdf5fbb57f82af45b3da620b8c7115da83db34c6 (patch)
tree	4ff8d50a79cc13d6b96d9115658788f6393a3f36 /retired/CVE-2021-31829
parent	f4295eb10bce00f7e79ecf153e17f55295c941c6 (diff)