diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-06-07 22:44:23 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-06-07 22:44:23 +0200 |
commit | f02934ebe558d3c197c70ae79e83afecb27373b5 (patch) | |
tree | 30bf930185533151c00597102b87639b5723334e /retired/CVE-2021-33200 | |
parent | 30576def76dc7c0306b5af9a204a79132f63255a (diff) |
Retire some CVEs
Diffstat (limited to 'retired/CVE-2021-33200')
-rw-r--r-- | retired/CVE-2021-33200 | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/retired/CVE-2021-33200 b/retired/CVE-2021-33200 new file mode 100644 index 00000000..5bad91b9 --- /dev/null +++ b/retired/CVE-2021-33200 @@ -0,0 +1,22 @@ +Description: enforcing incorrect limits for pointer arithmetic operations by BPF verifier can be abused to perform out-of-bounds reads and writes in kernel memory +References: + https://www.openwall.com/lists/oss-security/2021/05/27/1 + https://lore.kernel.org/stable/20210528103810.22025-1-ovidiu.panait@windriver.com/ +Notes: + carnil> Introduced by 7fedb63a8307 ("bpf: Tighten speculative pointer + carnil> arithmetic mask") in 5.12-rc8 (and backported to 5.11.17, + carnil> 5.10.33, 5.4.116). Note though that 7fedb63a8307 is part of the + carnil> fixes needed to address CVE-2021-29155 which introduces the + carnil> buggy computation. + carnil> Those commits were included in 4.19.193 with the fixes for + carnil> CVE-2021-29155 and so not introducing CVE-2021-33200 in any of + carnil> the released v4.19.y versions. Thus keeping the entry here as + carnil> "N/A". +Bugs: +upstream: released (5.13-rc4) [3d0220f6861d713213b015b582e9f21e5b28d2e0, bb01a1bba579b4b1c5566af24d95f1767859771e, a7036191277f9fa68d92f2071ddc38c09b1e5ee5] +5.10-upstream-stable: released (5.10.41) [4e2c7b297431457663a90d4186e666b61d5da86c, c87ef240a8bbbda5913fac1e84209d224c1aaf50, 27acfd11ba179b746f55077edf9750f8f7cb1cb6] +4.19-upstream-stable: N/A "Vulnerable code introduced later" +4.9-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (5.10.40-1) [bugfix/all/bpf-wrap-aux-data-inside-bpf_sanitize_info-container.patch, bugfix/all/bpf-fix-mask-direction-swap-upon-off-reg-sign-change.patch, bugfix/all/bpf-no-need-to-simulate-speculative-domain-for-immediates.patch] +4.19-buster-security: N/A "Vulnerable code introduced later" +4.9-stretch-security: N/A "Vulnerable code introduced later" |