diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2022-12-14 14:02:17 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2022-12-14 14:02:17 +0100 |
commit | 97db91052b394c5a69910974e0cc3c94cebc1a34 (patch) | |
tree | c89efbdd583292efdd42701ba4574c036c79391e /retired/CVE-2021-33624 | |
parent | 2001746fa4385902f4da27dd2186a6b0a4d7769d (diff) |
retire some issues
Diffstat (limited to 'retired/CVE-2021-33624')
-rw-r--r-- | retired/CVE-2021-33624 | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/retired/CVE-2021-33624 b/retired/CVE-2021-33624 new file mode 100644 index 00000000..3da976cd --- /dev/null +++ b/retired/CVE-2021-33624 @@ -0,0 +1,20 @@ +Description: Linux kernel BPF protection against speculative execution attacks can be bypassed to read arbitrary kernel memory +References: + https://www.openwall.com/lists/oss-security/2021/06/21/1 +Notes: + carnil> 9183671af6db ("bpf: Fix leakage under speculation on + carnil> mispredicted branches") is the main part of the fixes. + carnil> The selftest fixes commit was included in later release as well + carnil> in 5.10.57 but the CVE fixes covered already in 5.10.46. + bwh> I think this can be ignored. Privileged users can generally read + bwh> kernel memory through kprobes/tracepoints. Unprivileged use of + bwh> eBPF is now disabled by default in all Debian suites. +Bugs: +upstream: released (5.13-rc7) [d203b0fd863a2261e5d00b97f3d060c4c2a6db71, fe9a5ca7e370e613a9a75a13008a3845ea759d6e, 9183671af6dbf60a1219371d4ed73e23f43b49db, 973377ffe8148180b2651825b92ae91988141b05] +5.10-upstream-stable: released (5.10.46) [e9d271731d21647f8f9e9a261582cf47b868589a, 8c82c52d1de931532200b447df8b4fc92129cfd9, 5fc6ed1831ca5a30fb0ceefd5e33c7c689e7627b], released (5.10.57) [30ea1c535291e88e41413464277fcf98a95cf8c6] +4.19-upstream-stable: released (4.19.204) [0abc8c9754c953f5cd0ac7488c668ca8d53ffc90, c510c1845f7b54214b4117272e0d87dff8732af6, 5fc6ed1831ca5a30fb0ceefd5e33c7c689e7627b, c15b387769446c37a892f958b169744dabf7ff23] +4.9-upstream-stable: needed +sid: released (5.10.46-1) +5.10-bullseye-security: N/A "Fixed before branching point" +4.19-buster-security: released (4.19.208-1) +4.9-stretch-security: ignored "Too risky to backport, and mitigated by default" |