Retire some CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2021-09-25 10:04:53 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-09-25 10:04:53 +0200
commit: 1551e196a8e81a3b331ab17423d27d631d1cb851 (patch)
tree: ce9f0833c4a00170114a8c4d0c354765d8338fae /retired/CVE-2021-38166
parent: eec038484cae567fc5d43f9502072a555ac272cd (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/retired/CVE-2021-38166 b/retired/CVE-2021-38166
new file mode 100644
index 00000000..6fea1d37
--- /dev/null
+++ b/retired/CVE-2021-38166
@@ -0,0 +1,16 @@
+Description: bpf: Fix integer overflow involving bucket_size
+References:
+ https://lore.kernel.org/bpf/20210806150419.109658-1-th.yasumatsu@gmail.com/
+ https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=c4eb1f403243fc7bbb7de644db8587c03de36da6
+Notes:
+ carnil> Commit fixes 057996380a42 ("bpf: Add batch ops to all htab bpf
+ carnil> map") which is in 5.6-rc1.
+Bugs:
+upstream: released (5.14-rc6) [c4eb1f403243fc7bbb7de644db8587c03de36da6]
+5.10-upstream-stable: released (5.10.60) [e95620c3bdff83bdb15484e6ea7cc47af36fbc6d]
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.46-5) [bugfix/all/bpf-Fix-integer-overflow-involving-bucket_size.patch]
+4.19-buster-security: N/A "Vulnerable code introduced later"
+4.9-stretch-security: N/A "Vulnerable code introduced later"
author	Salvatore Bonaccorso <carnil@debian.org>	2021-09-25 10:04:53 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-09-25 10:04:53 +0200
commit	1551e196a8e81a3b331ab17423d27d631d1cb851 (patch)
tree	ce9f0833c4a00170114a8c4d0c354765d8338fae /retired/CVE-2021-38166
parent	eec038484cae567fc5d43f9502072a555ac272cd (diff)