Retire some CVEs

1 files changed, 25 insertions, 0 deletions

diff --git a/retired/CVE-2021-39802 b/retired/CVE-2021-39802
new file mode 100644
index 00000000..643a5eb5
--- /dev/null
+++ b/retired/CVE-2021-39802
@@ -0,0 +1,25 @@
+Description: ANDROID: mm: Incorrect page permission management
+References:
+ https://source.android.com/security/bulletin/2022-04-01
+ https://android.googlesource.com/kernel/common/+/ac4488815518c
+ https://android.googlesource.com/kernel/common/+/b44e46bb047d1
+ https://android.googlesource.com/kernel/common/+/67d075d23a8bc
+ https://android.googlesource.com/kernel/common/+/6f9aba5a20b84
+ https://bugzilla.suse.com/show_bug.cgi?id=1198445
+ https://lore.kernel.org/all/CAHk-=wj4KCujAH_oPh40Bkp48amM4MXr+8AcbZ=qd5LF4Q+TDg@mail.gmail.com/#t
+Notes:
+ carnil> Unclear if this is Android specific. If so we might just drop
+ carnil> this entry.
+ carnil> this is probably not an issue in mainline, the propblematic
+ carnil> patch introducing the vulnerability was not merged in Linus
+ carnil> tree, cf. https://lore.kernel.org/all/CAHk-=wj4KCujAH_oPh40Bkp48amM4MXr+8AcbZ=qd5LF4Q+TDg@mail.gmail.com/#t
+ bwh> This is indeed Android-specific.
+Bugs:
+upstream: N/A "Vulnerability never present"
+5.10-upstream-stable: N/A "Vulnerability never present"
+4.19-upstream-stable: N/A "Vulnerability never present"
+4.9-upstream-stable: N/A "Vulnerability never present"
+sid: N/A "Vulnerability never present"
+5.10-bullseye-security: N/A "Vulnerability never present"
+4.19-buster-security: N/A "Vulnerability never present"
+4.9-stretch-security: N/A "Vulnerability never present"