retire multiple issues

1 files changed, 21 insertions, 0 deletions

diff --git a/retired/CVE-2022-20166 b/retired/CVE-2022-20166
new file mode 100644
index 00000000..3c96d5de
--- /dev/null
+++ b/retired/CVE-2022-20166
@@ -0,0 +1,21 @@
+Description: drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+References:
+ https://source.android.com/security/bulletin/pixel/2022-06-01
+ https://android.googlesource.com/kernel/common/+/37c7c8d4f0856ca30c2583adead91f42711f9c2f%5E%21/
+Notes:
+ bwh> Based on the Android backport of this, the specific case where a
+ bwh> buffer overflow was possible must be in the name attribute of a
+ bwh> wakeup_source.  This code was introduced in 5.4 by commit
+ bwh> c8377adfa781 "PM / wakeup: Show wakeup sources stats in sysfs".
+ bwh> If wakelocks are enabled (CONFIG_PM_WAKELOCKS=y) then user-space
+ bwh> can create a wakeup_source with an arbitrary name.  However, we
+ bwh> never enabled this.
+Bugs:
+upstream: released (5.10-rc1) [aa838896d87af561a33ecefea1caa4c15a68bc47]
+5.10-upstream-stable: N/A "Fixed before branching point"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.10.4-1)
+5.10-bullseye-security: N/A "Fixed before branching point"
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"