Retire CVE-2022-20568

author: Salvatore Bonaccorso <carnil@debian.org> 2022-12-05 22:50:22 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-12-05 22:50:22 +0100
commit: 56bb413b3bd181f63aec9a9de5b58b2304e1631f (patch)
tree: 8ba200b8a16e1da9c37b5c4b193333f723890e96 /retired/CVE-2022-20568
parent: e0561d3912249f9a1cf33dcd35e63ebc2e9cbbe4 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/retired/CVE-2022-20568 b/retired/CVE-2022-20568
new file mode 100644
index 00000000..f7b0cf75
--- /dev/null
+++ b/retired/CVE-2022-20568
@@ -0,0 +1,16 @@
+Description: io_uring: always grab file table for deferred statx
+References:
+ https://source.android.com/docs/security/bulletin/pixel/2022-12-01
+ https://android.googlesource.com/kernel/common/+/bc80ea8a4296c4d75f7e3e27b65718cae09f20f1
+Notes:
+ carnil> This issues doesn't exist upstream since the native workers got
+ carnil> introduced with 5.12, consider the issues as fixed with
+ carnil> 5695e5161974 ("Merge tag 'io_uring-worker.v3-2021-02-25' of git://git.kernel.dk/linux-
+ carnil> block").
+Bugs:
+upstream: released (5.12-rc1) [5695e51619745d4fe3ec2506a2f0cd982c5e27a4]
+5.10-upstream-stable: released (5.10.118) [3c48558be571e01f67e65edcf03193484eeb2b79]
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.120-1)
+4.19-buster-security: N/A "Vulnerable code introduced later"
author	Salvatore Bonaccorso <carnil@debian.org>	2022-12-05 22:50:22 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-12-05 22:50:22 +0100
commit	56bb413b3bd181f63aec9a9de5b58b2304e1631f (patch)
tree	8ba200b8a16e1da9c37b5c4b193333f723890e96 /retired/CVE-2022-20568
parent	e0561d3912249f9a1cf33dcd35e63ebc2e9cbbe4 (diff)