retire multiple issues

1 files changed, 21 insertions, 0 deletions

diff --git a/retired/CVE-2022-2153 b/retired/CVE-2022-2153
new file mode 100644
index 00000000..bace9fbb
--- /dev/null
+++ b/retired/CVE-2022-2153
@@ -0,0 +1,21 @@
+Description: KVM: NULL pointer dereference in kvm_irq_delivery_to_apic_fast()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2069736
+ https://www.openwall.com/lists/oss-security/2022/06/22/1
+Notes:
+ carnil> Fixed as well in 5.16.19 for 5.16.y and 5.17.2 for 5.17.y. The
+ carnil> last commit of the series was as well backported to 5.10.110,
+ carnil> 4.19.238 and 4.9.311.
+ carnil> According to the oss-security reference the main fix seems to
+ carnil> be pin-pointed at 00b5f37189d2 ("KVM: x86: Avoid theoretical
+ carnil> NULL pointer dereference in kvm_irq_delivery_to_apic_fast()")
+ carnil> which would not yet be included in 5.10.y and older.
+Bugs:
+upstream: released (5.18-rc1) [7ec37d1cbe17d8189d9562178d8b29167fe1c31a, 00b5f37189d24ac3ed46cb7f11742094778c46ce, b1e34d325397a33d97d845e312d7cf2a8b646b44]
+5.10-upstream-stable: released (5.10.110) [09c771c45c1243e295470225aaee726693fdc242]
+4.19-upstream-stable: released (4.19.238) [2f4835b5188f3b73b2b048a761ae2553e845b027]
+4.9-upstream-stable: released (4.9.311) [95d51d058680766130098287f680474bc55f1679]
+sid: released (5.17.3-1)
+5.10-bullseye-security: released (5.10.113-1)
+4.19-buster-security: released (4.19.249-1)
+4.9-stretch-security: released (4.9.320-2)