diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2022-12-14 17:04:21 +0100 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2022-12-14 17:04:21 +0100 |
| commit | 22bdf8e6c8ade20718e77f8a7361482a4072d612 (patch) | |
| tree | 38cb63d7f2449f16db8f27d2cd31d72333a26a51 /retired/CVE-2022-2308 | |
| parent | b9a091d612e318a061371b5526c604ab0706eba3 (diff) | |
retire issues
Diffstat (limited to 'retired/CVE-2022-2308')
| -rw-r--r-- | retired/CVE-2022-2308 | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/retired/CVE-2022-2308 b/retired/CVE-2022-2308 new file mode 100644 index 00000000..b6b20c4c --- /dev/null +++ b/retired/CVE-2022-2308 @@ -0,0 +1,21 @@ +Description: undefined behavior or data leak in Virtio drivers with VDUSE +References: + https://bugzilla.redhat.com/show_bug.cgi?id=2103900 + https://bugzilla.suse.com/show_bug.cgi?id=1202573#c2 + https://lore.kernel.org/stable/20220829073424.5677-1-maxime.coquelin@redhat.com/ + https://lore.kernel.org/stable/20220831154923.97809-1-maxime.coquelin@redhat.com/ +Notes: + carnil> Asked in the Bugzilla if more information is available. SuSE + carnil> maintainer thinks that the fix is not yet upstream as per + carnil> https://bugzilla.suse.com/show_bug.cgi?id=1202573#c2. + carnil> https://bugzilla.redhat.com/show_bug.cgi?id=2103900#c4 confirms + carnil> it has not yet been upstream'ed by 2022-08-22. + carnil> A patch for review is posted upstream (v3 in above references) + carnil> For 5.19.y fixed as well in 5.19.14. +Bugs: +upstream: released (6.0) [46f8a29272e51b6df7393d58fc5cb8967397ef2b] +5.10-upstream-stable: N/A "Vulnerable code introduced later" +4.19-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (6.0.2-1) +5.10-bullseye-security: N/A "Vulnerable code introduced later" +4.19-buster-security: N/A "Vulnerable code introduced later" |