Retire inactive issues

author: Ben Hutchings <ben@decadent.org.uk> 2023-05-02 17:56:32 +0200
committer: Ben Hutchings <ben@decadent.org.uk> 2023-05-02 17:56:32 +0200
commit: 5b909cfb43487fe7697c63635fcf66781ec68041 (patch)
tree: 3bf21959a8d59aff1a04191d8c1e02a5c36efc4f /retired/CVE-2023-0461
parent: bd79e1240c4d5dedfe164c0f564d2514a9d6f765 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/retired/CVE-2023-0461 b/retired/CVE-2023-0461
new file mode 100644
index 00000000..30550f71
--- /dev/null
+++ b/retired/CVE-2023-0461
@@ -0,0 +1,17 @@
+Description: net/ulp: prevent ULP without clone op from entering the LISTEN status
+References:
+ https://ubuntu.com/security/CVE-2023-0461
+ https://kernel.dance/#2c02d41d71f90a5168391b6a5f2954112ba2307c
+Notes:
+ carnil> To reach the vulnerability it is said that the kernel needs to
+ carnil> be configured with CONFIG_TLS or CONFIG_XFRM_ESPINTCP. While
+ carnil> code present the issue should not be exploitable for privilege
+ carnil> escalation in bullseye and earlier.
+Bugs:
+upstream: released (6.2-rc3) [2c02d41d71f90a5168391b6a5f2954112ba2307c]
+6.1-upstream-stable: released (6.1.5) [7d242f4a0c8319821548c7176c09a6e0e71f223c]
+5.10-upstream-stable: released (5.10.163) [f8ed0a93b5d576bbaf01639ad816473bdfd1dcb0]
+4.19-upstream-stable: released (4.19.270) [755193f2523ce5157c2f844a4b6d16b95593f830]
+sid: released (6.1.7-1)
+5.10-bullseye-security: released (5.10.178-1)
+4.19-buster-security: released (4.19.282-1)
author	Ben Hutchings <ben@decadent.org.uk>	2023-05-02 17:56:32 +0200
committer	Ben Hutchings <ben@decadent.org.uk>	2023-05-02 17:56:32 +0200
commit	5b909cfb43487fe7697c63635fcf66781ec68041 (patch)
tree	3bf21959a8d59aff1a04191d8c1e02a5c36efc4f /retired/CVE-2023-0461
parent	bd79e1240c4d5dedfe164c0f564d2514a9d6f765 (diff)