Retire some CVEs

1 files changed, 18 insertions, 0 deletions

diff --git a/retired/CVE-2023-2176 b/retired/CVE-2023-2176
new file mode 100644
index 00000000..8475aa33
--- /dev/null
+++ b/retired/CVE-2023-2176
@@ -0,0 +1,18 @@
+Description: cma: IP tree/list corruption triggered by rebinding
+References:
+ https://lkml.org/lkml/2022/12/9/178
+ https://www.spinics.net/lists/linux-rdma/msg114749.html
+ https://patchwork.kernel.org/project/linux-rdma/patch/3d0e9a2fd62bc10ba02fed1c7c48a48638952320.1672819273.git.leonro@nvidia.com/
+Notes:
+ bwh> Appears to have been introduced in 6.0 by commit fc008bdbf1cd
+ bwh> "RDMA/core: Add an rb_tree that stores cm_ids sorted by ifindex
+ bwh> and remote IP".
+Bugs:
+upstream: released (6.3-rc1) [8d037973d48c026224ab285e6a06985ccac6f7bf]
+6.1-upstream-stable: released (6.1.81) [88067197e97af3fcb104dd86030f788ec1b32fdb]
+5.10-upstream-stable: N/A "Vulnerability introduced later"
+4.19-upstream-stable: N/A "Vulnerability introduced later"
+sid: released (6.3.7-1)
+6.1-bookworm-security: released (6.1.82-1)
+5.10-bullseye-security: N/A "Vulnerability introduced later"
+4.19-buster-security: N/A "Vulnerability introduced later"