Retire CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2024-02-29 19:44:07 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-02-29 19:44:07 +0100
commit: 14b6c0b24e722ea4281cdd186262b0b943ff8a3b (patch)
tree: ddc9e607d84e214615495e6cf184dcd3765b30ff /retired
parent: 4623b36743bf6c013300f7df620ed4f2494214a1 (diff)
11 files changed, 177 insertions, 0 deletions
diff --git a/retired/CVE-2023-52487 b/retired/CVE-2023-52487
new file mode 100644
index 00000000..ae915003
--- /dev/null
+++ b/retired/CVE-2023-52487
@@ -0,0 +1,16 @@
+Description: net/mlx5e: Fix peer flow lists handling
+References:
+Notes:
+ carnil> Introduced in 9be6c21fdcf8 ("net/mlx5e: Handle offloads flows per peer").
+ carnil> Vulnerable versions: 6.5-rc1.
+Bugs:
+upstream: released (6.8-rc2) [d76fdd31f953ac5046555171620f2562715e9b71]
+6.7-upstream-stable: released (6.7.3) [e24d6f5a7f2d95a98a46257a5a5a5381d572894f]
+6.6-upstream-stable: released (6.6.15) [74cec142f89bf85c6c99c5db957da9f663f9f16f]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52490 b/retired/CVE-2023-52490
new file mode 100644
index 00000000..d183cd64
--- /dev/null
+++ b/retired/CVE-2023-52490
@@ -0,0 +1,16 @@
+Description: mm: migrate: fix getting incorrect page mapping during page migration
+References:
+Notes:
+ carnil> Introduced in 64c8902ed441 ("migrate_pages: split unmap_and_move() to _unmap()
+ carnil> and _move()"). Vulnerable versions: 6.3-rc1.
+Bugs:
+upstream: released (6.8-rc1) [d1adb25df7111de83b64655a80b5a135adbded61]
+6.7-upstream-stable: released (6.7.3) [3889a418b6eb9a1113fb989aaadecf2f64964767]
+6.6-upstream-stable: released (6.6.15) [9128bfbc5c80d8f4874dd0a0424d1f5fb010df1b]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52495 b/retired/CVE-2023-52495
new file mode 100644
index 00000000..b088a3a6
--- /dev/null
+++ b/retired/CVE-2023-52495
@@ -0,0 +1,16 @@
+Description: soc: qcom: pmic_glink_altmode: fix port sanity check
+References:
+Notes:
+ carnil> Introduced in 080b4e24852b ("soc: qcom: pmic_glink: Introduce altmode
+ carnil> support"). Vulnerable versions: 6.3-rc1.
+Bugs:
+upstream: released (6.8-rc1) [c4fb7d2eac9ff9bfc35a2e4d40c7169a332416e0]
+6.7-upstream-stable: released (6.7.3) [d26edf4ee3672cc9828f2a3ffae34086a712574d]
+6.6-upstream-stable: released (6.6.15) [532a5557da6892a6b2d5793052e1bce1f4c9e177]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2023-52496 b/retired/CVE-2023-52496
new file mode 100644
index 00000000..3695ecc7
--- /dev/null
+++ b/retired/CVE-2023-52496
@@ -0,0 +1,16 @@
+Description: mtd: maps: vmu-flash: Fix the (mtd core) switch to ref counters
+References:
+Notes:
+ carnil> Introduced in 19bfa9ebebb5 ("mtd: use refcount to prevent corruption").
+ carnil> Vulnerable versions: 6.6-rc1.
+Bugs:
+upstream: released (6.8-rc1) [a7d84a2e7663bbe12394cc771107e04668ea313a]
+6.7-upstream-stable: released (6.7.3) [1168d6b79d2fafb41299fbc1b528e20644c562a5]
+6.6-upstream-stable: released (6.6.15) [38c12f10990ad6e63ddef2f20c1b066e5e4d34fd]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26608 b/retired/CVE-2024-26608
new file mode 100644
index 00000000..ba08fd3c
--- /dev/null
+++ b/retired/CVE-2024-26608
@@ -0,0 +1,16 @@
+Description: ksmbd: fix global oob in ksmbd_nl_policy
+References:
+Notes:
+ carnil> Introduced in 0626e6641f6b ("cifsd: add server handler for central processing
+ carnil> and tranport layers"). Vulnerable versions: 5.15-rc1.
+Bugs:
+upstream: released (6.8-rc2) [ebeae8adf89d9a82359f6659b1663d09beec2faa]
+6.7-upstream-stable: released (6.7.3) [6993328a4cd62a24df254b587c0796a4a1eecc95]
+6.6-upstream-stable: released (6.6.15) [9863a53100f47652755545c2bd43e14a1855104d]
+6.1-upstream-stable: released (6.1.76) [2c939c74ef0b74e99b92e32edc2a59f9b9ca3d5a]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26611 b/retired/CVE-2024-26611
new file mode 100644
index 00000000..57fc6cb3
--- /dev/null
+++ b/retired/CVE-2024-26611
@@ -0,0 +1,16 @@
+Description: xsk: fix usage of multi-buffer BPF helpers for ZC XDP
+References:
+Notes:
+ carnil> Introduced in 24ea50127ecf ("xsk: support mbuf on ZC RX"). Vulnerable versions:
+ carnil> 6.6-rc1.
+Bugs:
+upstream: released (6.8-rc2) [c5114710c8ce86b8317e9b448f4fd15c711c2a82]
+6.7-upstream-stable: released (6.7.3) [5cd781f7216f980207af09c5e0e1bb1eda284540]
+6.6-upstream-stable: released (6.6.15) [82ee4781b8200e44669a354140d5c6bd966b8768]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26612 b/retired/CVE-2024-26612
new file mode 100644
index 00000000..3c3e8ee8
--- /dev/null
+++ b/retired/CVE-2024-26612
@@ -0,0 +1,16 @@
+Description: netfs, fscache: Prevent Oops in fscache_put_cache()
+References:
+Notes:
+ carnil> Introduced in 9549332df4ed ("fscache: Implement cache registration").
+ carnil> Vulnerable versions: 5.17-rc1.
+Bugs:
+upstream: released (6.8-rc2) [3be0b3ed1d76c6703b9ee482b55f7e01c369cc68]
+6.7-upstream-stable: released (6.7.3) [4200ad3e46ce50f410fdda302745489441bc70f0]
+6.6-upstream-stable: released (6.6.15) [1c45256e599061021e2c848952e50f406457e448]
+6.1-upstream-stable: released (6.1.76) [82a9bc343ba019665d3ddc1d9a180bf0e0390cf3]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26616 b/retired/CVE-2024-26616
new file mode 100644
index 00000000..b22a792d
--- /dev/null
+++ b/retired/CVE-2024-26616
@@ -0,0 +1,17 @@
+Description: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned
+References:
+Notes:
+ carnil> Introduced in
+ carnil> e02ee89baa66 ("btrfs: scrub: switch scrub_simple_mirror() to scrub_stripe
+ carnil> infrastructure"). Vulnerable versions: 6.4-rc1.
+Bugs:
+upstream: released (6.8-rc2) [f546c4282673497a06ecb6190b50ae7f6c85b02f]
+6.7-upstream-stable: released (6.7.3) [34de0f04684ec00c093a0455648be055f0e8e24f]
+6.6-upstream-stable: released (6.6.15) [642b9c520ef2f104277ad1f902f8526edbe087fb]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26617 b/retired/CVE-2024-26617
new file mode 100644
index 00000000..25330b57
--- /dev/null
+++ b/retired/CVE-2024-26617
@@ -0,0 +1,16 @@
+Description: fs/proc/task_mmu: move mmu notification mechanism inside mm lock
+References:
+Notes:
+ carnil> Introduced in 52526ca7fdb9 ("fs/proc/task_mmu: implement IOCTL to get and
+ carnil> optionally clear info about PTEs"). Vulnerable versions: 6.7-rc1.
+Bugs:
+upstream: released (6.8-rc1) [4cccb6221cae6d020270606b9e52b1678fc8b71a]
+6.7-upstream-stable: released (6.7.3) [05509adf297924f51e1493aa86f9fcde1433ed80]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26619 b/retired/CVE-2024-26619
new file mode 100644
index 00000000..7540b1fe
--- /dev/null
+++ b/retired/CVE-2024-26619
@@ -0,0 +1,16 @@
+Description: riscv: Fix module loading free order
+References:
+Notes:
+ carnil> Introduced in d8792a5734b0 ("riscv: Safely remove entries from relocation
+ carnil> list"). Vulnerable versions: 6.7-rc5.
+Bugs:
+upstream: released (6.8-rc1) [78996eee79ebdfe8b6f0e54cb6dcc792d5129291]
+6.7-upstream-stable: released (6.7.3) [2fa79badf4bfeffda6b5032cf62b828486ec9a99]
+6.6-upstream-stable: N/A "Vulnerable code not present"
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: N/A "Vulnerable code not present"
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
diff --git a/retired/CVE-2024-26620 b/retired/CVE-2024-26620
new file mode 100644
index 00000000..fb844bf4
--- /dev/null
+++ b/retired/CVE-2024-26620
@@ -0,0 +1,16 @@
+Description: s390/vfio-ap: always filter entire AP matrix
+References:
+Notes:
+ carnil> Introduced in 48cae940c31d ("s390/vfio-ap: refresh guest's APCB by filtering AP
+ carnil> resources assigned to mdev"). Vulnerable versions: 6.0-rc1.
+Bugs:
+upstream: released (6.8-rc1) [850fb7fa8c684a4c6bf0e4b6978f4ddcc5d43d11]
+6.7-upstream-stable: released (6.7.3) [cdd134d56138302976685e6c7bc4755450b3880e]
+6.6-upstream-stable: released (6.6.15) [c69d821197611678533fb3eb784fc823b921349a]
+6.1-upstream-stable: released (6.1.76) [d6b8d034b576f406af920a7bee81606c027b24c6]
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.6.15-1)
+6.1-bookworm-security: released (6.1.76-1)
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2024-02-29 19:44:07 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-02-29 19:44:07 +0100
commit	14b6c0b24e722ea4281cdd186262b0b943ff8a3b (patch)
tree	ddc9e607d84e214615495e6cf184dcd3765b30ff /retired
parent	4623b36743bf6c013300f7df620ed4f2494214a1 (diff)