diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-04-14 15:05:59 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-04-14 15:05:59 +0200 |
commit | 2072fe5054b76223ee9605dd2698e137671455f8 (patch) | |
tree | ae85e83e42d577924006bf1a04aaa43573022642 /retired | |
parent | 9abd6cf9515d027e2314e4865c49ec4c08c8265e (diff) |
Retire several CVEs
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2020-36312 | 11 | ||||
-rw-r--r-- | retired/CVE-2021-26934 | 15 | ||||
-rw-r--r-- | retired/CVE-2021-28951 | 11 | ||||
-rw-r--r-- | retired/CVE-2021-28952 | 12 | ||||
-rw-r--r-- | retired/CVE-2021-29266 | 12 | ||||
-rw-r--r-- | retired/CVE-2021-29646 | 13 | ||||
-rw-r--r-- | retired/CVE-2021-29648 | 13 | ||||
-rw-r--r-- | retired/CVE-2021-29649 | 14 | ||||
-rw-r--r-- | retired/CVE-2021-29657 | 13 | ||||
-rw-r--r-- | retired/CVE-2021-30178 | 14 |
10 files changed, 128 insertions, 0 deletions
diff --git a/retired/CVE-2020-36312 b/retired/CVE-2020-36312 new file mode 100644 index 000000000..6639dddff --- /dev/null +++ b/retired/CVE-2020-36312 @@ -0,0 +1,11 @@ +Description: KVM: fix memory leak in kvm_io_bus_unregister_dev() +References: +Notes: +Bugs: +upstream: released (5.9-rc5) [f65886606c2d3b562716de030706dfe1bea4ed5e] +5.10-upstream-stable: N/A "Fixed before branching point" +4.19-upstream-stable: released (4.19.148) [19184bd06f488af62924ff1747614a8cb284ad63] +4.9-upstream-stable: released (4.9.238) [840e124f89a5127e7eb97ebf377f4b8ca745c070] +sid: released (5.8.10-1) +4.19-buster-security: released (4.19.152-1) +4.9-stretch-security: released (4.9.240-1) diff --git a/retired/CVE-2021-26934 b/retired/CVE-2021-26934 new file mode 100644 index 000000000..56a19b63d --- /dev/null +++ b/retired/CVE-2021-26934 @@ -0,0 +1,15 @@ +Description: display frontend "be-alloc" mode is unsupported +References: + https://xenbits.xen.org/xsa/advisory-363.html + https://lore.kernel.org/lkml/20210216124015.28923-1-jgross@suse.com/ +Notes: + carnil> The update only marks the driver as not supported (in src:xen), + carnil> so might be ignored overall. +Bugs: +upstream: ignored "Xen project patched only documentation mostly relevant to Xen project" +5.10-upstream-stable: ignored "Xen project patched only documentation mostly relevant to Xen project" +4.19-upstream-stable: ignored "Xen project patched only documentation mostly relevant to Xen project" +4.9-upstream-stable: N/A "Affected code not present" +sid: ignored "Xen project patched only documentation mostly relevant to Xen project" +4.19-buster-security: ignored "Xen project patched only documentation mostly relevant to Xen project" +4.9-stretch-security: N/A "Affected code not present" diff --git a/retired/CVE-2021-28951 b/retired/CVE-2021-28951 new file mode 100644 index 000000000..cc03f2c92 --- /dev/null +++ b/retired/CVE-2021-28951 @@ -0,0 +1,11 @@ +Description: io_uring: ensure that SQPOLL thread is started for exit +References: +Notes: +Bugs: +upstream: released (5.12-rc2) [3ebba796fa251d042be42b929a2d916ee5c34a49] +5.10-upstream-stable: released (5.10.26) [6cae8095490caae12875300243ec94b39b6a2a78] +4.19-upstream-stable: N/A "Vulnerable code introduced later" +4.9-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (5.10.26-1) +4.19-buster-security: N/A "Vulnerable code introduced later" +4.9-stretch-security: N/A "Vulnerable code introduced later" diff --git a/retired/CVE-2021-28952 b/retired/CVE-2021-28952 new file mode 100644 index 000000000..d5862b353 --- /dev/null +++ b/retired/CVE-2021-28952 @@ -0,0 +1,12 @@ +Description: ASoC: qcom: sdm845: Fix array out of bounds access +References: + https://lore.kernel.org/alsa-devel/20210309142129.14182-2-srinivas.kandagatla@linaro.org/ +Notes: +Bugs: +upstream: released (5.12-rc4) [1c668e1c0a0f74472469cd514f40c9012b324c31] +5.10-upstream-stable: released (5.10.26) [26b08c08a5f3008fe45822d8b163f1516178c42b] +4.19-upstream-stable: N/A "Vulnerable code introduced later" +4.9-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (5.10.26-1) +4.19-buster-security: N/A "Vulnerable code introduced later" +4.9-stretch-security: N/A "Vulnerable code introduced later" diff --git a/retired/CVE-2021-29266 b/retired/CVE-2021-29266 new file mode 100644 index 000000000..02d7681db --- /dev/null +++ b/retired/CVE-2021-29266 @@ -0,0 +1,12 @@ +Description: vhost-vdpa: fix use-after-free of v->config_ctx +References: +Notes: + carnil> vhost-vdpa (Vhost driver for vDPA-based backend) not built. +Bugs: +upstream: released (5.12-rc4) [f6bbf0010ba004f5e90c7aefdebc0ee4bd3283b9 +5.10-upstream-stable: released (5.10.26) [49ca3100fbaf864853c922c8f7a8fe7090a83860] +4.19-upstream-stable: N/A "Vulnerable code introduced later" +4.9-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (5.10.26-1) +4.19-buster-security: N/A "Vulnerable code introduced later" +4.9-stretch-security: N/A "Vulnerable code introduced later" diff --git a/retired/CVE-2021-29646 b/retired/CVE-2021-29646 new file mode 100644 index 000000000..5eb075ce8 --- /dev/null +++ b/retired/CVE-2021-29646 @@ -0,0 +1,13 @@ +Description: tipc: better validate user input in tipc_nl_retrieve_key() +References: +Notes: + carnil> Commit fixes e1f32190cf7d ("tipc: add support for AEAD key + carnil> setting via netlink") in 5.5-rc1. +Bugs: +upstream: released (5.12-rc5) [0217ed2848e8538bcf9172d97ed2eeb4a26041bb] +5.10-upstream-stable: released (5.10.27) [50f41f2e29ff1980f7edfca40bbf81a4336b9feb] +4.19-upstream-stable: N/A "Vulnerable code introduced later" +4.9-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (5.10.28-1) +4.19-buster-security: N/A "Vulnerable code introduced later" +4.9-stretch-security: N/A "Vulnerable code introduced later" diff --git a/retired/CVE-2021-29648 b/retired/CVE-2021-29648 new file mode 100644 index 000000000..fe5f6d6c2 --- /dev/null +++ b/retired/CVE-2021-29648 @@ -0,0 +1,13 @@ +Description: bpf: Dont allow vmlinux BTF to be used in map_create and prog_load +References: +Notes: + carnil> Introduced by 5329722057d4 ("bpf: Assign ID to vmlinux BTF and + carnil> return extra info for BTF in GET_OBJ_INFO") in 5.11-rc1. +Bugs: +upstream: released (5.12-rc5) [350a5c4dd2452ea999cc5e1d4a8dbf12de2f97ef] +5.10-upstream-stable: N/A "Vulnerable code introduced later" +4.19-upstream-stable: N/A "Vulnerable code introduced later" +4.9-upstream-stable: N/A "Vulnerable code introduced later" +sid: N/A "Vulnerable code introduced later" +4.19-buster-security: N/A "Vulnerable code introduced later" +4.9-stretch-security: N/A "Vulnerable code introduced later" diff --git a/retired/CVE-2021-29649 b/retired/CVE-2021-29649 new file mode 100644 index 000000000..2f5ce2dea --- /dev/null +++ b/retired/CVE-2021-29649 @@ -0,0 +1,14 @@ +Description: bpf: Fix umd memory leak in copy_process() +References: +Notes: + carnil> Commit fixes d71fa5c9763c ("bpf: Add kernel module with user + carnil> mode driver that populates bpffs.") introduced in 5.10-rc1 and + carnil> might so not affect earlier versions, need check. +Bugs: +upstream: released (5.12-rc5) [f60a85cad677c4f9bb4cadd764f1d106c38c7cf8] +5.10-upstream-stable: released (5.10.27) [ccd5565feea346697c1d1e8e9cd042218b49c44b] +4.19-upstream-stable: N/A "Vulnerable code introduced later" +4.9-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (5.10.28-1) +4.19-buster-security: N/A "Vulnerable code introduced later" +4.9-stretch-security: N/A "Vulnerable code introduced later" diff --git a/retired/CVE-2021-29657 b/retired/CVE-2021-29657 new file mode 100644 index 000000000..a9803280b --- /dev/null +++ b/retired/CVE-2021-29657 @@ -0,0 +1,13 @@ +Description: KVM: SVM: load control fields from VMCB12 before checking them +References: +Notes: + carnil> Commit fixes 2fcf4876ada ("KVM: nSVM: implement on demand + carnil> allocation of the nested state") in 5.10-rc1. +Bugs: +upstream: released (5.12-rc6) [a58d9166a756a0f4a6618e4f593232593d6df134] +5.10-upstream-stable: released (5.10.28) [5f6625f5cd5c593fae05a6ce22b406166bc796b8] +4.19-upstream-stable: N/A "Vulnerable code introduced later" +4.9-upstream-stable: N/A "Vulnerable code introduced later" +sid: released (5.10.28-1) +4.19-buster-security: N/A "Vulnerable code introduced later" +4.9-stretch-security: N/A "Vulnerable code introduced later" diff --git a/retired/CVE-2021-30178 b/retired/CVE-2021-30178 new file mode 100644 index 000000000..2d5f70ba7 --- /dev/null +++ b/retired/CVE-2021-30178 @@ -0,0 +1,14 @@ +Description: KVM: x86: hyper-v: Fix Hyper-V context null-ptr-deref +References: + https://bugzilla.redhat.com/show_bug.cgi?id=1947139#c4 +Notes: + carnil> Possibly only an issue after 8f014550dfb1 ("KVM: x86: hyper-v: + carnil> Make Hyper-V emulation enablement conditional") in 5.12-rc1. +Bugs: +upstream: released (5.12-rc2) [919f4ebc598701670e80e31573a58f1f2d2bf918] +5.10-upstream-stable: N/A "Vulnerable code introduced later" +4.19-upstream-stable: N/A "Vulnerable code introduced later" +4.9-upstream-stable: N/A "Vulnerable code introduced later" +sid: N/A "Vulnerable code introduced later" +4.19-buster-security: N/A "Vulnerable code introduced later" +4.9-stretch-security: N/A "Vulnerable code introduced later" |